Re: Deep Throat

From: Haus (youknow_at_Iwillslapyou)
Date: 08/01/04 

Date: Sun, 1 Aug 2004 13:43:55 -0500

Alice
right above the stop button there is a drop down menu to the left it will
say Startup Type, it will either be Automatic or manual, just click on the
drop down menu and click disable.
SSDP is used for UPnP on peer-to-peer networks I am pretty sure you do not
need UPnP, but it doesn't really matter you do not need to stop it or
disable it just follow the steps in the previous post and you will be safe.

There is some good pop-up blockers that you can use to control the pop-ups
another good way for Trojans to enter.
http://toolbar.google.com/

The only other thing I can suggest would be to keep everything updated.
Delete the Cookies on a regular basis.
Open your browser (home page), click on Tools, click on Internet Options,
there you will see Delete Cookies.

Run Disk Cleanup on a regular basis, put a checkmark in Temp Files, Temp
Internet Files, Recycle Bin
Start>Programs>Accessories>System Tools>Disk Cleanup

Download, Update & Run Spy Sweeper on a regular basis. (couple of times a
month)
www.spysweeper.com

Here are some free online virus scanners you can use to scan your computer
to double check your current one.
http://www.mvps.org/sramesh2k/Scanners.htm 

-- 
Good Day
Haus
2 Timothy 4:8  Finally, there is laid up for me the crown of righteousness,
which the Lord, the righteous Judge,
will give to me on that Day, and not to me only but also to all who have 
loved His appearing.
"ALICE" <anonymous@discussions.microsoft.com> wrote in message 
news:82cf01c477d1$b3007b80$a501280a@phx.gbl...
Re: our "We did find the Control>Adm Tools>Services and
SSDP. We did see the STOP key (for 5000) but
not 'startup' and 'type.' This was done on my notebook
with WinXP."
Should we still click on the "STOP?" for the Port 5000
(even though it states "These programs or services use
this port by default:
Windows ME, XP and 2003 Network Plug & Play?" It says
Windows XP use this port (5000)?)
Thank you...
Alice
>-----Original Message-----
>You did good.
>Windows 98 does not come with UPnP.
>
>There is some good pop-up blockers that you can use to
control the pop-ups
>another good way for Trojans to enter.
>http://toolbar.google.com/
>
>The only other thing I can suggest would be to keep
everything updated.
>Delete the Cookies on a regular basis.
>Open your browser (home page), click on Tools, click on
Internet Options,
>there you will see Delete Cookies.
>
>Run Disk Cleanup on a regular basis, put a checkmark in
Temp Files, Temp
>Internet Files, Recycle Bin
>Start>Programs>Accessories>System Tools>Disk Cleanup
>
>Download, Update & Run Spy Sweeper on a regular basis.
(couple of times a
>month)
>www.spysweeper.com
>
>Here are some free online virus scanners you can use to
scan your computer
>to double check your current one.
>http://www.mvps.org/sramesh2k/Scanners.htm
>
>-- 
>Haus
>Live your life so that whenever you lose, you are ahead.
>(Will Rogers)
>
>
>
>"ALICE" <anonymous@discussions.microsoft.com> wrote in
message
>news:7d6901c47766$90e87720$a601280a@phx.gbl...
>Thank you kindly for your reply. All so confusing for us.
>We did find the Control>Adm Tools>Services and SSDP. We
>did see the STOP key but not 'startup' and 'type.' This
>was done on my notebook with WinXP. HOWEVER, my husband
>has notebook with Win98se and we didn't see Adm Tools in
>Control Panel.
>(We seem to see two every so often (which are blocked by
>Norton Firewall 2004, but are so annoying that they keep
>poping up). One is the Throat Trojan and the other
>is the Sub-Seven Trojan.)
>We don't know about blocking inbound and allowing
outbound
>traffic???
>
>>-----Original Message-----
>>
>>
>>Port 5000 can be a way for them to enter it is basically
>used for Universal
>>Plug and Play (UPnP) which I am sure you are not using,
>UPnP is used on
>>Peer-to-Peer networks and therefore you can stop it by
>following these
>>instructions.
>>
>> Open Control Panel>Administrative Tools>Services> and
in
>services look for:
>>SSDP  Discovery Service,  Once you found it, double
>click, notice there is a
>>stop tab at the bottom, click on it, and Disable it
where
>it says: Startup
>>Type
>>
>>Port 1025 will have to be open to out bound traffic, I
am
>not familiar with
>>Norton Firewall, can you block inbound traffic and allow
>outbound.
>>-- 
>>Haus
>>Live your life so that whenever you lose, you are ahead.
>>(Will Rogers)
>>
>>
>>
>>"ALICE" <anonymous@discussions.microsoft.com> wrote in
>message
>>news:786c01c4768c$b100dfa0$a401280a@phx.gbl...
>>It seems my initial post picked up a few more posts from
>>other people asking questions. I thought each question
had
>>to be on a seperate 'thread.'
>>I was wondering if the Deep Throat Horse  and SubSeven
>>Trojan Horse are fairly common? My husband and I seem to
>>have gotten one or the other a few times in past few
weeks
>>on both of our notebooks. Norton Firewall 2004 keeps
>>blocking them but I wonder how they keep appearing?
>>We did A2 Trojan scan online and got the following
results
>>and wonder if the two OPEN ports could be cause?? We
don't
>>know as we are senior citizens and not too familiar with
>>computers, etc. (We have Norton AntiVirus2004 (updated
and
>>scan every other day) and Norton Firewall 2004 and
>>AdAware. Any help appreciated. Thank you.
>>==
>>
>>You computer is scanned for open ports now.
>>
>>5000: open!
>>6711: closed
>>4711: closed
>>2140: closed
>>5001: closed
>>456: closed
>>12346: closed
>>6000: closed
>>6666: closed
>>8080: closed
>>443: closed
>>2115: closed
>>9999: closed
>>20034: closed
>>8989: closed
>>11000: closed
>>666: closed
>>6667: closed
>>421: closed
>>2583: closed
>>170: closed
>>4000: closed
>>2080: closed
>>1047: closed
>>9000: closed
>>12345: closed
>>2002: closed
>>2001: closed
>>389: closed
>>143: closed
>>1100: closed
>>146: closed
>>1033: closed
>>1099: closed
>>4444: closed
>>1090: closed
>>133: closed
>>3000: closed
>>1243: closed
>>1080: closed
>>1081: closed
>>123: closed
>>119: closed
>>118: closed
>>113: closed
>>111: closed
>>110: closed
>>54321: closed
>>54320: closed
>>99: closed
>>1050: closed
>>2005: closed
>>2004: closed
>>2003: closed
>>1524: closed
>>1045: closed
>>1025: open!
>>80: closed
>>79: closed
>>1034: closed
>>555: closed
>>121: closed
>>1029: closed
>>2000: closed
>>1024: closed
>>2023: closed
>>59: closed
>>58: closed
>>53: closed
>>2208: closed
>>50: closed
>>48: closed
>>999: closed
>>1000: closed
>>41: closed
>>1234: closed
>>37: closed
>>514: closed
>>27374: closed
>>31: closed
>>1042: closed
>>6767: closed
>>25: closed
>>23: closed
>>315: closed
>>40421: closed
>>3129: closed
>>3128: closed
>>31337: closed
>>22: closed
>>13: closed
>>7000: closed
>>7: closed
>>5742: closed
>>2: closed
>>21: closed
>>19: closed
>>17: closed
>>445: closed
>>139: closed
>>135: closed
>>
>>The following ports were identified as open on your PC:
>>
>>Port 1025
>>
>>These programs or services use this port by default:
>>Windows RPC, Scheduled Tasks
>>
>>These Trojans or Malware files use this port by default:
>>NetSpy, Maverick's Matrix, RemoteStorm
>>
>>Port 5000
>>
>>These programs or services use this port by default:
>>Windows ME, XP and 2003 Network Plug & Play
>>
>>These Trojans or Malware files use this port by default:
>>Bubbel, Back Door Setup, Blazer 5, Socket 23, Sockets de
>>Troie
>>
>>Exploit-Test:
>>Your browser will be checked for installed ActiveX
>>components of Dialers, etc. now.
>>
>>IEAccess2 not found.
>>BCVoicePlugin not found.
>>TSCPlugin not found.
>>MoneyTreeDialer not found.
>>D9Dialer not found.
>>CABDialer not found.
>>SunInfoConnect.snConnect not found.
>>eConnect.eConn not found.
>>VLoading not found.
>>WebInstall not found.
>>Uloader not found.
>>ActiveInstall not found.
>>ActiveXDownload not found.
>>NTools.ActiveInstaller not found.
>>MaConnect not found.
>>xDiver not found.
>>WebPlugin_Class not found.
>>WebUpdate not found.
>>WSD not found.
>>IELoader not found.
>>Acceler8or not found.
>>
>>No harmful ActiveX components were detected. This test
can
>>only be completed with VBScript activated.
>>
>>
>>
>>Browser-Check:
>>Your browser configuration will be checked for risks
now.
>>
>>Visual Basic Script (VBScript) Test: VBScript is
>activated!
>>VBScript is not activated.
>>VBScript is not dangerous in general. But it is used by
>>worm virus authors to embed harmful code in HTML emails.
>>Ensure to have the latest security updates of your
browser
>>installed to stay protected against harmful VBScripts.
>>
>>Secure ActiveX Test: Invocation of secure ActiveX
controls
>>is activated.
>>This test is not possible with deactivated scripting.
>>ActiveX controls are a kind of enhancement plugins for
the
>>browser (as e.g. the Flash plugin). The classification
if
>>an ActiveX control is secure or not is done by the
>>developer of the control. So it is also possible that a
>>secure control can contain insecure code. Please notice,
>>that the online Windows-Update doesn't work without
>>ActiveX controls.
>>
>>Insecure ActiveX Test: Invocation of insecure ActiveX
>>controls is deactivated.
>>This test is not possible with deactivated scripting.
