Announcement

Collapse
No announcement yet.

What uses port 1090?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • What uses port 1090?

    Norton web site tells me it could be used by trojans. ne1?
    TIA

    Tony.
    FT.

  • #2


    1090 tcp Xtreme [trojan] Xtreme
    1090 tcp ff-fms FF Fieldbus Message Specification
    1090 udp ff-fms FF Fieldbus Message Specification

    about the possilble trojan

    Business Email Marketing software solution for Windows ► G-Lock EasyMail7, E-mail Verifier, Email Processor, WPNewsman, SpamCombat. Download for Free Today!
    Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
    Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
    Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

    Comment


    • #3
      Thanks. Just because a port is open, does that mean a trojan is definately there? NAV found nothing.

      T.

      PS know of any free s/w to tell? The Glocksoft s/w aint!
      FT.

      Comment


      • #4
        Yes another program could use that port to transport data, but be sure to check if NAV can find this trojan. Can't find much info about this trojan (i'm at work for the moment not at home ) but maybe you could check if you got the file Xtreme.exe on your HD.
        Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
        Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
        Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

        Comment


        • #5
          Thanks KeiFront. Well, that file isn't anywhere to be seen, my virus definitions are up to date, but although the Norton web site warns you about it, it is NOT included in the definitions!
          According to DU Meter, something is leaking data on a regular basis, so I'm starting to shut processes down to see which.

          T.
          FT.

          Comment


          • #6
            well it seems all the traffic was local (!) according to the stats for the WAN side of the router. Phew!. Just need to find the router manual now to Telnet in and close that port.

            Cheers for the advice.

            T.
            FT.

            Comment


            • #7
              Whats with these guys?

              Yesterday they scared the shit out of me. Today, they say:
              "The Symantec Security Check has determined that the Internet Protocol (IP) address used by your computer to connect to the Internet cannot be scanned. This is usually a result of being behind a firewall, proxy server, or using Network Address Translation (NAT) to share IP addresses. Unfortunately we will be unable to run the Network Vulnerability Scan, the NetBIOS Availability Scan, and the Active Trojan Horse Scan on this computer.
              Select Continue to complete the remaining scans that do not need an IP address. "
              FT.

              Comment


              • #8
                At home now

                Scan your computer at this place http://scan.sygatetech.com/pretrojanscan.html it scans for trojans and it can recognize Xtreme. I'm sure it will detect it if your infected .

                You can also try the normal scans http://scan.sygatetech.com/ I like the scans that are listed there, they are easely to understand

                You can also try the scans at http://www.dslreports.com/tools or the scans at shieldsup http://grc.com/default.htm don't like the scans at shieldsup but this is just a personal opinion.

                It's possible that you have to open some ports on your firewall (if you are using one) to be able to scan your computer, be sure to close them again after the scan .
                Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
                Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
                Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

                Comment


                • #9
                  SSL for your web browser defaults to port 1090.

                  Jammrock
                  “Inside every sane person there’s a madman struggling to get out”
                  –The Light Fantastic, Terry Pratchett

                  Comment


                  • #10
                    Doesn't SSL uses port 443 (https)?
                    Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
                    Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
                    Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

                    Comment


                    • #11
                      Thanks for the links, KeiFront!

                      I passed every single test on every single page! no mention of 1090 anywhere! I guess the RT314 is doing its job nicely

                      Thanks again.

                      Tony.
                      FT.

                      Comment


                      • #12
                        Whoa, I just used that link.

                        MY GOD, I HAVE TROJANS!

                        THEY'RE EVERY-****ING-WHERE!

                        I have one on port 25, and another on port 113, and another on port 5000, and another on port 6969, and another on...

                        Oh, wait. Those are my services. Silly ****ing me.

                        MORONS.

                        GRC's Shields Up is even worse - it doesn't even SEE the open ports!

                        - Gurm
                        The Internet - where men are men, women are men, and teenage girls are FBI agents!

                        I'm the least you could do
                        If only life were as easy as you
                        I'm the least you could do, oh yeah
                        If only life were as easy as you
                        I would still get screwed

                        Comment


                        • #13
                          well that first link was reasonably good for the fact that it could detect open ports just found out that I forgot to take out finger and telnet service. But as you said it's silly that it doesn't take into account that you might have services running on those ports completely intentional

                          Comment


                          • #14
                            Gee Gurm ... aren't you worried about the service on port 6969? Sounds like it goes down a lot.
                            <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>

                            Comment


                            • #15
                              it's port 9696 that ya have to be worried about!
                              "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

                              "Always do good. It will gratify some and astonish the rest." ~Mark Twain

                              Comment

                              Working...
                              X