Port 4567 name: filenail Open

[Carl]

I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0 files
infected on the disk drives and no viruses detected in memory.

Their Security Scan found only one problem, Port 4567 name: filenail
Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is installed in
the victim's system and the remote attacker has control of the client.
The server attempts to open a port, typically TCP port 4567, to allow
the client system to connect. File Nail could allow a remote attacker
to gain unauthorized access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus program
to determine if the target computer is host to a backdoor program. If
the program detects a backdoor, follow its instructions to disinfect
and repair the computer.

Again: Symantec Virus Detection found no infected files and I ran a
system check with the free version of Avira and it too reported no
problems.

So, in the immortal words of Laurence Olivier in "Marathon Man": "Is
it safe?"

Many thanks,
Carl

 

[Mick Murphy]

Carl, install, update and scan with these 2 Programs to ckeck for
Spyware/Malware.


http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

 

[Leonard Grey]

Symantec doesn't know?

 

[Twayne]

Symantec doesn't know?

He already said Symantec and Avira gave it a no-problem scan.

 

[Twayne]

I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0 files
infected on the disk drives and no viruses detected in memory.

Their Security Scan found only one problem, Port 4567 name: filenail
Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is installed in
the victim's system and the remote attacker has control of the client.
The server attempts to open a port, typically TCP port 4567, to allow
the client system to connect. File Nail could allow a remote attacker
to gain unauthorized access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus program
to determine if the target computer is host to a backdoor program. If
the program detects a backdoor, follow its instructions to disinfect
and repair the computer.

Again: Symantec Virus Detection found no infected files and I ran a
system check with the free version of Avira and it too reported no
problems.

So, in the immortal words of Laurence Olivier in "Marathon Man": "Is
it safe?"

Many thanks,
Carl

Maybe not. Symantec, Avira and the rest of them detect the signatures
of everything they know about. However, spyware, in the form of
trojans, worms, etc., are not detected by virus scanners. Therefore,
it's possible something is still there.
Gather together an arsenal of spyware programs, update them and scan
with those. I usually get decent luck with Adaware (lavasoft.com),
Spybot Search & Destroy (spybot.com I -think-) and Spyware Blaster,
along with running WinPatrol. Ymmv of course, and others have differing
opinions of the "best" spyware removers; there are several of them that
are good ones.
No single spyware program catches everything; each will usually have
strngths in some particular areas but not all; thus it's good to
maintain an arsenal of them for this type of problem.

Until you get it taken care of, you could close that port with your
firewall, whichever one you use. I don't think that will break
anything, but those can be famous last words; if something you use
suddenly stops working you may have to decide whether it's worth it to
take the block off the port.

HTH,

Twayne

 

[Mick Murphy]

"Gather together an arsenal of spyware programs, update them and scan
with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

Read the garbage that you post, lol.

 

[Twayne]

"Gather together an arsenal of spyware programs, update them and scan
with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

You missed WinPatrol, you clueless cryptic and childish dummy. Whenever
you have nothing useful to say I notice you're very good at saying it.
I think your momma's calling you.

 

[Mick Murphy]

The truth about your dumbness, in your own words, really hurts a thin-skinned
buffoon like you.

You can't handle the truth about yourself, written in your own words.
Go and wipe your crybaby eyes in your Mama's apron, you little, ignorant boy.

I was the 1st one to answer the OP, you ignorant dope.

I am getting sick and tired of correcting YOUR mistakes that you are posting
to OPs
Get out of these Newsgroups, and let people that know what the are doing
help here.

 

[Carl]

I am never sure of what the "protocol" is on Lists for thanking folks
who
offer advice. I was brought up to say "Please" and "Thank you" and
that's
what I want to do here.

Thanks to all for all the time and effort that went into your
suggestions.
I have combined them all into one document and will go through them
one
by one. I would have done so sooner but I had a problem with another
computer that took all day yesterday to fix.

For the record, the stats on the computer with the Trojan Horse
problem
are:

MacBook running Mac's Leopard, v 10.5.6
Windows XP Home, SP3 being run on the MacBook courtesy of VMware
Fusion v
2.0.2
I have the Windows firewall activated
I am running Avira's free anti-virus program
I am running Windows Defender
I have a Westell VersaLink327W with custom inbound/outbound firewall
settings I can cut and paste here should they be of interest or use.

I started running Windows/Fusion about 6 months ago and last week was
the
first time that I went to the Symantec online site to run their free
tests.

I'll post back on what my results are as I follow the steps suggested
by
all who responded.

Again, many thanks. Off now to deal with about five inches of snow on
the
driveway and walk.

Carl

 

[Twayne]

Ohh, seems I hit a sore spot. Poor baby! You're losing it flunky; you
must need more naps.

 

[Mick Murphy]

You, upset me!!!??! You'd have to he joking!
I laugh at CRAP like you.
You are just a TROLL that lurks here, giving WRONG information to the OPs.

Look at your answers in security: "do a Repair install to remove a Virus."
That sums up your lack of knowledge about computers; probably everything in
life as well.