Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

What am I infected with?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby love_aoi » March 7th, 2006, 9:05 am

hmm..its still open.. have no idea what I can do about it..but so far I haven't "experienced" any problems with having the open port though...

thanks :)
love_aoi
Active Member
 
Posts: 12
Joined: February 22nd, 2006, 3:00 pm
Advertisement
Register to Remove

Unread postby Susan528 » March 7th, 2006, 11:34 am

Can you use the following and determine what program is listening or using that port? You should be able to determine that using this below.
http://www.diamondcs.com.au/openports/

Typing "netstat -ab" in the command prompt ought to give you the same result.

Can you determine what program is listening on that port?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby love_aoi » March 7th, 2006, 11:59 am

hmm..."netbios-ssn" isnt the http port right?...what about "microsoft-ds"?

____________________________________________________________

C:\Documents and Settings\love_aoi>netstat -ab

Active Connections

Proto Local Address Foreign Address State PID
TCP aoifutaba:microsoft-ds aoifutaba:0 LISTENING 4
[System]

TCP aoifutaba:netbios-ssn aoifutaba:0 LISTENING 4
[System]

TCP aoifutaba:1151 baym-cs347.msgr.hotmail.com:1863 ESTABLISHED
156
[MsnMsgr.Exe]

UDP aoifutaba:1161 *:* 156
[MsnMsgr.Exe]

UDP aoifutaba:isakmp *:* 576
[lsass.exe]

UDP aoifutaba:4500 *:* 576
[lsass.exe]

UDP aoifutaba:1206 *:* 900
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP aoifutaba:1065 *:* 900
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP aoifutaba:1041 *:* 900
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP aoifutaba:microsoft-ds *:* 4
[System]

UDP aoifutaba:ntp *:* 840
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP aoifutaba:1153 *:* 156
[MsnMsgr.Exe]

UDP aoifutaba:1900 *:* 920
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP aoifutaba:4065 *:* 824
[wmplayer.exe]

UDP aoifutaba:4605 *:* 2660
[iexplore.exe]

UDP aoifutaba:45654 *:* 156
[MsnMsgr.Exe]

UDP aoifutaba:ntp *:* 840
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP aoifutaba:1900 *:* 920
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP aoifutaba:netbios-ns *:* 4
[System]

UDP aoifutaba:discard *:* 156
[MsnMsgr.Exe]

UDP aoifutaba:netbios-dgm *:* 4
[System]
love_aoi
Active Member
 
Posts: 12
Joined: February 22nd, 2006, 3:00 pm

Unread postby Susan528 » March 7th, 2006, 4:09 pm

So it looks like those two ports are open.

I get the those first two also with the microsoft-ds and the netbios-ssn. I think you are fine.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Susan528 » March 7th, 2006, 4:13 pm

Just curious--does http://hackerwatch.org/probe still say Port 80 is unsecured?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby love_aoi » March 8th, 2006, 1:32 am

:) thanks but um..yes i guess...

_______________________________________________________

Secure
21 (FTP)

This port is completely invisible to the outside world.



Secure
23 (Telnet)

This port is completely invisible to the outside world.



Secure
25 (SMTP Mail Server Port)

This port is completely invisible to the outside world.



Secure
79 (Finger)

This port is completely invisible to the outside world.



Open and Unsecure!
80 (HTTP)

If this computer is not supposed to be acting as a web server you should not have this port open.



Secure
110 (POP3 Mail Server Port)

This port is completely invisible to the outside world.



Secure
139 (Net BIOS)

This port is completely invisible to the outside world.



Secure
143 (IMAP)

This port is completely invisible to the outside world.



Secure
443 (HTTPS)

This port is completely invisible to the outside world.
love_aoi
Active Member
 
Posts: 12
Joined: February 22nd, 2006, 3:00 pm

Unread postby Susan528 » March 8th, 2006, 6:39 pm

http://www.pcflank.com/scanner1.htm

I think you will need to start at this page but on the following page
http://www.pcflank.com/scanner_s1.htm
you can specify the port to check. Please verify that port 80 is open.

If your port 80 is open, you might want to double-check with your ISP. I saw where some say the Skype program may cause it to be open. If it is not your ISP, we need to determine what is causing it to be opened.

Please let me know what you find out.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby love_aoi » March 9th, 2006, 2:22 am

:) hi, hmm...the site says they cannot identify my IP address. should I disable my firewall (zonealarm) and try the scan?
love_aoi
Active Member
 
Posts: 12
Joined: February 22nd, 2006, 3:00 pm

Unread postby Susan528 » March 9th, 2006, 3:02 pm

https://www.grc.com/x/ne.dll?bh0bkyd2

Also can you view the following topic? I do not know the answer but maybe your situation is similar.
http://www.malwareremoval.com/forum/viewtop ... 923b5ac6c1
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby love_aoi » March 12th, 2006, 12:25 pm

thanks :) hmm..i think i'll check with my ISP.
love_aoi
Active Member
 
Posts: 12
Joined: February 22nd, 2006, 3:00 pm

Unread postby NonSuch » March 21st, 2006, 3:52 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 558 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware