1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Translation needed

Discussion in 'Bits & Bytes' started by Robert Harris, Dec 15, 2002.

  1. Robert Harris

    Robert Harris Passed Away Aug. 19, 2006

    On the recommendation of someone here I installed Trojan Hunter and ran it. Got this finding:

    Port scan
    Port 4444/TCP is open (matches AlexTrojan.200)
    Port 4444/TCP is open (matches Avone.200)
    Port 4444/TCP is open (matches Crackdown.100)
    Port 4444/TCP is open (matches Messo.100)
    Port 4444/TCP is open (matches SwiftRemote.106
    1) What does this mean?

    2) Now what do I do about it, if anything?
  2. Sunriser13

    Sunriser13 Knee Deep in Paradise

    Basically, Robert, all it means is that the port is open, and it's telling you the names of some of the trojans that are known to prefer this port.

    Do you have the port open for any particular reason, or would you prefer it be closed; and do you use a firewall and/or a router?
  3. Techie2000

    Techie2000 The crowd would sing:

    1. You might have a trojan if this port isn't open for another reason...
    2. Someone can access your computer, all the files, and see everything you type
    3. Disconnect the computer from the internet if you can so that it can't broadbast information anymore
    4. Get some type of trojan cleaner. I don't care which one as long as it cleans the trojan for you.
    5. If you can identify what process in the background is the trojan by doing a CTRL-ALT-DEL you might be able to disable it manually...
    6. Also the msconfig tool will list everything that is starting up, if you can identify it this way, disable it, reboot, and see what happens...
  4. Sunriser13

    Sunriser13 Knee Deep in Paradise

    Not necessarily, Techie. Just because a port is open does not always mean it is actively in use by a Trojan.

    Robert, here is a link to the Trojan Hunter forum regarding port alerts:
    Read this if you wonder about port alerts

    *Edit: I can't seem to fix the appearance of the link, but it goes where it's supposed to... :huh:
  5. Techie2000

    Techie2000 The crowd would sing:

    I said might, but generally I figure its better to be safe than sorry and follow those steps unless you have a program running that you know uses that port...:)
  6. jamming

    jamming Banned

    Sometimes your Browser assign ports temporarily, easiest way is to close all your browsers first, reopen them, then wait a couple of minutes and run Trojan_Hunter again. If the port is still open then you might have another program keeping it open.
  7. claire

    claire Registered User

    Here's what Sunriser13 pointed to

    TrojanHunter's port checker gathers a list of open ports on your system, and then compares that list to known trojan ports (as specified by the port rules). The port checker is only an indication that you have a port open on your system with a port number that matches the one used by a trojan. There are many other common reasons why ports can be open, especially if the port number is low (say under 1500). If you were using a web browser at the time TrojanHunter gave you an alert about an open port, try closing it down and then running a scan again after waiting a few minutes. In general, it is a safe bet that unless you get a consistent port alerts between reboots, you don't have a trojan on your system.

    I hope that in the meantime your problem is solved


    I you want to check your ports(open,closed or stealthed)
    you can use www.pcflank.com to test your ports
  8. Robert Harris

    Robert Harris Passed Away Aug. 19, 2006

    OK. Lots of information. Thanks, folks. Glad we have people arounjd who know more than I do.

    "...follow those steps unless you have a program running that you know uses that port."

    Did some digging and dcovered that I do have a program that uses that port as a proxxy. Port 4444 is used by AdSubtract, a program that filters out all sorts of web crap -- ads, pop-ups, background music and pictures, etc. Also allows deleting cookies. It loads at boot, so it always is available when I connect to the web.

    I always get the message about open ports if I scan while AdSubtract is loaded, whether or not the browser is loaded or I am connected to the net. I closed down AdSubtract and ran the scan again and did not get a message about open ports. So I guess it is the culprit.

    I always run Zone Alarm when using my browser. Isn't that supposed to keep things out unless I authorize them to be accepted?

    A full scan with Trojan Hunter did not find any trojans in memory, files, etc. (I have the latest updated definitons, etc.)
    Does this all mean that I need not worry? (I hope. :))
  9. ethics

    ethics Pomp-Dumpster Staff Member

    Wow Bob, I AM impressed!

    Way to go!!!

    ZAP works this way. If you DO acquire a nasty (trojan, worm, some porn crap, etc...) and they try to "dial out" or seep out information from your PC to the cyberworld, ZAP will prompt you if you want "so and so program" to access the Internet. If you say no, it will not allow that program to go out.

    And it certainly looks like you are clean. Great detective work there, buddy. :)
  10. Robert Harris

    Robert Harris Passed Away Aug. 19, 2006

    ZAP? Awwwww. More software I need?
  11. ethics

    ethics Pomp-Dumpster Staff Member

    ZAP - short for Zone Alarm Pro
  12. Coot

    Coot Passed Away January 7, 2010

    Some of the latest trojans actually disable the software firewall and have their way with your system anyhow. That's why it is best to keep the little buggers out regardless.
  13. Robert Harris

    Robert Harris Passed Away Aug. 19, 2006

    Ah. I have been using the freebie, since I am cheap. Is it worth upgrading to the Pro version?
  14. ethics

    ethics Pomp-Dumpster Staff Member

    For the stuff I do, Bob, yes, I think the free version does a good enough job though.
  15. Techie2000

    Techie2000 The crowd would sing:

    Generally I don't think it will block anything going to localhost, but if it does, you probably already authorized it anyways and forgot about it. Although many people like and use ZoneAlarm, a nice alternative is Kerio Personal Firewall. I personally have a built-in firewall on my router, so the nasties can't go and foobar my firewall on me...:) Might be something you want to look into...
  16. jamming

    jamming Banned

    Their is also a middle ground Bob, it is called ZA+, it has the same firewall engine as the Pro, same configs but without all the bells and whistles of Pro.
  17. Robert Harris

    Robert Harris Passed Away Aug. 19, 2006

    Thanks guys, one and all. And gals too, of course.

    Seems that some research is needed on my part. When will I have time to do work? :)
  18. claire

    claire Registered User

    Hi Robert,
    If you want a firewall with a small footprint,low in ressource,effective and usable "out-of- the-box"
    you might have a look at LookandStop firewall(not freeware) with enhanced ruleset
    You have a trial version (free for 30 days)

    www.looknstop.com :)
  19. jamming

    jamming Banned

    Though lookand stop is a fine firewall, the company has no know physical real world address, which bother's me some. There are several fine Rules Based Firewalls out there, then there is ZA which works on a different level.
  20. Ravenink

    Ravenink Veteran Member

    best cheap firewall...buy an old 486, toss linux on it, and run ipchains.

Share This Page