RE: Port 80
From: Margie (Margie_at_discussions.microsoft.com)
Date: 08/13/04
- Next message: tjmack: "Online security issues"
- Previous message: Cincy57: "XP SP2 Anti Virus"
- In reply to: SlowJet: "Port 80"
- Next in thread: Margie: "RE: Port 80"
- Reply: Margie: "RE: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 08:59:01 -0700
Hey, SlowJet and Wesley!
*Many* thanks for responding!
Let me fill in a bit: When the Trojan hit, NAV 2004 (on auto update) was
running, as was NPF 2003 (automatically updated). I had all Critical updates
for Win updated and SP1. This is just a home computer, not a server in any
sense, and I don't use chat rooms, IM, or any of those things.
When the Trojan hit, I immediately ran NAV and (after the fact!) it found
and destroyed the virus. In the attack, NPF was completely shredded and taken
completely out of my control. Finally just had to delete the thing; that's
when I installed the Sygate (free) until I could get everything straightened
out.
Searching through XP's logs, I found where 'RASMAN' had logged in and
setPermissions to TRUE. It has been since this time that the computer
'pings' and Port 80 is open; previous to this, any test I've run has
indicated that it was in full stealth. I've been to several online virus
scanners, including Panda, and all say there is no virus remaining. But I
feel that some files are still changed.
In reading the HP instruction book, it seemed that if I saved my personal
data elsewhere and used the System Recovery from what HP says is a totally
protected inviolate partition, the system files would reinstall as it was
from the factory. So I did this. But after checking with Symantec's online
security scanner, the port is still open and it still pings.
I'm thinking that the only way to get rid of whatever changes/damage RASMAN
did is to completely delete the system files and use the Recovery CDs that I
thankfully made as recommended when I first got this computer a few weeks
ago. (Went from a little Compaq Celeron processor with a 6 GB hd to a HP
Pentium 4 with a 200GB hd. Was I happy or not?? And then to have this
happen. Big hurt!)
SJ, you think by installing Sygate Pro, this will solve the problem? If so,
I'll do that right now. Wesley, I had turned off the ICF because I
understood that 2 firewalls shouldn't run at the same time. Am I
mis-informed? BTW, I'm on a cable connection with a router which has a
hardware firewall in it, but I don't know anymore particulars on it. (Cable
Co installed it.)
Y'all don't know how much I appreciate your time and help! Eagerly waiting
to hear back from you!
(SJ, are you in the aviation community?? I spent my entire professional
career in aviation! )
Very gratefully! :-)))
Margie
"SlowJet" wrote:
> Hi Magie, :)
>
> SyGate version 5 - free version, I Assume.
>
> Find ICPM setting and turn on. This will make your
> computer name Stealth from a ping. (If not there is is on
> PRO version.)
> Port 80 is the HTTP port.
> Are you runing web server software? If you need this then
> you need to secure the web software settings as this can
> not be done through windows settings.
> Also, chat program my be listening on 80. MSN Mesenger or
> Messenger running in back ground?
>
> NAV 2004 should be very up to date, just run live update
> to make sure.
>
> Do you have SP1 installed (or SP1a) My Computer,
> Properties, text on gray screen under SYSTEM.
>
> If not go to IE, Tools, Web Updates and follow
> instruction.
> Select SP1a from Windows Update area and install.
>
> Then go back to WU and install all critical updates.
>
>
> At this point the only thing more secure would be the Pro
> version of your Firewall, and SP2 (Which you can get
> automatically thru auto windows update.
> It will be just for your install and will download
> starting about the 16-25 and take a week to complete
> depending on your line speed.
> When it is ready you will be notified.) It will have a
> new firewall which you will need to turn off to use
> SyGate.
>
> You may want to try running these two together if you
> only do HTTP and e-mail as the Windows FW will come on
> very early during boot up and only allow DHCP to the ISP
> until the boot up is done. You just need to add SyGAte
> program to the exception list of the Windows FW. (I think)
>
> SJ
>
> P.S. Backup and clean up disk before instlling Sp's.
> >-----Original Message-----
> >I've just gotten rid of Trojan.byte.verify. NAV and
> several online scans,
> >including Panda, say the machine is clean. Even used
> System Recovery, but
> >according to Symantec's online security scan, Port 80 is
> still open and the
> >computer responds to a ping. How can I close this
> thing?? (NAV2004 and
> >Sygate PF) I'm not used to XP yet, just upgraded
> computers so I'm having a
> >tough time sorting this out. Will be very grateful for
> some help! I'm
> >really concerned about a lingering security compromise.
> >
> >Margie
> >.
> >
>
- Next message: tjmack: "Online security issues"
- Previous message: Cincy57: "XP SP2 Anti Virus"
- In reply to: SlowJet: "Port 80"
- Next in thread: Margie: "RE: Port 80"
- Reply: Margie: "RE: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
