Re: Port 80
From: Wesley Vogel (123WVogel955_at_comcast.net)
Date: 08/15/04
- Next message: oralia: "help me"
- Previous message: didcrywolf: "IE problem in winXP"
- In reply to: Margie: "Re: Port 80"
- Next in thread: Wesley Vogel: "Re: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Aug 2004 17:07:49 -0600
Good luck, Margie!! ;-)
-- Hope this helps. Let us know. Wes In news:132375FC-FC95-4CF3-9AE5-60201F3C283A@microsoft.com, Margie <Margie@discussions.microsoft.com> hunted and pecked: > Hey, Wes! > > Thanks for checking that out for me!! > > Am presently (and temporarily) using daughter's computer - mine is > totally down. Went to Sygate to purchase and download the Sygate Pro > PF, which offered Panda AV as a package deal. Stupidly, I forgot to > disconnect from the web before I uninstalled the NAV and was > instantly hit with what I think is the Blasterworm. Whatever it is, > my next stop will be to a shop/tech who can salvage my data, then > I'll strip everything down and make a whole new installation of the > system and OS files with my rescue CDs. Wanted to do that today, but > a hurricane is on my doorstep and can't get out today. Wanted to > check with you and send this while the power is still on. > > I so very much appreciate the help and advice both you and SJ have > given. You are just tops! > > I'll check back in when my puter is back in service again. > > Warmest regards, > Margie > > "Wesley Vogel" wrote: > >> Margie, >> >> Yepper. Web cam!! >> >> Read the parts about bugs >>>> >> >> InnoMedia VideoPhone Authorization Bypass >> http://neworder.box.sk/explread.php?newsid=10723 >> >> InnoMedia VideoPhone Authorization Bypass Vulnerability >> http://www.net-security.org/vuln.php?id=3311 >> >> [[Service: http (80/tcp) >> Severity: Low >> The remote web server type is :GoAhead-Webs >> Solution : We recommend that you configure (if possible) your web >> server to return a bogus Server header in order to not leak >> information.]] >> >> -- >> Hope this helps. Let us know. >> Wes >> >> In news:DE36A91A-8A1C-46BD-932E-239732982305@microsoft.com, >> Margie <Margie@discussions.microsoft.com> hunted and pecked: >>> A little further info: >>> >>> this from the Sygate scurity scan just made: >>> Trying to gather information from your web browser... >>> Trying to find out what services you are running... >>> Web Server Found = Server: GoAhead-Webs >>> >>> This last, Server: GaAhead-Webs, I have no clue what this is. Can >>> you identify it for me?? >>> >>> Margie >>> >>> >>> >>> >>> "Margie" wrote: >>> >>>> Hey, SlowJet and Wesley! >>>> >>>> *Many* thanks for responding! >>>> >>>> Let me fill in a bit: When the Trojan hit, NAV 2004 (on auto >>>> update) was running, as was NPF 2003 (automatically updated). I >>>> had all Critical updates for Win updated and SP1. This is just a >>>> home computer, not a server in any sense, and I don't use chat >>>> rooms, IM, or any of those things. >>>> >>>> When the Trojan hit, I immediately ran NAV and (after the fact!) it >>>> found and destroyed the virus. In the attack, NPF was completely >>>> shredded and taken completely out of my control. Finally just had >>>> to delete the thing; that's when I installed the Sygate (free) >>>> until I could get everything straightened out. >>>> >>>> Searching through XP's logs, I found where 'RASMAN' had logged in >>>> and setPermissions to TRUE. It has been since this time that the >>>> computer 'pings' and Port 80 is open; previous to this, any test >>>> I've run has indicated that it was in full stealth. I've been to >>>> several online virus scanners, including Panda, and all say there >>>> is no virus remaining. But I feel that some files are still >>>> changed. >>>> >>>> In reading the HP instruction book, it seemed that if I saved my >>>> personal data elsewhere and used the System Recovery from what HP >>>> says is a totally protected inviolate partition, the system files >>>> would reinstall as it was from the factory. So I did this. But >>>> after checking with Symantec's online security scanner, the port is >>>> still open and it still pings. >>>> >>>> I'm thinking that the only way to get rid of whatever >>>> changes/damage RASMAN did is to completely delete the system files >>>> and use the Recovery CDs that I thankfully made as recommended >>>> when I first got this computer a few weeks ago. (Went from a >>>> little Compaq Celeron processor with a 6 GB hd to a HP Pentium 4 >>>> with a 200GB hd. Was I happy or not?? And then to have this >>>> happen. Big hurt!) >>>> >>>> SJ, you think by installing Sygate Pro, this will solve the >>>> problem? If so, I'll do that right now. Wesley, I had turned off >>>> the ICF because I understood that 2 firewalls shouldn't run at the >>>> same time. Am I mis-informed? BTW, I'm on a cable connection >>>> with a router which has a hardware firewall in it, but I don't >>>> know anymore particulars on it. (Cable Co installed it.) >>>> >>>> Y'all don't know how much I appreciate your time and help! Eagerly >>>> waiting to hear back from you! >>>> >>>> (SJ, are you in the aviation community?? I spent my entire >>>> professional career in aviation! ) >>>> >>>> Very gratefully! :-))) >>>> Margie >>>> >>>> >>>> >>>> >>>> "SlowJet" wrote: >>>> >>>>> Hi Magie, :) >>>>> >>>>> SyGate version 5 - free version, I Assume. >>>>> >>>>> Find ICPM setting and turn on. This will make your >>>>> computer name Stealth from a ping. (If not there is is on >>>>> PRO version.) >>>>> Port 80 is the HTTP port. >>>>> Are you runing web server software? If you need this then >>>>> you need to secure the web software settings as this can >>>>> not be done through windows settings. >>>>> Also, chat program my be listening on 80. MSN Mesenger or >>>>> Messenger running in back ground? >>>>> >>>>> NAV 2004 should be very up to date, just run live update >>>>> to make sure. >>>>> >>>>> Do you have SP1 installed (or SP1a) My Computer, >>>>> Properties, text on gray screen under SYSTEM. >>>>> >>>>> If not go to IE, Tools, Web Updates and follow >>>>> instruction. >>>>> Select SP1a from Windows Update area and install. >>>>> >>>>> Then go back to WU and install all critical updates. >>>>> >>>>> >>>>> At this point the only thing more secure would be the Pro >>>>> version of your Firewall, and SP2 (Which you can get >>>>> automatically thru auto windows update. >>>>> It will be just for your install and will download >>>>> starting about the 16-25 and take a week to complete >>>>> depending on your line speed. >>>>> When it is ready you will be notified.) It will have a >>>>> new firewall which you will need to turn off to use >>>>> SyGate. >>>>> >>>>> You may want to try running these two together if you >>>>> only do HTTP and e-mail as the Windows FW will come on >>>>> very early during boot up and only allow DHCP to the ISP >>>>> until the boot up is done. You just need to add SyGAte >>>>> program to the exception list of the Windows FW. (I think) >>>>> >>>>> SJ >>>>> >>>>> P.S. Backup and clean up disk before instlling Sp's. >>>>>> -----Original Message----- >>>>>> I've just gotten rid of Trojan.byte.verify. NAV and >>>>> several online scans, >>>>>> including Panda, say the machine is clean. Even used >>>>> System Recovery, but >>>>>> according to Symantec's online security scan, Port 80 is >>>>> still open and the >>>>>> computer responds to a ping. How can I close this >>>>> thing?? (NAV2004 and >>>>>> Sygate PF) I'm not used to XP yet, just upgraded >>>>> computers so I'm having a >>>>>> tough time sorting this out. Will be very grateful for >>>>> some help! I'm >>>>>> really concerned about a lingering security compromise. >>>>>> >>>>>> Margie >>>>>> .
- Next message: oralia: "help me"
- Previous message: didcrywolf: "IE problem in winXP"
- In reply to: Margie: "Re: Port 80"
- Next in thread: Wesley Vogel: "Re: Port 80"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
