RE: Port 80
From: Margie (Margie_at_discussions.microsoft.com)
Date: 08/13/04
- Next message: Carey Frisch [MVP]: "Re: win xp (sp2)"
- Previous message: Allen: "win xp (sp2)"
- In reply to: Margie: "RE: Port 80"
- Next in thread: Wesley Vogel: "Re: Port 80"
- Reply: Wesley Vogel: "Re: Port 80"
- Reply: Wesley Vogel: "Re: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 10:49:01 -0700
A little further info:
this from the Sygate scurity scan just made:
Trying to gather information from your web browser...
Trying to find out what services you are running...
Web Server Found = Server: GoAhead-Webs
This last, Server: GaAhead-Webs, I have no clue what this is. Can you
identify it for me??
Margie
"Margie" wrote:
> Hey, SlowJet and Wesley!
>
> *Many* thanks for responding!
>
> Let me fill in a bit: When the Trojan hit, NAV 2004 (on auto update) was
> running, as was NPF 2003 (automatically updated). I had all Critical updates
> for Win updated and SP1. This is just a home computer, not a server in any
> sense, and I don't use chat rooms, IM, or any of those things.
>
> When the Trojan hit, I immediately ran NAV and (after the fact!) it found
> and destroyed the virus. In the attack, NPF was completely shredded and taken
> completely out of my control. Finally just had to delete the thing; that's
> when I installed the Sygate (free) until I could get everything straightened
> out.
>
> Searching through XP's logs, I found where 'RASMAN' had logged in and
> setPermissions to TRUE. It has been since this time that the computer
> 'pings' and Port 80 is open; previous to this, any test I've run has
> indicated that it was in full stealth. I've been to several online virus
> scanners, including Panda, and all say there is no virus remaining. But I
> feel that some files are still changed.
>
> In reading the HP instruction book, it seemed that if I saved my personal
> data elsewhere and used the System Recovery from what HP says is a totally
> protected inviolate partition, the system files would reinstall as it was
> from the factory. So I did this. But after checking with Symantec's online
> security scanner, the port is still open and it still pings.
>
> I'm thinking that the only way to get rid of whatever changes/damage RASMAN
> did is to completely delete the system files and use the Recovery CDs that I
> thankfully made as recommended when I first got this computer a few weeks
> ago. (Went from a little Compaq Celeron processor with a 6 GB hd to a HP
> Pentium 4 with a 200GB hd. Was I happy or not?? And then to have this
> happen. Big hurt!)
>
> SJ, you think by installing Sygate Pro, this will solve the problem? If so,
> I'll do that right now. Wesley, I had turned off the ICF because I
> understood that 2 firewalls shouldn't run at the same time. Am I
> mis-informed? BTW, I'm on a cable connection with a router which has a
> hardware firewall in it, but I don't know anymore particulars on it. (Cable
> Co installed it.)
>
> Y'all don't know how much I appreciate your time and help! Eagerly waiting
> to hear back from you!
>
> (SJ, are you in the aviation community?? I spent my entire professional
> career in aviation! )
>
> Very gratefully! :-)))
> Margie
>
>
>
>
> "SlowJet" wrote:
>
> > Hi Magie, :)
> >
> > SyGate version 5 - free version, I Assume.
> >
> > Find ICPM setting and turn on. This will make your
> > computer name Stealth from a ping. (If not there is is on
> > PRO version.)
> > Port 80 is the HTTP port.
> > Are you runing web server software? If you need this then
> > you need to secure the web software settings as this can
> > not be done through windows settings.
> > Also, chat program my be listening on 80. MSN Mesenger or
> > Messenger running in back ground?
> >
> > NAV 2004 should be very up to date, just run live update
> > to make sure.
> >
> > Do you have SP1 installed (or SP1a) My Computer,
> > Properties, text on gray screen under SYSTEM.
> >
> > If not go to IE, Tools, Web Updates and follow
> > instruction.
> > Select SP1a from Windows Update area and install.
> >
> > Then go back to WU and install all critical updates.
> >
> >
> > At this point the only thing more secure would be the Pro
> > version of your Firewall, and SP2 (Which you can get
> > automatically thru auto windows update.
> > It will be just for your install and will download
> > starting about the 16-25 and take a week to complete
> > depending on your line speed.
> > When it is ready you will be notified.) It will have a
> > new firewall which you will need to turn off to use
> > SyGate.
> >
> > You may want to try running these two together if you
> > only do HTTP and e-mail as the Windows FW will come on
> > very early during boot up and only allow DHCP to the ISP
> > until the boot up is done. You just need to add SyGAte
> > program to the exception list of the Windows FW. (I think)
> >
> > SJ
> >
> > P.S. Backup and clean up disk before instlling Sp's.
> > >-----Original Message-----
> > >I've just gotten rid of Trojan.byte.verify. NAV and
> > several online scans,
> > >including Panda, say the machine is clean. Even used
> > System Recovery, but
> > >according to Symantec's online security scan, Port 80 is
> > still open and the
> > >computer responds to a ping. How can I close this
> > thing?? (NAV2004 and
> > >Sygate PF) I'm not used to XP yet, just upgraded
> > computers so I'm having a
> > >tough time sorting this out. Will be very grateful for
> > some help! I'm
> > >really concerned about a lingering security compromise.
> > >
> > >Margie
> > >.
> > >
> >
- Next message: Carey Frisch [MVP]: "Re: win xp (sp2)"
- Previous message: Allen: "win xp (sp2)"
- In reply to: Margie: "RE: Port 80"
- Next in thread: Wesley Vogel: "Re: Port 80"
- Reply: Wesley Vogel: "Re: Port 80"
- Reply: Wesley Vogel: "Re: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
