port 1090

i ran the symantec security port scanner and it sad all my ports were closed apart from 1090 i use zone alarm firewall(free version) is there anyway i could close this port, also i hear the built in firewall in xp puts the computer in stealth mode, is it worth running this aswell, does it take up much memory to keep running?

 

thanks for the reply, would this port be open if real player was trying to connect to the internet, for updates etc, i cannot find info on this trojan so if you could give me a link for info that would be helpful. tia.

 

i just ran the symantec trojan and virus scan and the results showed 0 viruses or trojans, so if symantec showed the port as open but no trojans were detected i believe i am safe?

 

A little freeware, "Active Ports," can be of help in determining
what is opening which port.
http://www.protect-me.com/freeware.html
----------------------------------------------------------
"Active Ports - easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious program. (450Kb)"

 

thanks, i have downloaded the program and run it here is the list of results so if you dont mind looking through them and checking tey are all legitimate.

 

I'm on 56k. The only thing I don't recognize is CConnect.exe but
the location is given as:
C:\Program Files\CConnect\CConnect.exe

I don't know if that is something you use or if you are on a network or what. Anyhow, I found this info about it:
-------------------------------------------------------------------
"This tool provides a method of tracking concurrent connections of users and monitoring what computers users are logged on to a network. It consists of two components, a client and an administrator.

Con-Current Connection Limiter:

is completely hidden from the end user's view.
keeps track of all computers that users are logged onto.
tracks last known user of the computer.
monitors what logon server users are logging into.
allows concurrent connection limitations to be set on a per-user or per-group basis.
stores all information in a Microsoft® SQL Server™ database assigned by the Administrator."
-----------------------------------------------------------------
If you are at a site and your connection icon in your tray starts
blinking unexpectedly just open Active Ports and see what is
accessing the net. It will be in green if connecting and red after,
until Active Port refreshes.

 

http://www.dslreports.com/forum/remark,2042572~root=security,1~mode=flat

http://www.rescomp.berkeley.edu/resources/security/articles/hardwin/

and a couple of online port scans you can do:

http://www.pcflank.com/scanner1.htm

http://www.blackcode.com/scan/

 

"The Pcflank site is useless as it will not test any computer, where the ISP use a transparant proxy server, which is 90% of UK ISPs"

Nor will any of the other online port scanners. If you're using a transparent caching proxy that's what's being tested

I don't get pop ups

grc and symantec do a limited port scan and will not work behind a transparent proxy. They will work, they're just testing the proxy.

PcFlank does an extensive scan

Under advanced port scanning you have the option to scan just the ports you tell it to or known trojan ports. It also does TCP syn scanning with the same ability to scan individual ports or known trojan ports

You make your choice brethren.

Some others to choose from:

http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck
http://www.dslreports.com/scan
http://www.hackerwhacker.com
http://www.mycgiserver.com/~kalish
http://www.securitymetrics.com/portscan.adp
http://www.auditmypc.com

 

Alright I tested Pcflank with various 'transparent' proxies and it gives the proxies ip.....and it's ready to test. If I include a X-Forwarded-For Header it balks. That's what your proxy must be doing.

The only one I found that finds your true Ip is
http://www.dslreports.com/scan

which uses a Java applet to get it.