1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

port 443

Discussion in 'Virus & Other Malware Removal' started by ctm, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. ctm

    ctm Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    55
    Just recently while doing some research on the internet, I received a message stating that "acpstelth.cih version 2.018 port 443." This message stated that someone was tryng to install spyware onto my computer. Does anybody know anything about this?
     
  2. dr_cool_j

    dr_cool_j

    Joined:
    Feb 14, 2004
    Messages:
    127
    http://grc.com/port_443.htm

    Name:https

    Purpose:http protocol over TLS/SSL

    Description:
    This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception. Moreover, the identity of the remotely connected server can be verified with significant confidence. Web servers offering to accept and establish secure connections listen on this port for connections from web browsers desiring strong communication security.

    Once established, web browsers inform their users of these secured connections by displaying an icon — a padlock, an unbroken key, etc. — in the status region of their window.

    But just in case it spyware or a virus
    go to www.supportcave.com
    run cwshredder
    then run x-cleaner to do a quick spyware scan
    remove any items

    check your computer for virus
    use either the Panda or the Trend online scan
    alos install Trojan Remover 6.2.1
    its a trial version

    after all this download and run
    hijackthis ( also on my site) save to my docs or a download folder

    click scan the save log copy and paste the info here
     
  3. ctm

    ctm Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    55
    Thanks for the information. When I saw this I quickly disconnected for the internet and did a virus and spybot scan. Nothing showed. Does this mean that they did not get the ifnormation through port 443? Was it stopped?

    Thanks
     
  4. dr_cool_j

    dr_cool_j

    Joined:
    Feb 14, 2004
    Messages:
    127
    I would suggest getting a firewall if u dont have one
    like Zonealarm which is free or enable the XP firewall
    not to sure have never seen this before
    just to be sure post your hijackthis log to be sure
    its not some installed software.

    maybe someone else had some input
     
  5. ctm

    ctm Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    55
    I have a firewall and below is my hijack log:

    ogfile of HijackThis v1.97.7
    Scan saved at 8:35:36 PM, on 4/21/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\netDeploy\Launcher\ndserv.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~3\navapw32.exe
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\3MMOUS~1\AmsServe.Exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [EVTERM Run] C:\EVTERM\EVTERM.EXE /EXECUTE
    O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Program Files\Common Files\Microsoft Shared\MAIN.EXE /LASTSCAN
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Anir Mouse] C:\PROGRA~1\3MMOUS~1\AmsServe.Exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.5291319444
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6AD500-561B-409F-ABCF-C022E5C04CD1}: NameServer = 207.172.3.10 207.172.3.11

    thanks
     
  6. dr_cool_j

    dr_cool_j

    Joined:
    Feb 14, 2004
    Messages:
    127
    not sure what this is if unknown remove em
    C:\Program Files\netDeploy\Launcher\ndserv.exe\
    HKLM\..\Run: [EVTERM Run] C:\EVTERM\EVTERM.EXE /EXECUTE

    HKLM\..\Run: [Anir Mouse] C:\PROGRA~1\3MMOUS~1\AmsServe.Exe
    mouse software???

    is this software any good???
    - HKLM\..\Run: [SpyCop ScanCheck] C:\Program Files\Common Files\Microsoft Shared\MAIN.EXE /LASTSCAN

    not needed
    HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
     
  7. ctm

    ctm Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    55
    Thanks for the help. So you do not think any spyware was loaded onto my computer through port 443? Spycop is OK, but spybot is much better.
     
  8. dr_cool_j

    dr_cool_j

    Joined:
    Feb 14, 2004
    Messages:
    127
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222579

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice