Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 7:54pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   TCP Port 1207 (SoftWAR.100)		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: TCP Port 1207 (SoftWAR.100)  (Read 470 times)
Chuck
 Guest

Email
TCP Port 1207 (SoftWAR.100)
« on: Aug 20th, 2003, 7:28pm »		 Quote Quote  Modify Modify   Remove Remove
After running a scan on my XP Pro box (eight-port LAN, Linksys router, ZA Basic, NAV, Spybot S&D, Ad-Aware), which was just cleanly installed last week, TH Guard indicated that TCP port 1207 was open/listening. TH Guard also indicated that this was suspected trojan 'SoftWAR.100'. I confirmed that TCP port 1207 was listening, then killed the connection. After putting in an alert for this port in TH Guard, I added a filter in the router to block this port. It was still showing up via the netstat viewer in TH Guard, however. I ran a scan with HijackThis, XCleaner, and Spybot S&D, then rebooted. Since then, I have not seen an instance of TCP port 1207.
 
I would appreciate any information the group can provide to me about this port.
 
Thanks,
 
Chuck
IP Logged
acheton
Original Gangster
******





   


Gender: male
 Posts: 1162
Re: TCP Port 1207 (SoftWAR.100)
« Reply #1 on: Aug 20th, 2003, 9:00pm »		 Quote Quote  Modify Modify
Hi Chuck,
 
This thread might help out with some information about these type of warnings:
 
http://www.misec.net/forum/?board=TrojanHunter;action=display;num=103823 2097
 
Larry also asked a similar question earlier today:
 
http://www.misec.net/forum/?board=TrojanHunter;action=display;num=105469 8623;start=60#60
(You'll need to scroll down to the bottom of the thread though)
 
I hope these help. Smiley
 
Ach  
IP Logged
"What success a man builds from his gifting can be destoyed in a moment because of his character."
Chuck Fraley
 Guest

Email
Re: TCP Port 1207 (SoftWAR.100)
« Reply #2 on: Aug 21st, 2003, 5:12pm »		 Quote Quote  Modify Modify   Remove Remove
Thanks for the info, Ach. I have since confirmed that source TCP port 1207 is tied to a user opening a web page here (port 80). I blocked this port at the gateway, and set up an alert with my FW logging program. When two alerts went off this morning, I physically looked to see what the users were doing, and they were simply in Yahoo. Anyway, better to be safe than sorry.
 
Thanks again.
 
Chuck
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register