Discussion
More specifically how easy is it to close/fiddle with these?
I'm not overly computer savvy, recently I was given secure access to my works server-pick a password then you get an encryption key that changes every 60 seconds. However on logging in I get a message saying a Trojan port was found opened on my PC.
It's a new laptop and I've also tried it on my home built PC. A google shows that this isn't necessarily from me downloading something dodgy but can be that this is picked up on as some manufactures do this to receive updates etc?
I can get one of our IT guys to look at this but they're based at another site some 3 odd hours away so I'm not going to make a special journey until I'm next down there which could be a month or two.
I'm on Windows 8, is this doable for me with instructions? Can anyone provide some or a link?
Cheers
I'm not overly computer savvy, recently I was given secure access to my works server-pick a password then you get an encryption key that changes every 60 seconds. However on logging in I get a message saying a Trojan port was found opened on my PC.
It's a new laptop and I've also tried it on my home built PC. A google shows that this isn't necessarily from me downloading something dodgy but can be that this is picked up on as some manufactures do this to receive updates etc?
I can get one of our IT guys to look at this but they're based at another site some 3 odd hours away so I'm not going to make a special journey until I'm next down there which could be a month or two.
I'm on Windows 8, is this doable for me with instructions? Can anyone provide some or a link?
Cheers
It is possible to get the process information for applications which have sockets open on the system.
Type into a command prompt:
netstat -anb
This will list a few things - for example:
(This is the first few lines of my output).
They're grouped together, so the first line is something like this:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
This means that TCP port 80 (HTTP) is in a listening state - i.e. it's waiting for incoming connections. It's probably the LISTENING sockets which your software is complaining about.
The next line is an error saying it can't get information about this process:
Can not obtain ownership information
This happens to be IIS that I have running, and I'm using my normal user's command prompt, rather than an admin command prompt.
So, the next port that is opened has three lines of information:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP port 135 is in a listening state, using "RpcSs", and this process is started by svchost.exe.
And the next port has only two lines of information:
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
[Skype.exe]
So Skype is using TCP port 443 for listening. This would normally be HTTPS, but since I'm not running an HTTPS server, Skype has taken it over.
So what you need to do s run this and look for anything anomalous - although I suspect this would be a little daunting if you've not done it before, so it might be worth posting the results (but note that your local IP address will be in the list - not normally a problem unless you're on the public internet). Also the process name will be listed, so make sure you don't have the "FreeStreamingGranniesPron" executable running
If you know the process name, you can then use the Windows TaskManager to kill it.
If you've got several executables of the same name running, then you may need to use the process ID instead of process name. "netstat -ano" will show you the process ID instead of executable details:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 904
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 13224
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:664 0.0.0.0:0 LISTENING 1256
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 2168
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1416
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 20408
And from this, you can find out the exact process ID to kill (you'll probably need to enable it in the TaskManager - can't remember what Windows 8 does by default).
Type into a command prompt:
netstat -anb
This will list a few things - for example:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
[Skype.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:664 0.0.0.0:0 LISTENING
[LMS.exe]
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
[mysqld-max-nt.exe]
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
CryptSvc
[svchost.exe]
(This is the first few lines of my output).
They're grouped together, so the first line is something like this:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
This means that TCP port 80 (HTTP) is in a listening state - i.e. it's waiting for incoming connections. It's probably the LISTENING sockets which your software is complaining about.
The next line is an error saying it can't get information about this process:
Can not obtain ownership information
This happens to be IIS that I have running, and I'm using my normal user's command prompt, rather than an admin command prompt.
So, the next port that is opened has three lines of information:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP port 135 is in a listening state, using "RpcSs", and this process is started by svchost.exe.
And the next port has only two lines of information:
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
[Skype.exe]
So Skype is using TCP port 443 for listening. This would normally be HTTPS, but since I'm not running an HTTPS server, Skype has taken it over.
So what you need to do s run this and look for anything anomalous - although I suspect this would be a little daunting if you've not done it before, so it might be worth posting the results (but note that your local IP address will be in the list - not normally a problem unless you're on the public internet). Also the process name will be listed, so make sure you don't have the "FreeStreamingGranniesPron" executable running
If you know the process name, you can then use the Windows TaskManager to kill it.
If you've got several executables of the same name running, then you may need to use the process ID instead of process name. "netstat -ano" will show you the process ID instead of executable details:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 904
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 13224
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:664 0.0.0.0:0 LISTENING 1256
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 2168
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1416
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 20408
And from this, you can find out the exact process ID to kill (you'll probably need to enable it in the TaskManager - can't remember what Windows 8 does by default).
It might be easier to try a "Shields Up" test. It's free.
Go here:
https://www.grc.com/shieldsup
and click "Proceed", then "All Service Ports". Let us know what it says is Open.
Go here:
https://www.grc.com/shieldsup
and click "Proceed", then "All Service Ports". Let us know what it says is Open.
You could try Sysinternals (now microsoft) TCPView. This will list every open port and which process it belongs to as well as detail activity on those ports.
http://technet.microsoft.com/en-us/sysinternals/bb...
http://technet.microsoft.com/en-us/sysinternals/bb...
grumbledoak said:
Well, the good news is you are quite happily behind a working router and/or firewall, so the Internet cannot see you by default. The bad news is you will have to persevere with the other (more techy) ways of listing open ports to find out which it is...
That's good news, just need to figure out how to fix it. My dream of being bale to work form home a few days a week will have to wait until it's sorted 
I bet it's whinging about ports 139 and 445, but on your local lan, I can't see why you would really need to close them off.
You've got p2p running too, on one of the non priv (>1024) ports.
Anyway, run your listening ports through:
https://www.grc.com/port_135.htm
and see if there is anything that you're not expecting.
Does your work software give you any idea which port it is worried by?
You've got p2p running too, on one of the non priv (>1024) ports.
Anyway, run your listening ports through:
https://www.grc.com/port_135.htm
and see if there is anything that you're not expecting.
Does your work software give you any idea which port it is worried by?
No idea what this scarlet thing is! It's a new laptop that I purposefully didn't put anything on as it's going to be used to work from home-plenty of other hardware sitting around for that!
Software doesn't give any idea what it's specifically not liking I've had a bash closing some ports in the firewall.
Software doesn't give any idea what it's specifically not liking I've had a bash closing some ports in the firewall.
grumbledoak said:
I would put 'something' on it:
http://www.malwarebytes.org/mwb-download/
Cool will try it out.http://www.malwarebytes.org/mwb-download/
Tried closing port 135 inbound and outbound and my software is still spitting the dummy.
That found a few nasties on the system.
This is the message I'm getting form the software:
A Trojan Horse is a piece of software which is listening for connections from the internet and is used by hackers to pass information from your computer to the internet. An example would be a key logger which records all your passwords and sends them to a site on the internet.
The ports checked include Telnet, SSH, web server, FTP and SQL server
Please refer to the User Guide for more information.
User guide says:No Trojan Horse ports open for listening, this includes Telnet, SSH, web server, SQL server. A Trojan Horse is a piece of software which is listening for connections from the internet and is used by hackers to pass information from your computer to the internet. An example would be a key logger which records all your passwords and sends them to a site on the internet. See note (1) below.
TLS 1.0 Activated.
The URL in the Trusted sites list.
Admin privileges on your PC to install the cache cleaner and Host checker.
IE configured to allow Active-X controls to be loaded.
ICA Client loaded.
We currently do not check for anti-malware software installed on your PC, but this may be activated in the future. The list of accepted anti-malware software is; Adaware, AOL Spyware, BPS Spyware remover, CA E-trust, McAfee Antispyware, Microsoft Anti- spyware, Pest control, PREVX, SPC Yahoo, Spy Suite, Spyware Be gone, Spyware Doctor, Spyware Blaster, TrendMicro Anti-Spyware, Webroute spysweeper, Yahoo anti spyware.
Note (1): To check you do not have ports open, type in the command “NETSTAT –NA” at a DOS command prompt. If you are having problems, then type in the following command:
NETSTAT –NA >c:\portlist.txt
Well it's got me stumped. Is there a way of closing ALL ports other than I'm assuming one that is required to send/receive info?
This is the message I'm getting form the software:
A Trojan Horse is a piece of software which is listening for connections from the internet and is used by hackers to pass information from your computer to the internet. An example would be a key logger which records all your passwords and sends them to a site on the internet.
The ports checked include Telnet, SSH, web server, FTP and SQL server
Please refer to the User Guide for more information.
User guide says:No Trojan Horse ports open for listening, this includes Telnet, SSH, web server, SQL server. A Trojan Horse is a piece of software which is listening for connections from the internet and is used by hackers to pass information from your computer to the internet. An example would be a key logger which records all your passwords and sends them to a site on the internet. See note (1) below.
TLS 1.0 Activated.
The URL in the Trusted sites list.
Admin privileges on your PC to install the cache cleaner and Host checker.
IE configured to allow Active-X controls to be loaded.
ICA Client loaded.
We currently do not check for anti-malware software installed on your PC, but this may be activated in the future. The list of accepted anti-malware software is; Adaware, AOL Spyware, BPS Spyware remover, CA E-trust, McAfee Antispyware, Microsoft Anti- spyware, Pest control, PREVX, SPC Yahoo, Spy Suite, Spyware Be gone, Spyware Doctor, Spyware Blaster, TrendMicro Anti-Spyware, Webroute spysweeper, Yahoo anti spyware.
Note (1): To check you do not have ports open, type in the command “NETSTAT –NA” at a DOS command prompt. If you are having problems, then type in the following command:
NETSTAT –NA >c:\portlist.txt
Well it's got me stumped. Is there a way of closing ALL ports other than I'm assuming one that is required to send/receive info?
a311 said:
Well it's got me stumped. Is there a way of closing ALL ports other than I'm assuming one that is required to send/receive info?
Installing a software firewall on the machine should do it if it's really the case you have an open port it's bothered about. Sounds as though you're connecting over a VPN? I thought Windows came with a firewall these days, but I'm not a Windows user so can't guide you further there.Is the message appearing on a web page? Are you definitely getting it from somewhere legit, it's not an advert?
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff