1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Port 1025 "Open" - How to Stealth it with NIS

Discussion in 'Virus & Other Malware Removal' started by geoand, Sep 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. geoand

    geoand Thread Starter

    Joined:
    Apr 28, 2002
    Messages:
    75
    Hi folks,

    Hopefully, someone can help me with an 'Open Port' using the GRC.com Site's check for Stealthed Ports. All my ports used to be stealthed using Norton Firewall 2003 but now I've got Port 1025 open! It seems to be something to do with 'Network Blackjack' [not something I've ever used] and the Trojans 'Fraggle Rock' 'MD5 Backdoor' 'Netspy' & 'Remote Alarm' could be connected through here from what I've read??

    I've run Norton AV, SpyBot S&D plus an online trojan scanner - everything appears clean. I then installed 'Active Ports' which showed the following running during a normal surfing session using XP Pro & a DUN connection. Does this make sense?

    System 4 0.0.0.0 445 LISTEN UDP
    System 4 0.0.0.0 445 LISTEN TCP
    System 4 0.0.0.0 1026 LISTEN TCP
    svchost.exe 772 0.0.0.0 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe
    svchost.exe 796 0.0.0.0 1025 LISTEN TCP C:\WINDOWS\System32\svchost.exe
    svchost.exe 856 0.0.0.0 1030 LISTEN UDP C:\WINDOWS\System32\svchost.exe
    svchost.exe 856 0.0.0.0 1039 LISTEN UDP C:\WINDOWS\System32\svchost.exe
    svchost.exe 856 0.0.0.0 1040 LISTEN UDP C:\WINDOWS\System32\svchost.exe
    BigFix.exe 1768 127.0.0.1 1044 LISTEN UDP C:\Program Files\BigFix\BigFix.exe
    iexplore.exe 1404 127.0.0.1 2082 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
    ccPxySvc.exe 1348 127.0.0.1 1027 LISTEN TCP C:\Program Files\Norton Internet Security\ccPxySvc.exe
    ccApp.exe 1540 127.0.0.1 1028 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    I tried closing the svchost.exe using Port 1025 in Active Ports but my system froze, I needed to restart and I'm back to normal. The only thing that I've done recently was install a Network Card [it's got LAN Wake-Up - I don't know if that's significant or not ] as I'm going to upgrade to ADSL using a Netgear DG814 Modem/Firewall/Router. I'm worried about using Broadband if I've got an Open Port, I'd like to be fully stealthed if possible.

    Any advice would be gratefully received.

    Thanks,

    George

    PS Hopefully I've supplied enough info here.
     
  2. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,915
    According to a thread I found on the Security Focus Forum, port 1025 is kept open by MSTask.exe. In other words, your copy of 2K or XP is 'listening out' for more instructions from Head Office!

    The thread provides a Registry hack if you're feeling adventurous or it may be possible to configure your firewall to close it (not the built in XP one of course).

    http://www.securityfocus.com/archive/105/333471/2003-08-14/2003-08-20/0
     
  3. geoand

    geoand Thread Starter

    Joined:
    Apr 28, 2002
    Messages:
    75
    Thanks Togg,

    I've read about the mstask.exe connection before elsewhere but didn't want to disable it - I use task scheduler to keep NIS up to date. It sounds like the sort of thing that should be running in the background.

    Interesting that yon link you posted mentioned NAV as well - maybe that's the problem.

    Thanks.
     
  4. geoand

    geoand Thread Starter

    Joined:
    Apr 28, 2002
    Messages:
    75
    Cheers Togg,

    You were spot on with MSTask.exe. I hadn't disabled it in XP-AntiSpy after updating it to the latest version. I'm now 100% stealthed at grc.com.

    Well solved,

    George
     
  5. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,915
    George,

    Interesting to know that you have XP Anti Spy. I haven't got XP so stopping it 'phoning home' is only of academic interest to me but I came across the Anti Spy tool some time ago and was wondering just how good/useful it was.

    Based on your experience of it, would you recommend it unconditionally to other XP users or do you have reservations about some aspects of it?

    I assume that every Update/Service Pack switches all the reporting services back on so that you have re apply Anti Spy each time.
     
  6. geoand

    geoand Thread Starter

    Joined:
    Apr 28, 2002
    Messages:
    75
    Yes,

    XP-AntiSpy gets my full blessing. It's not just the 'phoning home' bit, there's loads of other useful stuff. Put simply, lots of bloatware that comes with XP and runs in the background by default can simply be switched off without searching through other progs.

    No, XP Updates don't affect it apart from maybe XP SP1, even then it's just a case of ticking the boxes again - a very useful tool.

    George
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163531

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice