Tweet
Norton web site tells me it could be used by trojans. ne1?
TIA
Tony.
TIA
Tony.
-
FT. -
1090 tcp Xtreme [trojan] Xtreme
1090 tcp ff-fms FF Fieldbus Message Specification
1090 udp ff-fms FF Fieldbus Message Specification
about the possilble trojan
Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI -
Thanks. Just because a port is open, does that mean a trojan is definately there? NAV found nothing.
T.
PS know of any free s/w to tell? The Glocksoft s/w aint!FT.Comment
-
Yes another program could use that port to transport data, but be sure to check if NAV can find this trojan. Can't find much info about this trojan (i'm at work for the moment not at home
) but maybe you could check if you got the file Xtreme.exe on your HD.
Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSIComment
-
Thanks KeiFront. Well, that file isn't anywhere to be seen, my virus definitions are up to date, but although the Norton web site warns you about it, it is NOT included in the definitions!
According to DU Meter, something is leaking data on a regular basis, so I'm starting to shut processes down to see which.
T.FT.Comment
-
well it seems all the traffic was local (!) according to the stats for the WAN side of the router. Phew!. Just need to find the router manual now to Telnet in and close that port.
Cheers for the advice.
T.FT.Comment
-
Whats with these guys?
Yesterday they scared the shit out of me. Today, they say:
"The Symantec Security Check has determined that the Internet Protocol (IP) address used by your computer to connect to the Internet cannot be scanned. This is usually a result of being behind a firewall, proxy server, or using Network Address Translation (NAT) to share IP addresses. Unfortunately we will be unable to run the Network Vulnerability Scan, the NetBIOS Availability Scan, and the Active Trojan Horse Scan on this computer.
Select Continue to complete the remaining scans that do not need an IP address. "FT.Comment
-
At home now
Scan your computer at this place http://scan.sygatetech.com/pretrojanscan.html it scans for trojans and it can recognize Xtreme. I'm sure it will detect it if your infected
.
You can also try the normal scans http://scan.sygatetech.com/ I like the scans that are listed there, they are easely to understand
You can also try the scans at http://www.dslreports.com/tools or the scans at shieldsup http://grc.com/default.htm don't like the scans at shieldsup but this is just a personal opinion.
It's possible that you have to open some ports on your firewall (if you are using one) to be able to scan your computer, be sure to close them again after the scan .
Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSIComment
-
SSL for your web browser defaults to port 1090.
Jammrock“Inside every sane person there’s a madman struggling to get outâ€
–The Light Fantastic, Terry PratchettComment
-
Doesn't SSL uses port 443 (https)?Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSIComment
-
Thanks for the links, KeiFront!
I passed every single test on every single page! no mention of 1090 anywhere! I guess the RT314 is doing its job nicely
Thanks again.
Tony.FT.Comment
-
Whoa, I just used that link.
MY GOD, I HAVE TROJANS!
THEY'RE EVERY-****ING-WHERE!
I have one on port 25, and another on port 113, and another on port 5000, and another on port 6969, and another on...
Oh, wait. Those are my services. Silly ****ing me.
MORONS.
GRC's Shields Up is even worse - it doesn't even SEE the open ports!
- GurmThe Internet - where men are men, women are men, and teenage girls are FBI agents!
I'm the least you could do
If only life were as easy as you
I'm the least you could do, oh yeah
If only life were as easy as you
I would still get screwedComment
-
well that first link was reasonably good for the fact that it could detect open ports just found out that I forgot to take out finger and telnet service. But as you said it's silly that it doesn't take into account that you might have services running on those ports completely intentional
Comment
-
Gee Gurm ... aren't you worried about the service on port 6969? Sounds like it goes down a lot.
<TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>Comment
-
it's port 9696 that ya have to be worried about!
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss
"Always do good. It will gratify some and astonish the rest." ~Mark TwainComment
Comment