Re: Deep Throat
From: ALICE (anonymous_at_discussions.microsoft.com)
Date: 07/31/04
- Next message: Lil' Dave: "Re: NAV General Question"
- Previous message: Greg: "Backdoor.agent.ba"
- In reply to: Bruce Chambers: "Re: Deep Throat"
- Next in thread: Haus: "Re: Deep Throat"
- Reply: Haus: "Re: Deep Throat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 16:26:51 -0700
It seems my initial post picked up a few more posts from
other people asking questions. I thought each question had
to be on a seperate 'thread.'
I was wondering if the Deep Throat Horse and SubSeven
Trojan Horse are fairly common? My husband and I seem to
have gotten one or the other a few times in past few weeks
on both of our notebooks. Norton Firewall 2004 keeps
blocking them but I wonder how they keep appearing?
We did A2 Trojan scan online and got the following results
and wonder if the two OPEN ports could be cause?? We don't
know as we are senior citizens and not too familiar with
computers, etc. (We have Norton AntiVirus2004 (updated and
scan every other day) and Norton Firewall 2004 and
AdAware. Any help appreciated. Thank you.
==
You computer is scanned for open ports now.
5000: open!
6711: closed
4711: closed
2140: closed
5001: closed
456: closed
12346: closed
6000: closed
6666: closed
8080: closed
443: closed
2115: closed
9999: closed
20034: closed
8989: closed
11000: closed
666: closed
6667: closed
421: closed
2583: closed
170: closed
4000: closed
2080: closed
1047: closed
9000: closed
12345: closed
2002: closed
2001: closed
389: closed
143: closed
1100: closed
146: closed
1033: closed
1099: closed
4444: closed
1090: closed
133: closed
3000: closed
1243: closed
1080: closed
1081: closed
123: closed
119: closed
118: closed
113: closed
111: closed
110: closed
54321: closed
54320: closed
99: closed
1050: closed
2005: closed
2004: closed
2003: closed
1524: closed
1045: closed
1025: open!
80: closed
79: closed
1034: closed
555: closed
121: closed
1029: closed
2000: closed
1024: closed
2023: closed
59: closed
58: closed
53: closed
2208: closed
50: closed
48: closed
999: closed
1000: closed
41: closed
1234: closed
37: closed
514: closed
27374: closed
31: closed
1042: closed
6767: closed
25: closed
23: closed
315: closed
40421: closed
3129: closed
3128: closed
31337: closed
22: closed
13: closed
7000: closed
7: closed
5742: closed
2: closed
21: closed
19: closed
17: closed
445: closed
139: closed
135: closed
The following ports were identified as open on your PC:
Port 1025
These programs or services use this port by default:
Windows RPC, Scheduled Tasks
These Trojans or Malware files use this port by default:
NetSpy, Maverick's Matrix, RemoteStorm
Port 5000
These programs or services use this port by default:
Windows ME, XP and 2003 Network Plug & Play
These Trojans or Malware files use this port by default:
Bubbel, Back Door Setup, Blazer 5, Socket 23, Sockets de
Troie
Exploit-Test:
Your browser will be checked for installed ActiveX
components of Dialers, etc. now.
IEAccess2 not found.
BCVoicePlugin not found.
TSCPlugin not found.
MoneyTreeDialer not found.
D9Dialer not found.
CABDialer not found.
SunInfoConnect.snConnect not found.
eConnect.eConn not found.
VLoading not found.
WebInstall not found.
Uloader not found.
ActiveInstall not found.
ActiveXDownload not found.
NTools.ActiveInstaller not found.
MaConnect not found.
xDiver not found.
WebPlugin_Class not found.
WebUpdate not found.
WSD not found.
IELoader not found.
Acceler8or not found.
No harmful ActiveX components were detected. This test can
only be completed with VBScript activated.
Browser-Check:
Your browser configuration will be checked for risks now.
Visual Basic Script (VBScript) Test: VBScript is activated!
VBScript is not activated.
VBScript is not dangerous in general. But it is used by
worm virus authors to embed harmful code in HTML emails.
Ensure to have the latest security updates of your browser
installed to stay protected against harmful VBScripts.
Secure ActiveX Test: Invocation of secure ActiveX controls
is activated.
This test is not possible with deactivated scripting.
ActiveX controls are a kind of enhancement plugins for the
browser (as e.g. the Flash plugin). The classification if
an ActiveX control is secure or not is done by the
developer of the control. So it is also possible that a
secure control can contain insecure code. Please notice,
that the online Windows-Update doesn't work without
ActiveX controls.
Insecure ActiveX Test: Invocation of insecure ActiveX
controls is deactivated.
