Guest dos Posted April 8, 2008 Posted April 8, 2008 Hi, i have two local trojan ports open. I found that using LPS program. The ports are 80 and 110. I have winXP firewall and a router. Can i somehow close this two ports only by using xp firewall? Thnx a lot. Quote
Guest Volodymyr M. Shcherbyna Posted April 8, 2008 Posted April 8, 2008 At the initial stage use TCPView http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the name of process, which opened the ports. After this you may de-install or remove applications or put them into black list in XP FireWall -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "dos" <dos@discussions.microsoft.com> wrote in message news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...<span style="color:blue"> > Hi, > i have two local trojan ports open. I found that using LPS program. The > ports are 80 and 110. I have winXP firewall and a router. Can i somehow > close > this two ports only by using xp firewall? > > Thnx a lot. </span> Quote
Guest dos Posted April 8, 2008 Posted April 8, 2008 Thanks for reply. I have licenced copy of port explorer but there, i don't see any mentioned open local ports. Only firefox.exe is using remote port 80, for 110 i'm not sure. Thats strange. "Volodymyr M. Shcherbyna" wrote: <span style="color:blue"> > At the initial stage use TCPView > http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the > name of process, which opened the ports. After this you may de-install or > remove applications or put them into black list in XP FireWall > > -- > V. > This posting is provided "AS IS" with no warranties, and confers no > rights. > "dos" <dos@discussions.microsoft.com> wrote in message > news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...<span style="color:green"> > > Hi, > > i have two local trojan ports open. I found that using LPS program. The > > ports are 80 and 110. I have winXP firewall and a router. Can i somehow > > close > > this two ports only by using xp firewall? > > > > Thnx a lot. </span> > > > </span> Quote
Guest Juergen Nieveler Posted April 8, 2008 Posted April 8, 2008 dos <dos@discussions.microsoft.com> wrote: <span style="color:blue"> > i have two local trojan ports open. I found that using LPS program. > The ports are 80 and 110. I have winXP firewall and a router. Can i > somehow close this two ports only by using xp firewall? </span> a) If it's really a trojan, merely installing a firewall will not help you style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real applications would be too high. I'm willing to bet that those two ports are opened by your virus scanner which is trying to scan your web traffic and email downloads... Juergen Nieveler -- Take my advice, I don't use it anyway. Quote
Guest Tom [Pepper] Willett Posted April 8, 2008 Posted April 8, 2008 Port 110 is for email. "dos" <dos@discussions.microsoft.com> wrote in message news:C8499AC2-1F0D-4CB4-B8D2-FE059CF36196@microsoft.com... : Thanks for reply. : I have licenced copy of port explorer but there, i don't see any mentioned : open local ports. Only firefox.exe is using remote port 80, for 110 i'm not : sure. Thats strange. : : "Volodymyr M. Shcherbyna" wrote: : : > At the initial stage use TCPView : > http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the : > name of process, which opened the ports. After this you may de-install or : > remove applications or put them into black list in XP FireWall : > : > -- : > V. : > This posting is provided "AS IS" with no warranties, and confers no : > rights. : > "dos" <dos@discussions.microsoft.com> wrote in message : > news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com... : > > Hi, : > > i have two local trojan ports open. I found that using LPS program. The : > > ports are 80 and 110. I have winXP firewall and a router. Can i somehow : > > close : > > this two ports only by using xp firewall? : > > : > > Thnx a lot. : > : > : > Quote
Guest Volodymyr M. Shcherbyna Posted April 9, 2008 Posted April 9, 2008 > style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real<span style="color:blue"> > applications would be too high. I'm willing to bet that those two ports > are opened by your virus scanner which is trying to scan your web > traffic and email downloads...</span> I don't think so. This is a stupid approach from the point of view of security software. Antivirus or whatever will try to enumerate all opened ports, this operation is less costly then binding, and listening on some port. Even if the above solution would not be suitable for antivirus, it could always call bind (...) on a specified port., and if it busy, it will get WSAEACCES error . So, as you can, see, there is no need to create a fully functional server to check some port (because listen (...) and accept (...) are not called in this case) -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message news:Xns9A7AE0724445juergennieveler@nieveler.org...<span style="color:blue"> > dos <dos@discussions.microsoft.com> wrote: ><span style="color:green"> >> i have two local trojan ports open. I found that using LPS program. >> The ports are 80 and 110. I have winXP firewall and a router. Can i >> somehow close this two ports only by using xp firewall?</span> > > a) If it's really a trojan, merely installing a firewall will not help > you > > style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real > applications would be too high. I'm willing to bet that those two ports > are opened by your virus scanner which is trying to scan your web > traffic and email downloads... > > Juergen Nieveler > -- > Take my advice, I don't use it anyway. </span> Quote
Guest Volodymyr M. Shcherbyna Posted April 9, 2008 Posted April 9, 2008 BTW, what is the need to open 80 port or 110 to scan the traffic? The traffic which going to be scanned should go to remote IP + remote port. Not the local ones. -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote in message news:eMS3pOhmIHA.3780@TK2MSFTNGP06.phx.gbl...<span style="color:blue"><span style="color:green"> >> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real >> applications would be too high. I'm willing to bet that those two ports >> are opened by your virus scanner which is trying to scan your web >> traffic and email downloads...</span> > > I don't think so. This is a stupid approach from the point of view of > security software. Antivirus or whatever will try to enumerate all opened > ports, this operation is less costly then binding, and listening on some > port. > > Even if the above solution would not be suitable for antivirus, it could > always call bind (...) on a specified port., and if it busy, it will get > WSAEACCES error . So, as you can, see, there is no need to create a fully > functional server to check some port (because listen (...) and accept > (...) are not called in this case) > > > -- > V. > This posting is provided "AS IS" with no warranties, and confers no > rights. > "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message > news:Xns9A7AE0724445juergennieveler@nieveler.org...<span style="color:green"> >> dos <dos@discussions.microsoft.com> wrote: >><span style="color:darkred"> >>> i have two local trojan ports open. I found that using LPS program. >>> The ports are 80 and 110. I have winXP firewall and a router. Can i >>> somehow close this two ports only by using xp firewall?</span> >> >> a) If it's really a trojan, merely installing a firewall will not help >> you >> >> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real >> applications would be too high. I'm willing to bet that those two ports >> are opened by your virus scanner which is trying to scan your web >> traffic and email downloads... >> >> Juergen Nieveler >> -- >> Take my advice, I don't use it anyway.</span> > > </span> Quote
Guest Juergen Nieveler Posted April 9, 2008 Posted April 9, 2008 "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote: <span style="color:blue"> > BTW, what is the need to open 80 port or 110 to scan the traffic? The > traffic which going to be scanned should go to remote IP + remote > port. Not the local ones.</span> AV software often contains built-in proxy servers that open for example localhost:110 and alter the email software settings to route the mail download through the local proxy. Juergen Nieveler -- I'll pass on the dope. The detonation is set for tomorrow which means screws will destruct. Quote
Guest Volodymyr M. Shcherbyna Posted April 9, 2008 Posted April 9, 2008 Yes, this may happen as-well, I agree. -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message news:Xns9A7B6C3A2D7B8juergennieveler@nieveler.org...<span style="color:blue"> > "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote: ><span style="color:green"> >> BTW, what is the need to open 80 port or 110 to scan the traffic? The >> traffic which going to be scanned should go to remote IP + remote >> port. Not the local ones.</span> > > AV software often contains built-in proxy servers that open for example > localhost:110 and alter the email software settings to route the mail > download through the local proxy. > > > Juergen Nieveler > -- > I'll pass on the dope. The detonation is set for tomorrow which means > screws will destruct. </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.