port 1090

[ukboy]

i ran the symantec security port scanner and it sad all my ports were closed apart from 1090 i use zone alarm firewall(free version) is there anyway i could close this port, also i hear the built in firewall in xp puts the computer in stealth mode, is it worth running this aswell, does it take up much memory to keep running?

 

[dvk01]

If you have port 1090 open and are using ZA then you have a trojan, most likely "extreme" or were running real player at the time you tested.

You need to do a complete trojan test with a suitable tester or at least repeat the test with real player not running

and you shouldn't run 2 firewalls at the same time

 

[ukboy]

thanks for the reply, would this port be open if real player was trying to connect to the internet, for updates etc, i cannot find info on this trojan so if you could give me a link for info that would be helpful. tia.

 

[ukboy]

i just ran the symantec trojan and virus scan and the results showed 0 viruses or trojans, so if symantec showed the port as open but no trojans were detected i believe i am safe?

 

[dvk01]

You are never safe with unwanted open ports

prevent realplayer accessing the net and run the security scan again at symantec. if it shows closed ports then real player is the culprit and you don't need to worry. if it still shows open then find a good trojan scanner, not an antivirus like norton but some thing like the cleaner from moosooft, that just targets trojans

 

[flawed_cat]

A little freeware, "Active Ports," can be of help in determining
what is opening which port.
http://www.protect-me.com/freeware.html
----------------------------------------------------------
"Active Ports - easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious program. (450Kb)"

 

[ukboy]

thanks, i have downloaded the program and run it here is the list of results so if you dont mind looking through them and checking tey are all legitimate.

 

[flawed_cat]

I'm on 56k. The only thing I don't recognize is CConnect.exe but
the location is given as:
C:\Program Files\CConnect\CConnect.exe

I don't know if that is something you use or if you are on a network or what. Anyhow, I found this info about it:
-------------------------------------------------------------------
"This tool provides a method of tracking concurrent connections of users and monitoring what computers users are logged on to a network. It consists of two components, a client and an administrator.

Con-Current Connection Limiter:

is completely hidden from the end user's view.
keeps track of all computers that users are logged onto.
tracks last known user of the computer.
monitors what logon server users are logging into.
allows concurrent connection limitations to be set on a per-user or per-group basis.
stores all information in a Microsoft® SQL Server™ database assigned by the Administrator."
-----------------------------------------------------------------
If you are at a site and your connection icon in your tray starts
blinking unexpectedly just open Active Ports and see what is
accessing the net. It will be in green if connecting and red after,
until Active Port refreshes.

 

[dvk01]

cconect is used by UK cable companies amongst others to monitor your connection

I use NTL cable and promptly uninstalled it as it causes no end of problems

 

[Balzac]

http://www.dslreports.com/forum/remark,2042572~root=security,1~mode=flat

http://www.rescomp.berkeley.edu/resources/security/articles/hardwin/

and a couple of online port scans you can do:

http://www.pcflank.com/scanner1.htm

http://www.blackcode.com/scan/

 

[dvk01]

The Pcflank site is useless as it will not test any computer, where the ISP use a transparant proxy server, which is 90% of UK ISPs

Also I hate the pop up ad that takes 5 goes to close it down

Other users have found a great discrepency with results from pcflank being at odds with results from other wellknown online scanners like grc and symantec, and sygate and blackcode

I personaly wouldn't use or trust pcflank for those reasons

 

[Balzac]

"The Pcflank site is useless as it will not test any computer, where the ISP use a transparant proxy server, which is 90% of UK ISPs"

Nor will any of the other online port scanners. If you're using a transparent caching proxy that's what's being tested

I don't get pop ups

grc and symantec do a limited port scan and will not work behind a transparent proxy. They will work, they're just testing the proxy.

PcFlank does an extensive scan

Under advanced port scanning you have the option to scan just the ports you tell it to or known trojan ports. It also does TCP syn scanning with the same ability to scan individual ports or known trojan ports

You make your choice brethren.

Some others to choose from:

http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck
http://www.dslreports.com/scan
http://www.hackerwhacker.com
http://www.mycgiserver.com/~kalish
http://www.securitymetrics.com/portscan.adp
http://www.auditmypc.com

 

[Balzac]

Alright I tested Pcflank with various 'transparent' proxies and it gives the proxies ip.....and it's ready to test. If I include a X-Forwarded-For Header it balks. That's what your proxy must be doing.

The only one I found that finds your true Ip is
http://www.dslreports.com/scan

which uses a Java applet to get it.

 

[dvk01]

Hi Balzac

Well, I can use GRc or Symantec for quick scans and they both definitely scan my machine cos the firewall tells me it's being scanned

or Blackcode for a more detailed scan

All 3 of these find my Ip and scan my computer, not the proxy server.

I have firewall logs to prove it

If PCflank is so good, why doesn't it

I am sorry, but I just don't trust it