Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2001
    Napa, California

    Is anybody here a trojan horse expert?

    I've got something on my system, listening all the time. But I can't isolate it. I've run every trojan horse finder that I know of. And everything comes back clean.

    The NETSTAT entry is always something like:


    with no corresponding UDP entry. And the port number changes with every reboot -- always to a port number that's not among any of the commonly-known ports that trojans are notorius for using.

    I've isolated it with my firewall, so no one can talk to it. And it never seems to reach out to phone home.

    But I can't figure out what it is. Anyone have any ideas?

    I should add... this isn't on a server. It's on my Windows desktop machine.
    Gregg L. DesElms

  2. #2
    Join Date
    Dec 2001
    New Jersey
    try this nifty trick

    this is how I find key loggers in win

    win platform :

    run disk cleanup get rid of everything


    go into explore
    make sure you have view all files including hidden files turned on

    click the
    find all files
    advance search option
    updated modified within that last 1 day

    look for something that would be related to the last 2 hours of your working also you might want to snap shot it, then surf, create a new hotmail account, enter it. then log off the interent and compare snap shots.

    not easy but highly effective to find the correct file that is playing a game.

    I am Mike From ADEHOST.Com, Multidomain Windows hosting with Cold Fusion and ASP and Dot.NET Also offering multi-domain Unix hosting. silently, each one should ask, Have I done my daily task. Have I kept my honor bright, can I sleep without guilt tonight. Have I done and have I did, everything, to be prepared. - our motto to maintain services.

  3. #3
    Join Date
    Apr 2002
    Try this little util, ActivePorts, will tell you more info about the process occupying the port:

  4. #4
    Join Date
    Jan 2002
    Atlanta, GA
    If the port number is changing it is a trojan.

    If it's isolated by a firewall (software I'm asumming) then it shouldn't be a real problem.

    The only trojan I am familar w/ that has random port generation is Sub7...

    I would update your Anti-Virus software and search for a Sub7 removal tool.
    char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }main (){void (*f)() = x;f();}
    I wear a gray hat

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts