Results 1 to 6 of 6

Thread: Blocking All Ports

  1. #1
    egib Guest

    Default Blocking All Ports

    Hello,








    I need help please! My ZA keeps finding a trojan that is using an unsecured port (from what the "more info" button tells me). The trojan is "fujack" and it says it can basically rape my pc and bypass ZA.
    I am having two problems. First,
    my ZA won't run the spyware scan. This usually lasts a few days. Then when it does run it finds the "fujack".
    My second problem is that I don't know how to find the port that it is using to get in. How do I find All of the ports (TCP,UDP,and any others) that need to be blocked? Any help will be much appreciated.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Blocking All Ports

    if you have a trojan, it is not trying to get in. it si already in the PC.

    Open the Run and type in command. OK it. In the command type this netsta -ano and hit the Enter key. Listed will be the local and remote addreses and the ports used by the addresses. But more importantly the PID. Now doubleclick the task bar. Select the task Manager. Select the Process tab. Select the View in the toolbar. Click the Select Columns. Select the PID (Process Identifier) and OK. Select the PID column and cross match the PID of the netstat -ano listing in the Command to the PID of the Task Manager. The trojan maybe seen and the exact port is now observeable.
    But there is hard and fast rule that the trojan will use the same port(s). It could easily change the ports as it wishes.

    I could mention that the ZA AntiSpy and Antivirus should be done in the Safe Mode. This may allow for the trojan to be removed. But from my quick look for fujack, it appears to be a worm or virus.

    Do this: Open the IE and go the sites and do an online scan. Please be sure to turn off the resident antivirus when the site is reacdhed and before the on line scans are started.

    First this one:

    http://www.ewido.net/en/onlinescan/

    amd then this one:

    http://www.bitdefender.com/scan8/ie.html

    Please use the IE since these use ActiveX- active X and all content from these two sites must be allowed in the Privacy of the ZA. Both of these online scanners are very good and they will remove malware, not just detect and inform you of malware.


    Then download these freeware and update and scan:

    http://www.lavasoftusa.com/products/...e_personal.php

    http://www.emsisoft.com/en/software/free/

    http://www.superantispyware.com/

    Now go into the safe mode and scan with these three freeware applications and with both the AV and the AS of the ZA. Reboot and disable the System Restore of the Windows. Now rescan once again with all installed scanners and once again with the online scanners.

    Hope this helps.

    Oldsod
    Best regards.
    oldsod

  3. #3
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Blocking All Ports

    You should also search the web sites of antivirus companies (Kasperski, Trend, Symantec and McAfee) as well as doing a Google search. They often provide removal instructions although instructions are tailored to their own products.

    eg Here is Trend's description of the worm http://www.trendmicro.com/vinfo/viru...37;2EE&VSect=P

    It's well worth clicking the "PE_FUJACKS: Jacking Up to the Times." link in the Description box!

  4. #4
    egib Guest

    Default Re: Blocking All Ports

    Ok, thank you both. I think I have fixed my problem (with your help). I guess I can only wait and see. All of the sites and scans you've recommended have found nothing and I can once again run my ZA spyware. Thank you.

  5. #5
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Blocking All Ports

    If you relly want to monitor the Internet traffic, the program advised by Guru Oldsod should have been "netstat" (not netsta). However there are some excellent GUI front ends for Netstat.

    Try using either TCPView from Sysinternals, or CurrPorts from NirSoft.

    If you are running XP Pro or W2K, you need to run them with Administrator privileges. They will show all current internet connections and if you run under Administrator, it will tell you which program is connecting or listening on each port.

  6. #6
    egib Guest

    Default Re: Blocking All Ports

    The TCPView program is just what I was looking for. Very handy, Thanks again!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •