An ongoing NETbios attempt on port 139!!!

  • Thread starter Thread starter James Padolsey
  • Start date Start date
J

James Padolsey

I have zone alarm pro installed as my firewall and it has been
repeatedly blocking netbios requests on port 139 from an IP address
which i know to be a computer on my network.

I cannot think of anything on that computer to be executing these
requests other than a virus. I have done a virus scan with norton and
nothing was found!
 
James said:
I have zone alarm pro installed as my firewall and it has been
repeatedly blocking netbios requests on port 139 from an IP address
which i know to be a computer on my network.

I cannot think of anything on that computer to be executing these
requests other than a virus. I have done a virus scan with norton and
nothing was found!
Click to expand...

Are you behind a hardware firewall in your router by any chance also?
 
James said:
I have zone alarm pro installed as my firewall and it has been
repeatedly blocking netbios requests on port 139 from an IP address
which i know to be a computer on my network.

I cannot think of anything on that computer to be executing these
requests other than a virus. I have done a virus scan with norton and
nothing was found!
Click to expand...
There are several Trojans that use this port. Some Trojans cannot be
found with Norton Antivirus (no single AV product finds all threats).
Also, some Trojans and other malware can disable Antivirus products.
Before scanning for Trojans, etc., turn off System Restore and restart
the computer in Safe Mode (just reboot and keep pressing the F8 key.
This is the easiest way to make sure the malware isn't running while you
are scanning.

Even if you don't find anything on the scan, there is still a way to
find the culprit. Use MSCONFIG (start, run, 'msconfig') to turn off all
startup programs. Then restart the machine. If there are no pings on
port 139, chances are one of the startup programs is the malware. Enable
one at a time and restart. When the pings start up again, you will know
that the last thing you enabled was the malware. An Internet search on
the filename should turn up the name of the bogey, and provide clues on
how to remove it.
 
Back
Top