siliconman01
Global Moderator
Trojans! Chew 'em Up, Spit 'em Out...
Gender: 
Posts: 6729
|
 |
A TH scan issues Port Alert. What to do?
« on: Jan 28th, 2006, 3:10am » |
|
IF, during a Full or Quick scan by TrojanHunter scanner, a Port Alert is issued, the first thing to do is not panic. Following is a recommended systemmatic approach for resolving the Alert concern.
Go to http://www.misec.net/trojanhunter/help/?page=PortAlerts and read the Help file concerning Port Alerts.
In the top menu bar of TrojanHunter scanner-
1. Under View, select Advanced Mode
2. Under Ruleset, select Generate Trojan Port list
This list displays which ports are typically used by known trojans and worms.
In addition, the following URL provides a description of normal port usage on Windows systems and ports that are typically used by various worms and trojans.
http://keir.net/portlist.html
These lists should provide enough info to determine if the suspect port is probably being used by a trusted program on the system.
Go to the link below; download and install TCPView. Run TCPView. It will tell you which programs have specific ports open.
http://www.microsoft.com/technet/sysinternals/utilities/tcpview.mspx
If this "initial investigation" does not resolve the question concerning a specific port alert:
1. Reboot the computer.
2. Using TrojanHunter scanner, select Plugins-Port Checker from the top menu.
This rescan of the ports typically will reveal that the suspect port is no longer open. Probably a trusted program such as AIM was in use or had failed to close the port on program exit.
If the suspect port is still open after reboot, it could be indicative of an infected computer (worm, trojan, or otherwise).
1. Run a FULL scan with TrojanHunter scanner.
2. Run a FULL scan with the resident Anti-Virus program.
If nothing malicious is found/isolated during these scans, run a remote scan of the system using one or more of the remote scanners per this FAQ link:
http://forum.misec.net/board/FAQ/1141894786
If none of the above scans detect anything malicious, create a new POST on this forum concerning the Port Alert. Provide as much info as possible:
- Windows OS
- Version/Build of TrojanHunter being used
- A copy/paste of the alert message from TrojanHunter scanner
- Steps already executed in an effort to resolve.
- List of trusted programs used on system which are Internet enabled- such as Messengers, AIM, VOIP, IRC., etc.
Applies to all versions of TrojanHunter.
|
| « Last Edit: Sep 10th, 2007, 5:04am by siliconman01 » |
 IP Logged |
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
|
|
|
Mischel Internet Security Forum
Notify of replies
Send Topic
Print
Author
Search
Members
Login
Register