This test is not possible with deactivated scripting.
Insecure ActiveX controls may contain harmful code and
therefore they should be deactivated or set to prompt the
user before running to block controls of Dialers, etc.
Internet Explorer makes a difference between signed and
unsigned ActiveX controls. Always check controls with
invalid signatures before you accept them and let them
install on your computer.
aý Online-Check finished on 7/28/2004 4:56:15 PM
==========
>-----Original Message-----
>Greetings --
>
> WinXP's built-in firewall is _adequate_ at stopping
incoming
>attacks, and hiding your ports from probes. It doesn't
give you any
>alarms, or any other kind of indication, to tell you that
it is
>working, though. Nor is it very easily configurable.
What WinXP also
>does not do, is protect you from any Trojans or spyware
that you (or
>someone else using your computer) might download and
install
>inadvertently. It doesn't monitor out-going traffic at
all, other
>than to check for IP-spoofing, much less block (or at
even ask you
>about) the bad or the questionable out-going signals. It
assumes that
>any application you have on your hard drive is there
because you want
>it there, and therefore has your "permission" to access
the Internet.
>Further, because the ICF is a "stateful" firewall, it
will also assume
>that any incoming traffic that's a direct response to a
Trojan's or
>spyware's out-going signal is also authorized.
>
> ZoneAlarm, Kerio, or Sygate are all much better than
WinXP's
>built-in firewall, and are much more easily configured,
and there are
>free versions of each readily available. Even the
commercially
>available Symantec's Norton Personal Firewall is superior
by far,
>although it does take a heavier toll of system
performance then do
>ZoneAlarm or Sygate.
>
> If you're 100% confident of your own ability in
precluding the
>installation of malware by yourself and everyone else who
might ever
>use your computer, WinXP's ICF should be enough.
>
>
>Bruce Chambers
>--
>Help us help you:
>http://dts-l.org/goodpost.htm
>http://www.catb.org/~esr/faqs/smart-questions.html
>
>You can have peace. Or you can have freedom. Don't ever
count on
>having both at once. - RAH
>
>
>"Yong Fen Leong" <yongfenleong@tylin.com.sg> wrote in
message
>news:OuuzOiXdEHA.3132@TK2MSFTNGP11.phx.gbl...
>> Hi Haus does it mean that if the ICF is enabled, it is
good enough
>and you
>> would not need to install any other firewall like zone
alarm or
>sygate ?
>>
>> Thanks
>>
>>
>> "Haus" <youknow@Iwillslapyou> wrote in message
>> news:10ggubkalf307dd@corp.supernews.com...
>> > Sounds like your antivirus protection caught it and
blocked you
>should be
>> > alright.
>> >
>> > Have you enabled your ICF (firewall)
>> >
>>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;283673&Product=winxp
>> >
>> > Have you registered your antivirus so you will
receive regular
>updates.
>> >
>> > Be sure to visit MS Windows Update site and download
all the
>updates this
>> is
>> > for your security and safety.
>> > www.windowsupdate.com
>> >
>> > The thing most people do not know is that after they
buy a
>computer with
>> > virus protection installed they have to go in and
register and
>download
>> the
>> > updates and continue to update it or set it to auto
update then
>after a
>> > period of time the subscription will run out usually
in 90-180
>days at
>> that
>> > time they will have to purchase new protection either
online or
>from a
>> > retail store and at that time they will be able to
update for a
>period of
>> > 365 days (1 year).
>> >
>> >
>> > --
>> > Haus
>> > Live your life so that whenever you lose, you are
ahead.
>> > (Will Rogers)
>> >
>> >
>> >
>> > "ALICE" <anonymous@discussions.microsoft.com> wrote
in message
>> > news:61f601c4751c$2592d390$a601280a@phx.gbl...
>> > > We are senior citizens and have new notebook with
WinXP
>> > > and IE6. We also have NAV2004 and Norton Firewall
2004.
>> > > We just saw a pop-up screen (from Norton Firewall
2004 we
>> > > believe) telling us: "Rule Default Block Deep Throat
>> > > Trojan Horse - Blocked." We just clicked OK. Would
>> > > someone know what that means? Should we be worried
that
>> > > we have virus, etc. Any help appreciated. Thank you.
>> >
>> >
>>
>>
>
>
>.
>
- Next message: Lil' Dave: "Re: NAV General Question"
- Previous message: Greg: "Backdoor.agent.ba"
- In reply to: Bruce Chambers: "Re: Deep Throat"
- Next in thread: Haus: "Re: Deep Throat"
- Reply: Haus: "Re: Deep Throat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
