Re: Deep Throat
From: ALICE (anonymous_at_discussions.microsoft.com)
Date: 08/01/04
- Next message: Chek: "Re: svchost.exe and W32.HLLW.Respan/W32.HLLW.Astef problems"
- Previous message: jmatt: "Re: My 1st virus-"secThought.E""
- Next in thread: Haus: "Re: Deep Throat"
- Reply: Haus: "Re: Deep Throat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jul 2004 18:26:27 -0700
Thank you kindly for your reply. All so confusing for us.
We did find the Control>Adm Tools>Services and SSDP. We
did see the STOP key but not 'startup' and 'type.' This
was done on my notebook with WinXP. HOWEVER, my husband
has notebook with Win98se and we didn't see Adm Tools in
Control Panel.
(We seem to see two every so often (which are blocked by
Norton Firewall 2004, but are so annoying that they keep
poping up). One is the Throat Trojan and the other
is the Sub-Seven Trojan.)
We don't know about blocking inbound and allowing outbound
traffic???
>-----Original Message-----
>
>
>Port 5000 can be a way for them to enter it is basically
used for Universal
>Plug and Play (UPnP) which I am sure you are not using,
UPnP is used on
>Peer-to-Peer networks and therefore you can stop it by
following these
>instructions.
>
> Open Control Panel>Administrative Tools>Services> and in
services look for:
>SSDP Discovery Service, Once you found it, double
click, notice there is a
>stop tab at the bottom, click on it, and Disable it where
it says: Startup
>Type
>
>Port 1025 will have to be open to out bound traffic, I am
not familiar with
>Norton Firewall, can you block inbound traffic and allow
outbound.
>--
>Haus
>Live your life so that whenever you lose, you are ahead.
>(Will Rogers)
>
>
>
>"ALICE" <anonymous@discussions.microsoft.com> wrote in
message
>news:786c01c4768c$b100dfa0$a401280a@phx.gbl...
>It seems my initial post picked up a few more posts from
>other people asking questions. I thought each question had
>to be on a seperate 'thread.'
>I was wondering if the Deep Throat Horse and SubSeven
>Trojan Horse are fairly common? My husband and I seem to
>have gotten one or the other a few times in past few weeks
>on both of our notebooks. Norton Firewall 2004 keeps
>blocking them but I wonder how they keep appearing?
>We did A2 Trojan scan online and got the following results
>and wonder if the two OPEN ports could be cause?? We don't
>know as we are senior citizens and not too familiar with
>computers, etc. (We have Norton AntiVirus2004 (updated and
>scan every other day) and Norton Firewall 2004 and
>AdAware. Any help appreciated. Thank you.
>==
>
>You computer is scanned for open ports now.
>
>5000: open!
>6711: closed
>4711: closed
>2140: closed
>5001: closed
>456: closed
>12346: closed
>6000: closed
>6666: closed
>8080: closed
>443: closed
>2115: closed
>9999: closed
>20034: closed
>8989: closed
>11000: closed
>666: closed
>6667: closed
>421: closed
>2583: closed
>170: closed
>4000: closed
>2080: closed
>1047: closed
>9000: closed
>12345: closed
>2002: closed
>2001: closed
>389: closed
>143: closed
>1100: closed
>146: closed
>1033: closed
>1099: closed
>4444: closed
>1090: closed
>133: closed
>3000: closed
>1243: closed
>1080: closed
>1081: closed
>123: closed
>119: closed
>118: closed
>113: closed
>111: closed
>110: closed
>54321: closed
>54320: closed
>99: closed
>1050: closed
>2005: closed
>2004: closed
>2003: closed
>1524: closed
>1045: closed
>1025: open!
>80: closed
>79: closed
>1034: closed
>555: closed
>121: closed
>1029: closed
>2000: closed
>1024: closed
>2023: closed
>59: closed
>58: closed
>53: closed
>2208: closed
>50: closed
>48: closed
>999: closed
>1000: closed
>41: closed
>1234: closed
>37: closed
>514: closed
>27374: closed
>31: closed
>1042: closed
>6767: closed
>25: closed
>23: closed
>315: closed
>40421: closed
>3129: closed
>3128: closed
>31337: closed
>22: closed
>13: closed
>7000: closed
>7: closed
>5742: closed
>2: closed
>21: closed
>19: closed
>17: closed
>445: closed
>139: closed
>135: closed
>
>The following ports were identified as open on your PC:
>
>Port 1025
>
>These programs or services use this port by default:
>Windows RPC, Scheduled Tasks
>
>These Trojans or Malware files use this port by default:
>NetSpy, Maverick's Matrix, RemoteStorm
>
>Port 5000
>
>These programs or services use this port by default:
>Windows ME, XP and 2003 Network Plug & Play
>
>These Trojans or Malware files use this port by default:
>Bubbel, Back Door Setup, Blazer 5, Socket 23, Sockets de
>Troie
>
>Exploit-Test:
>Your browser will be checked for installed ActiveX
>components of Dialers, etc. now.
>
>IEAccess2 not found.
>BCVoicePlugin not found.
>TSCPlugin not found.
>MoneyTreeDialer not found.
>D9Dialer not found.
>CABDialer not found.
>SunInfoConnect.snConnect not found.
>eConnect.eConn not found.
>VLoading not found.
>WebInstall not found.
>Uloader not found.
>ActiveInstall not found.
>ActiveXDownload not found.
>NTools.ActiveInstaller not found.
>MaConnect not found.
>xDiver not found.
>WebPlugin_Class not found.
>WebUpdate not found.
>WSD not found.
>IELoader not found.
>Acceler8or not found.
>
>No harmful ActiveX components were detected. This test can
>only be completed with VBScript activated.
>
>
>
>Browser-Check:
>Your browser configuration will be checked for risks now.
>
>Visual Basic Script (VBScript) Test: VBScript is
activated!
>VBScript is not activated.
>VBScript is not dangerous in general. But it is used by
>worm virus authors to embed harmful code in HTML emails.
>Ensure to have the latest security updates of your browser
>installed to stay protected against harmful VBScripts.
>
>Secure ActiveX Test: Invocation of secure ActiveX controls
>is activated.
>This test is not possible with deactivated scripting.
>ActiveX controls are a kind of enhancement plugins for the
>browser (as e.g. the Flash plugin). The classification if
>an ActiveX control is secure or not is done by the
>developer of the control. So it is also possible that a
>secure control can contain insecure code. Please notice,
>that the online Windows-Update doesn't work without
>ActiveX controls.
>
>Insecure ActiveX Test: Invocation of insecure ActiveX
>controls is deactivated.
>This test is not possible with deactivated scripting.
>Insecure ActiveX controls may contain harmful code and
>therefore they should be deactivated or set to prompt the
>user before running to block controls of Dialers, etc.
>
>Internet Explorer makes a difference between signed and
>unsigned ActiveX controls. Always check controls with
>invalid signatures before you accept them and let them
>install on your computer.
>
>
>aý Online-Check finished on 7/28/2004 4:56:15 PM
>==========
>
>
>
>>-----Original Message-----
>>Greetings --
>>
>> WinXP's built-in firewall is _adequate_ at stopping
>incoming
>>attacks, and hiding your ports from probes. It doesn't
>give you any
>>alarms, or any other kind of indication, to tell you that
>it is
>>working, though. Nor is it very easily configurable.
>What WinXP also
>>does not do, is protect you from any Trojans or spyware
>that you (or
>>someone else using your computer) might download and
>install
>>inadvertently. It doesn't monitor out-going traffic at
>all, other
>>than to check for IP-spoofing, much less block (or at
>even ask you
>>about) the bad or the questionable out-going signals. It
>assumes that
>>any application you have on your hard drive is there
>because you want
>>it there, and therefore has your "permission" to access
>the Internet.
