• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

about msn messenger problem

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 1:23 pm    Post subject: Reply with quote

here ya go. sorry I hope this is everything you need.

Pid Process Port Proto Path
604 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
4 System -> 445 TCP
1328 navapw32 -> 1025 TCP C:\PROGRA~1\NORTON~1\navapw32.exe
4 System -> 1026 TCP
1200 -> 2869 TCP
1256 -> 3001 TCP
628 svchost -> 3002 TCP C:\WINNT\System32\svchost.exe
628 svchost -> 3003 TCP C:\WINNT\System32\svchost.exe
1200 -> 5000 TCP

1256 -> 53 UDP
0 System -> 123 UDP
628 svchost -> 123 UDP C:\WINNT\System32\svchost.exe
604 svchost -> 445 UDP C:\WINNT\system32\svchost.exe
4 System -> 500 UDP
0 System -> 1900 UDP
628 svchost -> 1900 UDP C:\WINNT\System32\svchost.exe
4 System -> 3006 UDP
0 System -> 3007 UDP
0 System -> 3013 UDP
1200 -> 3016 UDP
1200 -> 3087 UDP
1328 navapw32 -> 3090 UDP C:\PROGRA~1\NORTON~1\navapw32.exe
0 System -> 3096 UDP
Back to top
View user's profile Send private message
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Sat Jan 11, 2003 12:15 am    Post subject: Reply with quote

Madeline_13 wrote:
here ya go. sorry I hope this is everything you need.

Pid Process Port Proto Path
604 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
4 System -> 445 TCP
1328 navapw32 -> 1025 TCP C:\PROGRA~1\NORTON~1\navapw32.exe


Ok thoes are on my systesm as well. The navpw32 looks like it's Norton Anti-virus
The ports 135 is netbios (I would recomend that you remove it
I forget what port 1025 is but if I recall correctly its part of the MS messenger
Madeline_13 wrote:
]
4 System -> 1026 TCP
1200 -> 2869 TCP
1256 -> 3001 TCP
628 svchost -> 3002 TCP C:\WINNT\System32\svchost.exe
628 svchost -> 3003 TCP C:\WINNT\System32\svchost.exe
1200 -> 5000 TCP

1256 -> 53 UDP
0 System -> 123 UDP
628 svchost -> 123 UDP C:\WINNT\System32\svchost.exe
604 svchost -> 445 UDP C:\WINNT\system32\svchost.exe
4 System -> 500 UDP
0 System -> 1900 UDP
628 svchost -> 1900 UDP C:\WINNT\System32\svchost.exe
4 System -> 3006 UDP
0 System -> 3007 UDP
0 System -> 3013 UDP
1200 -> 3016 UDP
1200 -> 3087 UDP
1328 navapw32 -> 3090 UDP C:\PROGRA~1\NORTON~1\navapw32.exe
0 System -> 3096 UDP


you have a lot of stuff open.. If you can get a firewall up and running with restrictive rules.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sat Jan 11, 2003 12:28 am    Post subject: Reply with quote

Yeh sorry forgot about this, been too busy Smile

You still seem to have 445 listening?

This is SMB for TCP/IP you can find how to disable this in my document.

And port 135 is hard to close, it's better to firewall it.

What results do you get at the online port scanners?

auditmypc.com etc.

1025 is usually a dynamic loopback as it's the first ephemeral port.

Using tasklist you can match the PID's against the processes for the ouput of netstat -aon.

It would be useful to know what they all are as fport doesn't seem to be showing everything.

5000 is UPnP aswell, that should be the first one to go.

Have you disabled all unneeded services?
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Sat Jan 11, 2003 2:21 am    Post subject: Reply with quote

Port 445 - This is a highly debated area by Microsoft themselves and many others #
# #
# It's uses are discussed here: http://ntsecurity.nu/papers/port445/ #
# #
# Method 1: Steps in Windows 2000 Professional, SP2: (Please read others below before proceeding as this one may prevent #
# #
# DHCP from functioning correctly which most Cable ISPs require and some Other ISPs too)

that's what I am worried about. Also when I did that scan i turned of sygate first. also this - The navpw32 looks like it's Norton Anti-virus
The ports 135 is netbios - i should disbale this how?
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Sat Jan 11, 2003 5:58 pm    Post subject: Reply with quote

i used something called portchecker(by david j stang)...maybe you know. It came up ok. I mean aside from having to close some stuff do I look infected or anything?
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sat Jan 11, 2003 6:21 pm    Post subject: Reply with quote

No you seem to be ok, it seems it was file sharing and you had "Messenger" service enabled.

How did you get on with the online AV scanners?
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Sat Jan 11, 2003 6:21 pm    Post subject: Reply with quote

Madeline_13 wrote:
Didn't have it on before when he did this stuff. He was sending these messages in a gray box(not the normal chat window for the messenger), and he kept saying "this is your ip" to me, which it was but i denied


Ok, since you turned off the file/print sharing, have you got any more of these messages?

Could you describe one of these boxes? that buttons were on it, what did it say, and what was the text in the blue bar at the top of the message.

When you say you denied, what do you mean?

Not really bearing on this situation, but can we just clear something up... Do you connect to the internet with AOL?

Just trying to get a clear picture of what you are seeing.

-J-
Back to top
View user's profile Send private message Send e-mail
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Sun Jan 12, 2003 2:22 pm    Post subject: Reply with quote

no I use cable. This guy got on my msn messenger and i was looking for a colorist and he showed me stuff and I just said " it's cool but won't work for me". Then I told him i had to go logged off went to bed. Next day I came online I didn't turn on messenger. I nevr had it enabled to start when the pc did and I thought you had to selct sign on or whatever and enter your password. Anyway A message came up it had the border of the msn messages but the part where the text normally is was grey like an error window you get ..hmm i dunno if you know what I mean. Netscape gives them sometimes. He was saying turn on msn and stuff like that and he started to get more hostile and type messages in this window that was uneditable. It had a X to close it off but I couldn't type, everything locked up until I hit the X to close it. After I unchecked those 2 areas like I told you in a previous post, it went away but I was worried and a good friend referred me to this site. That's about it. He wrote stuff to my share folder too but when i clicked on that folder sharing was off completely. i dont know what he did or how, and I hope I'm okay. Actually this site is a really great source of info too, so I will check things out. Thanks though everyone for the help. I appreciate it.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register