>>Insecure ActiveX controls may contain harmful code and
>>therefore they should be deactivated or set to prompt
the
>>user before running to block controls of Dialers, etc.
>>
>>Internet Explorer makes a difference between signed and
>>unsigned ActiveX controls. Always check controls with
>>invalid signatures before you accept them and let them
>>install on your computer.
>>
>>
>>aý Online-Check finished on 7/28/2004 4:56:15 PM
>>==========
>>
>>
>>
>>>-----Original Message-----
>>>Greetings --
>>>
>>>  WinXP's built-in firewall is _adequate_ at stopping
>>incoming
>>>attacks, and hiding your ports from probes.  It doesn't
>>give you any
>>>alarms, or any other kind of indication, to tell you
that
>>it is
>>>working, though.  Nor is it very easily configurable.
>>What WinXP also
>>>does not do, is protect you from any Trojans or spyware
>>that you (or
>>>someone else using your computer) might download and
>>install
>>>inadvertently.  It doesn't monitor out-going traffic at
>>all, other
>>>than to check for IP-spoofing, much less block (or at
>>even ask you
>>>about) the bad or the questionable out-going signals.
It
>>assumes that
>>>any application you have on your hard drive is there
>>because you want
>>>it there, and therefore has your "permission" to access
>>the Internet.
>>>Further, because the ICF is a "stateful" firewall, it
>>will also assume
>>>that any incoming traffic that's a direct response to a
>>Trojan's or
>>>spyware's out-going signal is also authorized.
>>>
>>>    ZoneAlarm, Kerio, or Sygate are all much better
than
>>WinXP's
>>>built-in firewall, and are much more easily configured,
>>and there are
>>>free versions of each readily available.  Even the
>>commercially
>>>available Symantec's Norton Personal Firewall is
superior
>>by far,
>>>although it does take a heavier toll of system
>>performance then do
>>>ZoneAlarm or Sygate.
>>>
>>>    If you're 100% confident of your own ability in
>>precluding the
>>>installation of malware by yourself and everyone else
who
>>might ever
>>>use your computer, WinXP's ICF should be enough.
>>>
>>>
>>>Bruce Chambers
>>>-- 
>>>Help us help you:
>>>http://dts-l.org/goodpost.htm
>>>http://www.catb.org/~esr/faqs/smart-questions.html
>>>
>>>You can have peace. Or you can have freedom. Don't ever
>>count on
>>>having both at once. - RAH
>>>
>>>
>>>"Yong Fen Leong" <yongfenleong@tylin.com.sg> wrote in
>>message
>>>news:OuuzOiXdEHA.3132@TK2MSFTNGP11.phx.gbl...
>>>> Hi Haus does it mean that if the ICF is enabled, it
is
>>good enough
>>>and you
>>>> would not need to install any other firewall like
zone
>>alarm or
>>>sygate ?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> "Haus" <youknow@Iwillslapyou> wrote in message
>>>> news:10ggubkalf307dd@corp.supernews.com...
>>>> > Sounds like your antivirus protection caught it and
>>blocked you
>>>should be
>>>> > alright.
>>>> >
>>>> > Have you enabled your ICF (firewall)
>>>> >
>>>>
>>>http://support.microsoft.com/default.aspx?scid=kb;en-
>>us;283673&Product=winxp
>>>> >
>>>> > Have you registered your antivirus so you will
>>receive regular
>>>updates.
>>>> >
>>>> > Be sure to visit MS Windows Update site and
download
>>all the
>>>updates this
>>>> is
>>>> > for your security and safety.
>>>> > www.windowsupdate.com
>>>> >
>>>> > The thing most people do not know is that after
they
>>buy a
>>>computer with
>>>> > virus protection installed they have to go in and
>>register and
>>>download
>>>> the
>>>> > updates and continue to update it or set it to auto
>>update then
>>>after a
>>>> > period of time the subscription will run out
usually
>>in 90-180
>>>days at
>>>> that
>>>> > time they will have to purchase new protection
either
>>online or
>>>from a
>>>> > retail store and at that time they will be able to
>>update for a
>>>period of
>>>> > 365 days (1 year).
>>>> >
>>>> >
>>>> > -- 
>>>> > Haus
>>>> > Live your life so that whenever you lose, you are
>>ahead.
>>>> > (Will Rogers)
>>>> >
>>>> >
>>>> >
>>>> > "ALICE" <anonymous@discussions.microsoft.com> wrote
>>in message
>>>> > news:61f601c4751c$2592d390$a601280a@phx.gbl...
>>>> > > We are senior citizens and have new notebook with
>>WinXP
>>>> > > and IE6. We also have NAV2004 and Norton Firewall
>>2004.
>>>> > > We just saw a pop-up screen (from Norton Firewall
>>2004 we
>>>> > > believe) telling us: "Rule Default Block Deep
>Throat
>>>> > > Trojan Horse - Blocked." We just clicked OK.
Would
>>>> > > someone know what that means? Should we be
worried
>>that
>>>> > > we have virus, etc. Any help appreciated. Thank
>you.
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>
>
>.
>