I've got something on my system, listening all the time. But I can't isolate it. I've run every trojan horse finder that I know of. And everything comes back clean.

The NETSTAT entry is always something like:

TCP 0.0.0.0:20580 0.0.0.0:0 LISTENING

with no corresponding UDP entry. And the port number changes with every reboot -- always to a port number that's not among any of the commonly-known ports that trojans are notorius for using.

I've isolated it with my firewall, so no one can talk to it. And it never seems to reach out to phone home.

But I can't figure out what it is. Anyone have any ideas?

I should add... this isn't on a server. It's on my Windows desktop machine.

try this nifty trick

this is how I find key loggers in win



win platform :

run disk cleanup get rid of everything

then

go into explore
make sure you have view all files including hidden files turned on

then
click the
find all files
advance search option
updated modified within that last 1 day

look for something that would be related to the last 2 hours of your working also you might want to snap shot it, then surf, create a new hotmail account, enter it. then log off the interent and compare snap shots.

not easy but highly effective to find the correct file that is playing a game.

Mike

Try this little util, ActivePorts, will tell you more info about the process occupying the port:

http://www.protect-me.com/freeware.html

If the port number is changing it is a trojan.

If it's isolated by a firewall (software I'm asumming) then it shouldn't be a real problem.

The only trojan I am familar w/ that has random port generation is Sub7...

I would update your Anti-Virus software and search for a Sub7 removal tool.