Re: What runs on port 2500

From: --Mike (mjsuhm_at_zzexecpc.com)
Date: 09/22/04

• Next message: Destined: "Re: Best AV prog for XP = KAV 5 right?"
• Previous message: Stefano: "Re: What is the 'dcrserv.exe' loaded by Drivecrypt?"
• In reply to:(deleted message) Leythos: "Re: What runs on port 2500"
• Next in thread: Leythos: "Re: What runs on port 2500"
• Reply:(deleted message) Leythos: "Re: What runs on port 2500"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 22 Sep 2004 07:58:43 GMT

"Leythos" <void@nowhere.org> wrote in message
news:MPG.1bba845e9eb5730f98970d@news-server.columbus.rr.com...
> In article <Xns956BB99B6E6BEnotmenotmecom@216.148.227.77>,

[snip]

>
> because this is a house full of individuals that own their own computers
> - Sorority. We were hired to clean them before going on the network and
> they all appeared clean (removed over 3000 viruses and more than 8000
> spyware items using SBS&D). Since we don't actually manage the machines,
> we can only monitor the logs (even in real time) to see what's happening
> and in the event of a outbreak we can isolate the user/machine and then
> go fix it. The problem is that I've never seen anything, in all our
> experience, the connects to remote port 2500 using a Windows machine.
>
> --

You used Spybot S&D to clean the malware. Did you happen to also try
Ad-Aware? There is about 20% non-overlap between these 2 programs. Also,
did you make sure to empty *ALL* temp folders? Expecially on the XP
machines:
C:\Windows\[each user name]\Local Settings\Temp
and
C:\Windows\[each user name]\Local Settings\Temporary Internet Files
An awful lot of the current crop of malware puts setup files and/or folders
in these Temp directories, that, after a couple of days, reinstalls itself
onto the machine.

--Mike

---

• Next message: Destined: "Re: Best AV prog for XP = KAV 5 right?"
• Previous message: Stefano: "Re: What is the 'dcrserv.exe' loaded by Drivecrypt?"
• In reply to:(deleted message) Leythos: "Re: What runs on port 2500"
• Next in thread: Leythos: "Re: What runs on port 2500"
• Reply:(deleted message) Leythos: "Re: What runs on port 2500"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: What runs on port 2500 ... Since we don't actually manage the machines, ... You used Spybot S&D to clean the malware. ... did you make sure to empty *ALL* temp folders? ... An awful lot of the current crop of malware puts setup files and/or folders ... (comp.security.firewalls) Re: HijackThis Log Help ... almost always suggest a reformat even if it took me seconds to discover ... I try and clean it up. ... All my clients are SBS 2003 Premium, ... lots of clients and lots of machines to look after. ... (microsoft.public.windows.server.sbs) Pins for Sale near Chicago ... All machines working 100%, Tech has gone through all machines. ... clean machines. ... near perfect cabinet except lockdown bar ... Lord of the Rings, Cabinet and playfield excellent condition, Very ... (rec.games.pinball) Re: Adware and Spyware wont go away ... both computer have Norton Antivirus ... > recent versions of SpyHunter for Spyware, and, and Webroot's ... Install Ad-aware and Spybot on both machines. ... to the lan until both machines are clean. ... (microsoft.public.security.virus) Re: HijackThis Log Help ... The point is that if we teach people that we can mostly clean their ... machines, that it's good enough, and they don't feel the "pain", not ... Calling an illegal alien an "undocumented worker" is like calling a ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2004-09