port 1090

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ukboy

Thread Starter
Joined
Nov 22, 2002
Messages
193
i ran the symantec security port scanner and it sad all my ports were closed apart from 1090 i use zone alarm firewall(free version) is there anyway i could close this port, also i hear the built in firewall in xp puts the computer in stealth mode, is it worth running this aswell, does it take up much memory to keep running?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
If you have port 1090 open and are using ZA then you have a trojan, most likely "extreme" or were running real player at the time you tested.

You need to do a complete trojan test with a suitable tester or at least repeat the test with real player not running

and you shouldn't run 2 firewalls at the same time
 

ukboy

Thread Starter
Joined
Nov 22, 2002
Messages
193
thanks for the reply, would this port be open if real player was trying to connect to the internet, for updates etc, i cannot find info on this trojan so if you could give me a link for info that would be helpful. tia.
 

ukboy

Thread Starter
Joined
Nov 22, 2002
Messages
193
i just ran the symantec trojan and virus scan and the results showed 0 viruses or trojans, so if symantec showed the port as open but no trojans were detected i believe i am safe?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
You are never safe with unwanted open ports

prevent realplayer accessing the net and run the security scan again at symantec. if it shows closed ports then real player is the culprit and you don't need to worry. if it still shows open then find a good trojan scanner, not an antivirus like norton but some thing like the cleaner from moosooft, that just targets trojans
 
Joined
Jan 31, 2003
Messages
29
A little freeware, "Active Ports," can be of help in determining
what is opening which port.
http://www.protect-me.com/freeware.html
----------------------------------------------------------
"Active Ports - easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious program. (450Kb)"
 

ukboy

Thread Starter
Joined
Nov 22, 2002
Messages
193
thanks, i have downloaded the program and run it here is the list of results so if you dont mind looking through them and checking tey are all legitimate.
 

Attachments

Joined
Jan 31, 2003
Messages
29
I'm on 56k. The only thing I don't recognize is CConnect.exe but
the location is given as:
C:\Program Files\CConnect\CConnect.exe

I don't know if that is something you use or if you are on a network or what. Anyhow, I found this info about it:
-------------------------------------------------------------------
"This tool provides a method of tracking concurrent connections of users and monitoring what computers users are logged on to a network. It consists of two components, a client and an administrator.

Con-Current Connection Limiter:

is completely hidden from the end user's view.
keeps track of all computers that users are logged onto.
tracks last known user of the computer.
monitors what logon server users are logging into.
allows concurrent connection limitations to be set on a per-user or per-group basis.
stores all information in a Microsoft® SQL Server™ database assigned by the Administrator."
-----------------------------------------------------------------
If you are at a site and your connection icon in your tray starts
blinking unexpectedly just open Active Ports and see what is
accessing the net. It will be in green if connecting and red after,
until Active Port refreshes.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
cconect is used by UK cable companies amongst others to monitor your connection

I use NTL cable and promptly uninstalled it as it causes no end of problems
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
The Pcflank site is useless as it will not test any computer, where the ISP use a transparant proxy server, which is 90% of UK ISPs

Also I hate the pop up ad that takes 5 goes to close it down

Other users have found a great discrepency with results from pcflank being at odds with results from other wellknown online scanners like grc and symantec, and sygate and blackcode

I personaly wouldn't use or trust pcflank for those reasons
 
B

Balzac

"The Pcflank site is useless as it will not test any computer, where the ISP use a transparant proxy server, which is 90% of UK ISPs"

Nor will any of the other online port scanners. If you're using a transparent caching proxy that's what's being tested

I don't get pop ups

grc and symantec do a limited port scan and will not work behind a transparent proxy. They will work, they're just testing the proxy.

PcFlank does an extensive scan

Under advanced port scanning you have the option to scan just the ports you tell it to or known trojan ports. It also does TCP syn scanning with the same ability to scan individual ports or known trojan ports

You make your choice brethren.

Some others to choose from:

http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck
http://www.dslreports.com/scan
http://www.hackerwhacker.com
http://www.mycgiserver.com/~kalish
http://www.securitymetrics.com/portscan.adp
http://www.auditmypc.com
 
B

Balzac

Alright I tested Pcflank with various 'transparent' proxies and it gives the proxies ip.....and it's ready to test. If I include a X-Forwarded-For Header it balks. That's what your proxy must be doing.

The only one I found that finds your true Ip is
http://www.dslreports.com/scan

which uses a Java applet to get it.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Hi Balzac

Well, I can use GRc or Symantec for quick scans and they both definitely scan my machine cos the firewall tells me it's being scanned

or Blackcode for a more detailed scan

All 3 of these find my Ip and scan my computer, not the proxy server.

I have firewall logs to prove it

If PCflank is so good, why doesn't it

I am sorry, but I just don't trust it
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top