>>Further, because the ICF is a "stateful" firewall, it
>will also assume
>>that any incoming traffic that's a direct response to a
>Trojan's or
>>spyware's out-going signal is also authorized.
>>
>> ZoneAlarm, Kerio, or Sygate are all much better than
>WinXP's
>>built-in firewall, and are much more easily configured,
>and there are
>>free versions of each readily available. Even the
>commercially
>>available Symantec's Norton Personal Firewall is superior
>by far,
>>although it does take a heavier toll of system
>performance then do
>>ZoneAlarm or Sygate.
>>
>> If you're 100% confident of your own ability in
>precluding the
>>installation of malware by yourself and everyone else who
>might ever
>>use your computer, WinXP's ICF should be enough.
>>
>>
>>Bruce Chambers
>>--
>>Help us help you:
>>http://dts-l.org/goodpost.htm
>>http://www.catb.org/~esr/faqs/smart-questions.html
>>
>>You can have peace. Or you can have freedom. Don't ever
>count on
>>having both at once. - RAH
>>
>>
>>"Yong Fen Leong" <yongfenleong@tylin.com.sg> wrote in
>message
>>news:OuuzOiXdEHA.3132@TK2MSFTNGP11.phx.gbl...
>>> Hi Haus does it mean that if the ICF is enabled, it is
>good enough
>>and you
>>> would not need to install any other firewall like zone
>alarm or
>>sygate ?
>>>
>>> Thanks
>>>
>>>
>>> "Haus" <youknow@Iwillslapyou> wrote in message
>>> news:10ggubkalf307dd@corp.supernews.com...
>>> > Sounds like your antivirus protection caught it and
>blocked you
>>should be
>>> > alright.
>>> >
>>> > Have you enabled your ICF (firewall)
>>> >
>>>
>>http://support.microsoft.com/default.aspx?scid=kb;en-
>us;283673&Product=winxp
>>> >
>>> > Have you registered your antivirus so you will
>receive regular
>>updates.
>>> >
>>> > Be sure to visit MS Windows Update site and download
>all the
>>updates this
>>> is
>>> > for your security and safety.
>>> > www.windowsupdate.com
>>> >
>>> > The thing most people do not know is that after they
>buy a
>>computer with
>>> > virus protection installed they have to go in and
>register and
>>download
>>> the
>>> > updates and continue to update it or set it to auto
>update then
>>after a
>>> > period of time the subscription will run out usually
>in 90-180
>>days at
>>> that
>>> > time they will have to purchase new protection either
>online or
>>from a
>>> > retail store and at that time they will be able to
>update for a
>>period of
>>> > 365 days (1 year).
>>> >
>>> >
>>> > --
>>> > Haus
>>> > Live your life so that whenever you lose, you are
>ahead.
>>> > (Will Rogers)
>>> >
>>> >
>>> >
>>> > "ALICE" <anonymous@discussions.microsoft.com> wrote
>in message
>>> > news:61f601c4751c$2592d390$a601280a@phx.gbl...
>>> > > We are senior citizens and have new notebook with
>WinXP
>>> > > and IE6. We also have NAV2004 and Norton Firewall
>2004.
>>> > > We just saw a pop-up screen (from Norton Firewall
>2004 we
>>> > > believe) telling us: "Rule Default Block Deep
Throat
>>> > > Trojan Horse - Blocked." We just clicked OK. Would
>>> > > someone know what that means? Should we be worried
>that
>>> > > we have virus, etc. Any help appreciated. Thank
you.
>>> >
>>> >
>>>
>>>
>>
>>
>>.
>>
>
>
>.
>
- Next message: Chek: "Re: svchost.exe and W32.HLLW.Respan/W32.HLLW.Astef problems"
- Previous message: jmatt: "Re: My 1st virus-"secThought.E""
- Next in thread: Haus: "Re: Deep Throat"
- Reply: Haus: "Re: Deep Throat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
