J
Julesh
My PC running Windows XP pro has a permanent connection to the internet
via a cable modem (which it shares using ICS) and is protected by the
Bitdefender software firewall and virus scanner which I keep
scrupulously up to date. Every couple of weeks I also run Spybot S&D,
which never finds anything except a few tracking cookies, and use GRC's
ShieldsUp to make sure the firewall is behaving.
Generally ShieldsUp gives me a clean bill of health with all ports
closed and stealthed so I was a bit horrified when I tried this last
night and found ports 23,80 and 1025 (among others)wide open. I've had
no reports from the firewall about unknown processes trying to
communicate and neither netstat or Fport ( a port usuage utility) are
reporting any processes as holding these ports open. I've run a
succession of Trojan detectors this afternoon but all of this have
failed to find the existance any active trojan.
I got a friend to remotely run a portscan on my IP address. He has
confirmed the results from ShieldsUp. He tried a web browser to port 80
on my address and got an error message that seemed to imply there was a
running web server. It also seems that a telnet server is running
although he could not log on to this. I can only presume I have
acquired a Trojan that can stealth itself as there is absolutely no
trace of it using the tools I have. Can anyone suggest where I should
start looking for this?
Thanks
Julesh
via a cable modem (which it shares using ICS) and is protected by the
Bitdefender software firewall and virus scanner which I keep
scrupulously up to date. Every couple of weeks I also run Spybot S&D,
which never finds anything except a few tracking cookies, and use GRC's
ShieldsUp to make sure the firewall is behaving.
Generally ShieldsUp gives me a clean bill of health with all ports
closed and stealthed so I was a bit horrified when I tried this last
night and found ports 23,80 and 1025 (among others)wide open. I've had
no reports from the firewall about unknown processes trying to
communicate and neither netstat or Fport ( a port usuage utility) are
reporting any processes as holding these ports open. I've run a
succession of Trojan detectors this afternoon but all of this have
failed to find the existance any active trojan.
I got a friend to remotely run a portscan on my IP address. He has
confirmed the results from ShieldsUp. He tried a web browser to port 80
on my address and got an error message that seemed to imply there was a
running web server. It also seems that a telnet server is running
although he could not log on to this. I can only presume I have
acquired a Trojan that can stealth itself as there is absolutely no
trace of it using the tools I have. Can anyone suggest where I should
start looking for this?
Thanks
Julesh