Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:09am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Port Alert Problems		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Port Alert Problems  (Read 129 times)
kylesplanet
Newbie
*





   


Posts: 4
Port Alert Problems
« on: Apr 14th, 2008, 1:07pm »		 Quote Quote  Modify Modify
I ran a TH scan and have several (5) port alerts. I have done everything in the FAQ section but I still don't know how to fix the issue.  
The port is 50005/TCP and it matches the following:
FLamersBackdoor.250
FLamersBackdoor.260
InCommand.171
Infector.180
Starline.200
 
All of these are listed in the trojans list but the scanner does not pick them up. I have scanned with my AV (Bitdefender) and two remotes to no avail.  Huh (Kaspersky and Panda)
 
I am running Windows Vista Home Premium
I think my TH version is 4
Again, I have tried all of the FAQ suggestions
I do not run any IM programs at all
I also used the Norton removal tool from a previous install.
 
Thanks in advance for any help, I appreciate it a lot.
EDIT: I updated to TH ver 5
« Last Edit: Apr 14th, 2008, 2:20pm by kylesplanet » IP Logged
kylesplanet
Newbie
*





   


Posts: 4
Re: Port Alert Problems
« Reply #1 on: Apr 14th, 2008, 3:14pm »		 Quote Quote  Modify Modify
Here is my HJT log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:31 PM, on 4/14/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:  
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mystery_solitaire/SpinTopGamesLaunc her.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://comcast.oberon-media.com/online2/luxor/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.royalvegas.com/royalvegas/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www2.driveragent.com/files/driveragent.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjong_escape_ancient/PTGameLaunch er.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
 
--
End of file - 8948 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Port Alert Problems
« Reply #2 on: Apr 14th, 2008, 4:12pm »		 Quote Quote  Modify Modify
Welcome to the forum Kylesplanet  Cheesy
 
There is nothing malicious showing up in your HJT scan log.
 
Please go to the link below and download/install TCPView.  Then run it and it should show you what program has Port 50005 open.  
 
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
 
Please post back here the name of the program that has 50005 open.  If you do not recognize the program, we'll go from there.  (I suspect it is PowerDVD that has the port open.)
 
Also your Java plug-in is out-of-date.  Please go to the link below and update Java to obtain its latest security fixes.
 
http://www.java.com
 
When you have the Java update installed, remove all older versions of Java via Control Panel>Programs and Features.  Unfortunately, Java does not automatically remove its older versions.  
 
« Last Edit: Apr 14th, 2008, 4:14pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
kylesplanet
Newbie
*





   


Posts: 4
Re: Port Alert Problems
« Reply #3 on: Apr 14th, 2008, 4:20pm »		 Quote Quote  Modify Modify
Here is what TCPView is showing me:
BTW, thank you so much!
 
AppleMobileDeviceService.exe:1892TCP127.0.0.1:270150.0.0.0:0LISTENING
AppleMobileDeviceService.exe:1892TCP127.0.0.1:27015127.0.0.1:49157ESTABL ISHED
iexplore.exe:3052UDP127.0.0.1:52477*:*
iTunesHelper.exe:3528TCP127.0.0.1:49157127.0.0.1:27015ESTABLISHED
lsass.exe:684TCP0.0.0.0:500040.0.0.0:0LISTENING
nSvcIp.exe:740UDP0.0.0.0:623*:*
nSvcIp.exe:740UDP0.0.0.0:664*:*
services.exe:672TCP0.0.0.0:500050.0.0.0:0LISTENING
sidebar.exe:2228UDP127.0.0.1:62958*:*
sidebar.exe:3544UDP127.0.0.1:64524*:*
svchost.exe:1008TCP0.0.0.0:500010.0.0.0:0LISTENING
svchost.exe:1048TCP0.0.0.0:500030.0.0.0:0LISTENING
svchost.exe:1048UDP0.0.0.0:500*:*
svchost.exe:1048UDP0.0.0.0:4500*:*
svchost.exe:1048UDP127.0.0.1:64523*:*
svchost.exe:1048UDPV6[0:0:0:0:0:0:0:0]:500*:*
svchost.exe:1248TCP0.0.0.0:500020.0.0.0:0LISTENING
svchost.exe:1248UDP0.0.0.0:123*:*
svchost.exe:1248UDP127.0.0.1:1900*:*
svchost.exe:1248UDP192.168.0.159:1900*:*
svchost.exe:1248UDP0.0.0.0:3702*:*
svchost.exe:1248UDP0.0.0.0:3702*:*
svchost.exe:1248UDP192.168.0.159:50339*:*
svchost.exe:1248UDP127.0.0.1:50340*:*
svchost.exe:1248UDP0.0.0.0:59958*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:0]:123*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:1]:1900*:*
svchost.exe:1248UDPV6[fe80:0:0:0:14b2:1aa6:3f57:ff60]:1900*:*
svchost.exe:1248UDPV6[fe80:0:0:0:411c:9ce7:b6ce:df33]:1900*:*
svchost.exe:1248UDPV6[fe80:0:0:0:bc70:f65a:3f27:351d]:1900*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:0]:3702*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:0]:3702*:*
svchost.exe:1248UDPV6[fe80:0:0:0:bc70:f65a:3f27:351d]:50335*:*
svchost.exe:1248UDPV6[fe80:0:0:0:411c:9ce7:b6ce:df33]:50336*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:1]:50337*:*
svchost.exe:1248UDPV6[fe80:0:0:0:14b2:1aa6:3f57:ff60]:50338*:*
svchost.exe:1248UDPV6[0:0:0:0:0:0:0:0]:59959*:*
svchost.exe:1420UDP0.0.0.0:5355*:*
svchost.exe:1420UDPV6[0:0:0:0:0:0:0:0]:5355*:*
svchost.exe:908TCP0.0.0.0:1350.0.0.0:0LISTENING
System:4TCP192.168.0.159:1390.0.0.0:0LISTENING
System:4UDP192.168.0.159:137*:*
System:4UDP192.168.0.159:138*:*
wininit.exe:616TCP0.0.0.0:500000.0.0.0:0LISTENING
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Port Alert Problems
« Reply #4 on: Apr 14th, 2008, 4:32pm »		 Quote Quote  Modify Modify
Okay, it is services.exe that has port 50005 open.  This is a valid Microsoft program.  I'm not sure why it has the port 50005 open.  My Vista Business shows Services.exe using port 49160; however, it's nothing to worry about.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
kylesplanet
Newbie
*





   


Posts: 4
Re: Port Alert Problems
« Reply #5 on: Apr 14th, 2008, 4:47pm »		 Quote Quote  Modify Modify
Thank you so much siliconman! I have had TH for a few years and I will never own a computer it is not installed on. You guys have helped me via email before and your second to none! Wink
Thanks again!
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Port Alert Problems
« Reply #6 on: Apr 14th, 2008, 5:04pm »		 Quote Quote  Modify Modify
You are very welcome.   Cheesy
 
And thank YOU for your continued support.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register