Re: Follow up on Port 5000 - and another Q. or two...

From: tracker (killianwaleeya@yahoo.com)
Date: 01/31/02 

From: killianwaleeya@yahoo.com (tracker)
Date: 31 Jan 2002 12:52:17 -0800

Check out the posts here locating a Trojan Horse on your computer.
You will need to do a format on your hard drive, make sure all your
cd-roms, floppies are virus free because these malicious hackers
install either virus's or trojans on your media. If your disks are
not un-infested, you will be in the same boat.
There is more to this to fix your problem, but time is not on my side.

"Stark Suggs" <starksuggs@charter.net> wrote in message news:<a4d638c6868b79915cd24ebdd6181805.65307@mygate.mailgate.org>...
> Again thanks to all for their reply to my post yesterday which was:
> I am not very happy. Yes, my mouse has been moving around on its own.
> I've been running Sygate's new ver 5.0 w/ xp. I began to get the
> feeling something was wrong, so I did a test on the firewall, and the
> following came up several times: Trojan 5000 OPEN Bubbel, Back Door
> Setup, Sockets de Troie. Got the net bios thing (137), and just enough
> frustration to really tick me off. I've gone through my list of apps
> running, and basically shut them all down. But, it still works. What I
> wonder is if some of those"apps" are not apps at all. msdtc.exe (listed
> a a console program) seems to be able to allow itself to become active
> again, once I have blocked it, and removed it several times. None of
> the other apps do this.
>
> How do you know which apps, which ports? I've done the typical
> backtrace, but got no real concrete information.
>
> -------------------------
> Now, I ran Tauscan 1.6 once and again with updates and it all came up
> clean. The strange thing is since having sygate 50 running, there is a
> continuing block of something....at nearly 80% of the time. When I go
> and do a backtrace...whois etc... it comes up as my isp-charter. This
> has been going on for over 24 hours now...weird. Service is nice and
> fast w/o any problems. Two other strange files, one is blocked and
> seems to be under control....WkDetect.exe, ntoskrnl.exe, svchost.exe,
> lsass.exe. I run nav 2002 - updated. Oddly enough, while I was reading
> a document tonight, there was a block going out. I looked at it, and it
> was....wmiprvse.exe I got a list of apps about 15 or so in number with
> just a few running-only what is necessary - as previously suggested. I
> might get the other Trojan program and run it as well.
>
> I hope everyone has a great evening. Take care,
>
> SS
>
> You folks are a wealth of knowledge, and again I very much appreciate
> your help.
>
> SS

Relevant Pages

  • Re: iexplore.exe
    ... > has happened in other apps as well. ... Well, as you pointed out, iexplore.exe is Internet Explorer. ... I did find this one page about multiple instances of ... which mentions a few trojan names: ...
    (microsoft.public.windowsxp.general)
  • Re: programming hidden folders/files
    ... folders by anti-spyware apps; as for the 3rd party "hide" apps, ... to hide folders, as are the virus writers - the q is where are the OS docs ... why would you need a third party program to ... As for a Trojan, many spyware and Anti-Virus ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Theres no reason to forget (or remember) most passwords!
    ... > I donnt fully trust those freeware(how about it contain a Trojan ... An unfounded fear in most cases. ... I tried various similar apps and found it the cleanest and ...
    (microsoft.public.security)
  • Re: Does those antivirus software detect trojan?
    ... > or they only detect virus and common trojan? ... AV apps detect trojans, viruses and worms. ...
    (microsoft.public.security)
  • Re: Hijacked by AntiVirus Gold
    ... i read all these posts and was having to same problem with that darn ... Webroot Spy Sweeper. ... antivirus gold as a trojan. ... Badabang ...
    (microsoft.public.windowsxp.help_and_support)