1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

what should have access to my ports?

Discussion in 'Virus & Other Malware Removal' started by red dead, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. red dead

    red dead Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    17
    i can generate a list of my ports and what has access to them as it stands now, but i am not sure if it would help. programs i guess assorted with various ports on my system.

    it does have some suspicous looking things on, at least they look that way to me.

    any idea what and how to get rid of?

    thnks for any help.

    Common Name

    Master Paradise

    DeepThroat

    Dmsetup

    FC Infector

    RASmin

    Stealth Spy

    Bla, Attack FTP

    Dark Shadow

    DeepThroat

    Silencer

    Doly

    Doly

    Doly

    Doly

    Netspy

    Unused Windows Services Block

    Unused Windows Services Block

    Unused Windows Services Block

    Unused Windows Services Block

    Unused Windows Services Block

    Unused Windows Services Block

    Bla

    RASmin

    Extreme

    Ultor's

    Backdoor/SubSeven

    FTP99CMP

    Shiva Burka

    Spy Sender

    ShockRave

    Backdoor/SubSeven, TransScout

    TransScout, Remote Explorer

    TransScout, Trojan Cow

    TransScout

    TransScout

    TransScout

    TransScout

    Trojan Ripper

    Bugs

    DeepThroat

    Striker

    WinCrash

    Backdoor/SubSeven

    SubSeven 2.1/2.2

    Phinneas Phucker

    WinCrash

    Master Paradise

    DeepThroat

    Portal of Doom

    WinCrash

    SubSeven 2.1/2.2

    Filenail

    Sokets de Trois v1.

    Sokets de Trois v1.

    FireHotcker

    Blade Runner

    Blade Runner

    Blade Runner

    SERV-Me

    BO-Facil

    BO-Facil

    Robo-Hack

    WinCrash

    'The Thing'

    DeepThroat

    DeepThroat

    Backdoor/SubSeven

    Indoctrination

    GateCrasher, Priority

    GateCrasher

    Remote Grab

    Backdoor/SubSeven

    NetMonitor

    NetMonitor

    NetMonitor

    NetMonitor

    NetMonitor

    QaZ

    ICKiller

    Portal of Doom

    Portal of Doom

    Portal of Doom

    Portal of Doom

    iNi Killer

    Portal of Doom

    Portal of Doom

    Acid Shivers

    COMA

    Senna Spy

    Progenic

    GJammer

    Keylogger

    NetBus

    NetBus

    Whack-a-Mole

    Whack-a-Mole

    Whack-a-Mole

    WhackJob

    Senna Spy

    SubSeven DEFCON8 2.1

    NetBus

    GirlFriend

    Proziack

    EvilFTP, UglyFTP

    Donald Dick

    Donald Dick

    Delta Source

    SubSeven 2.1/2.2

    NetSphere

    NetSphere

    NetSphere

    Back Orifice 2000

    Hack 'A' Tack

    Hack 'A' Tack

    Hack 'A' Tack

    Hack 'A' Tack

    Hack 'A' Tack

    Hack 'A' Tack

    Master Paradise

    Master Paradise

    Master Paradise

    Master Paradise

    Master Paradise

    Backdoor/SubSeven

    Back Orifice 2000

    Back Orifice 2000

    DeepThroat
     
  2. red dead

    red dead Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    17
    how do i get rid of them?
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    http://forums.techguy.org/t110854.html

    Post your HijackThis log.

    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  4. red dead

    red dead Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    17
    My HijackThis log is nice and purty clean like,at least for the most part, the things i listed above are somehow attached to my ports, i was wondering how i might find out where and what they are, i also have the port number to which each is attached.

    some of them don't look to nice by the name, and if i could find out what, where, and how to get rid of it might be nice, or they might be harmless, since i have cleaned for spyware and adware and such.

    just to put fears about my HijackThis log to rest here it is.

    Logfile of HijackThis v1.97.7
    Scan saved at 10:36:00 AM, on 4/12/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\AdSubtract\adsub.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Mark Johnson\Desktop\anti crap\HighjackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\copied\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.6413310185
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219362

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice