Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TCP port 445

This is the place for general discussions - we are a family site - no bad language, no flames.
A Moderators word is final.

TCP port 445

Unread postby earo » December 9th, 2006, 11:11 am

suspicious that I had a virus(It is slow and ie browser taking time to open this should not be the case because I'm using vaio vgn s5vp and I don't have much on it) in my system, I used HJT, Avg with my pc on safe mode and ran online Kaspersky scan and still found nulla. I got System Info for Windows Ver 1.65 and found a hidden running process naming it's self System with 4PIDs.
this was sitting on port 445 microsoft-ds, 139netbios-ssn,137netbios-ns and 138 netbios-dgm. it's properties are nkrnlpa.exe+0x1ac528.
It's behavior looks suspicious looking at what is going out through those ports. should I be concerned, I have nothing important on this partition. which tools can I use to pinpoint the problem. I have tried regseeker but knocks off my pc everytime I lookup nkrnlpa.exe registory and an error massage pops up.
earo
Active Member
 
Posts: 3
Joined: December 8th, 2006, 5:29 pm
Advertisement
Register to Remove

Unread postby Vino Rosso » December 9th, 2006, 12:29 pm

You may have already read up on >port 445<. As the Shields Up site advises, you do NOT want port 445 exposed to the Internet and any NAT router or personal firewall should be able to block port 445 from the outside world without trouble.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

port 445 microsoft-ds

Unread postby earo » December 9th, 2006, 8:35 pm

true, but my concerned is to track the source. perhaps rootout the probem. tell me if I am naive?
somehow closing the ports does make me feel safe, this was not a philosophical question and u gave a good advice Vino Rosso thanx. ye I read about port 445 and I feel sometimes offence is the best defence. correct me if I'm wrong.
earo
Active Member
 
Posts: 3
Joined: December 8th, 2006, 5:29 pm

Unread postby Vino Rosso » December 9th, 2006, 9:21 pm

Does your firewall log provide any detailed information?
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

port 445 microsoft-ds

Unread postby earo » December 10th, 2006, 5:25 am

no, I am using Kaspersky internet security 6.0.
earo
Active Member
 
Posts: 3
Joined: December 8th, 2006, 5:29 pm

Unread postby GS2 » December 10th, 2006, 8:57 pm

If you want to monitor network traffic, try this program:

http://www.ethereal.com/

Have a good read how to understand its logs, and how to use it. It is cost free, open source, :)
User avatar
GS2
Regular Member
 
Posts: 964
Joined: February 17th, 2006, 8:34 pm
Location: Bedfordshire

Unread postby Bill_Castner » December 16th, 2006, 7:32 pm

Make sure that the Windows Messenger service is stopped, and its startup desposition set to disabled. You can use the Services applet for this chore.

Other than that, what you are looking at is the Windows kernel. It needs TCP and UDP 135, 136, 137, 139 and 445 for Netbios name resolution with Windows Networking, and 445 for RPC calls.

. Disable Windows File and Printer sharing if not used. The selection box is under Network Connections, your existing LAN or Wireless connection, right-click, Properties.

. Windows Messenger service has nothing to do with the Messenger IM client. Under SP2 its default status should be set to disabled.

. It is fine if Windows Networking sits on these ports for internal traffic. It is not fine if it sits on these ports for WAN side traffic. The default XP firewall would have made the appropriate choices. Check your firewall settings and block any non-LAN local subnet traffic on the effected ports.

(Your kernel choices are HAL dependent and made during installation. Ntoskrnl.exe will either be the single processor example, as in your case, or the multiple processor version. The latter would appear as ntoskrnmpa).
Bill_Castner
MicroSoft MVP
 
Posts: 202
Joined: December 11th, 2006, 3:47 am
Location: Chevy Chase, MD

Re: TCP port 445

Unread postby imbeady2 » May 17th, 2008, 6:18 am

:? OT query

Detail for member Bill Castner says:-

Joined: Mon 11 Dec, 2006 7:47 am
Posts: 202
Location: Chevy Chase, MD


I can only find one post - this one!

Where have all the others gone please? TIA

Dave
imbeady2
Active Member
 
Posts: 2
Joined: May 17th, 2008, 5:37 am

Re: TCP port 445

Unread postby Axephilic » May 17th, 2008, 1:51 pm

All of his other post are within the hidden university rooms that normal members don't have access to. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: TCP port 445

Unread postby imbeady2 » May 17th, 2008, 2:07 pm

EagleAmerican wrote:All of his other post are within the hidden university rooms that normal members don't have access to. :)

:shock: Why is that? Is there something to hide :?

Dave
imbeady2
Active Member
 
Posts: 2
Joined: May 17th, 2008, 5:37 am

Re: TCP port 445

Unread postby Axephilic » May 17th, 2008, 2:18 pm

http://www.malwareremoval.com/university.php

Everything inside the university is for trainees and staff and would just confuse a normal user and could even be dangerous to them. If you would like to learn to help victims of malware, you can apply by clicking the link up top. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove


Return to General Discussions



Who is online

Users browsing this forum: No registered users and 2 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware