malware or attack shutdown my ports
Welcome, Guest. Please login or register. Did you miss your activation email?
Britec Computer Tech Help Support Forums  « Microsoft Support  « Windows XP Support « malware or attack shutdown my ports
Pages: [1]
« previous next »
  Print  
Author Topic: malware or attack shutdown my ports  (Read 899 times)
esmusic
Newbie
*
Posts: 4


View Profile
« on: May 26, 2010, 06:49:57 PM »
Hello,

 exscuse me if a similar topic has been posted....

a Dell dimension 8300 desktop of mine was hit with some type of malware or attack

i can ping but i cannot browse the internet
i can ping yahoo.com

the attack minimized my network services and tcp and udp ports
 netstat shows (see image attached)


myports 2010 list is;

Protocol      State   Local Port   Local IP Address  Remote Port Remote IP address                     Process Path                     Process Name                     


TCP                           SYN_SENT                               1348                      192.168.1.109                                 80                       74.86.125.34          c:\program files\alwil software\avast5\setup\                        avast.setup

TCP                          LISTENING                                139                      192.168.1.109                              36984                            0.0.0.0                                  O                   Operating System

TCP                          LISTENING                               1029                          127.0.0.1                               2080                            0.0.0.0                                  O                            Unknown

TCP                          LISTENING                               1025                            0.0.0.0                              14379                            0.0.0.0               c:\windows\system32\                         LEXPPS.EXE

TCP                          LISTENING                                445                            0.0.0.0                               2240                            0.0.0.0                                  O                   Operating System

TCP                          LISTENING                                135                            0.0.0.0                               8357                            0.0.0.0                                  O                            Unknown

UDP                                N/A                              52228                          7.108.0.0                                  0                            0.0.0.0                                  O              Not an active process

UDP                                N/A                               1024                          0.137.0.0                                138                      192.168.1.109                                  O                   Operating System

UDP                                N/A                              52228                          7.108.0.0                                123                      192.168.1.109               c:\windows\system32\                        svchost.exe

UDP                                N/A                              25604                            4.9.0.0                               1293                          127.0.0.1          c:\program files\common files\dell\eusw\                        Support.exe

UDP                                N/A                              25604                          0.123.0.0                               1032                          127.0.0.1               c:\windows\system32\                        svchost.exe

UDP                                N/A                              39940                           5.52.0.0                               4500                            0.0.0.0               c:\windows\system32\                          lsass.exe

UDP                                N/A                              39940                           4.20.0.0                               1183                            0.0.0.0                                  O                            Unknown

UDP                                N/A                               1024                          1.189.0.0                                500                            0.0.0.0               c:\windows\system32\                          lsass.exe


I have updated the windows xp system to service pack 3
I used winsockxpfix
reset Internet Explorer TCP settings but I am stuck with IE6
I cannot browse with Mozilla FF

is there a way to reset netstat or use default settings?

-JOse
Logged
Britec
Administrator
Hero Member
*****
Posts: 3346



View Profile
« Reply #1 on: May 27, 2010, 01:48:34 AM »
Hi JOse,

Welcome to the forum

1. Because you said you had malware, I think the first thing to do is make sure your system is clean.
what have you done in means of scanning and cleaning?


2. There is a probability it is your firewall that has become reset and is blocking Firefox.
Have you checked your firewall is allowing Firefox to access the Internet (if yes.. remove Firefox from list, also follow links below)
(check these links out)
http://kb.mozillazine.org/Firewalls

3. Check Host file c:\winnt\system32\drivers\etc\hosts

4. Try running Firefox in safemode
run
firefox -safe-mode
and hit ENTER

That will do for now, let me know how you get on.
« Last Edit: May 27, 2010, 09:17:27 AM by Britec » Logged


BJseal91
Hero Member
*****
Posts: 699



View Profile
« Reply #2 on: May 27, 2010, 09:12:03 AM »
Hi JOse,

Welcome to the forum
as you had malware follow what Brian Said you Mentioned you could still ping the the network and get a reply so that suggests that the malware has stoped your internet browser from working try uninstalling it and then reinstalling it and then check it again report any errors on the forum that you get
also

have you refreshed the network yet

this can be done by right clicking on the internet icone and then clicking repair try that as well and let us know how you get on

Bjseal91
« Last Edit: May 27, 2010, 09:18:14 AM by Britec » Logged
esmusic
Newbie
*
Posts: 4


View Profile
« Reply #3 on: May 31, 2010, 06:38:14 PM »
Hello Britec,

 The first thing I did was run the free AVAST antivirus which found about 8 infected files and it either quarantined or deleted them..

 Then recently I ran the latest Adaware free download and that found alot of suspicious files and deleted them...

 It seems as my ports where attacked .... as I have many closed...
I did not close them

 I was able to enter netsh in the command prompt and reset my netsh firewall settings so now I have more ports opened
I do not have http access..

 I am able to reach https pages with I.E. but http
the new ports update image is below
Logged
Britec
Administrator
Hero Member
*****
Posts: 3346



View Profile
« Reply #4 on: June 01, 2010, 04:13:00 AM »
Please run a scan with Malwarebytes and Superantispyware so we have a idea the system is clean
Logged


esmusic
Newbie
*
Posts: 4


View Profile
« Reply #5 on: June 02, 2010, 07:24:05 PM »
No mo Malware but it closed my ports
I can't get online




I used NMAP and NMAP says;

Starting Nmap 5.21 ( http://nmap.org ) at 2010-05-30 22:48 Eastern Daylight Time

Skipping SYN Stealth Scan against 192.168.1.109 because Windows does not support scanning your own machine (localhost) this way.

Nmap scan report for 192.168.1.109

Host is up.

PORT      STATE   SERVICE

1/tcp     unknown tcpmux

3/tcp     unknown compressnet

4/tcp     unknown unknown

6/tcp     unknown unknown

7/tcp     unknown echo

9/tcp     unknown discard

13/tcp    unknown daytime

17/tcp    unknown qotd

19/tcp    unknown chargen

20/tcp    unknown ftp-data

21/tcp    unknown ftp

22/tcp    unknown ssh

23/tcp    unknown telnet

24/tcp    unknown priv-mail

25/tcp    unknown smtp

26/tcp    unknown rsftp

30/tcp    unknown unknown

32/tcp    unknown unknown

33/tcp    unknown dsp

37/tcp    unknown time

42/tcp    unknown nameserver

43/tcp    unknown whois

49/tcp    unknown tacacs

53/tcp    unknown domain

70/tcp    unknown gopher

79/tcp    unknown finger

80/tcp    unknown http

81/tcp    unknown hosts2-ns

82/tcp    unknown xfer

83/tcp    unknown mit-ml-dev

84/tcp    unknown ctf

85/tcp    unknown mit-ml-dev

88/tcp    unknown kerberos-sec

89/tcp    unknown su-mit-tg

90/tcp    unknown dnsix

99/tcp    unknown metagram

100/tcp   unknown newacct

106/tcp   unknown pop3pw

109/tcp   unknown pop2

110/tcp   unknown pop3

111/tcp   unknown rpcbind

113/tcp   unknown auth

119/tcp   unknown nntp

125/tcp   unknown locus-map

135/tcp   unknown msrpc

139/tcp   unknown netbios-ssn

143/tcp   unknown imap

144/tcp   unknown news

146/tcp   unknown iso-tp0

161/tcp   unknown snmp

163/tcp   unknown cmip-man

179/tcp   unknown bgp

199/tcp   unknown smux

211/tcp   unknown 914c-g

212/tcp   unknown anet

222/tcp   unknown rsh-spx

254/tcp   unknown unknown

255/tcp   unknown unknown

256/tcp   unknown fw1-secureremote

259/tcp   unknown esro-gen

264/tcp   unknown bgmp

280/tcp   unknown http-mgmt

301/tcp   unknown unknown

306/tcp   unknown unknown

311/tcp   unknown asip-webadmin

340/tcp   unknown unknown

366/tcp   unknown odmr

389/tcp   unknown ldap

406/tcp   unknown imsp

407/tcp   unknown timbuktu

416/tcp   unknown silverplatter

417/tcp   unknown onmux

425/tcp   unknown icad-el

427/tcp   unknown svrloc

443/tcp   unknown https

444/tcp   unknown snpp

445/tcp   unknown microsoft-ds

458/tcp   unknown appleqtc

464/tcp   unknown kpasswd5

465/tcp   unknown smtps

481/tcp   unknown dvs

497/tcp   unknown retrospect

500/tcp   unknown isakmp

512/tcp   unknown exec

513/tcp   unknown login

514/tcp   unknown shell

515/tcp   unknown printer

524/tcp   unknown ncp

541/tcp   unknown uucp-rlogin

543/tcp   unknown klogin

544/tcp   unknown kshell

545/tcp   unknown ekshell

548/tcp   unknown afp

554/tcp   unknown rtsp

555/tcp   unknown dsf

563/tcp   unknown snews

587/tcp   unknown submission

593/tcp   unknown http-rpc-epmap

616/tcp   unknown unknown

617/tcp   unknown sco-dtmgr

625/tcp   unknown apple-xsrvr-admin

631/tcp   unknown ipp

636/tcp   unknown ldapssl

646/tcp   unknown ldp

648/tcp   unknown unknown

666/tcp   unknown doom

667/tcp   unknown unknown

668/tcp   unknown unknown

683/tcp   unknown corba-iiop

687/tcp   unknown unknown

691/tcp   unknown resvc

700/tcp   unknown unknown

705/tcp   unknown unknown

711/tcp   unknown unknown

714/tcp   unknown unknown

720/tcp   unknown unknown

722/tcp   unknown unknown

726/tcp   unknown unknown

749/tcp   unknown kerberos-adm

765/tcp   unknown webster

777/tcp   unknown unknown

783/tcp   unknown spamassassin

787/tcp   unknown qsc

800/tcp   unknown mdbs_daemon

801/tcp   unknown device

808/tcp   unknown ccproxy-http

843/tcp   unknown unknown

873/tcp   unknown rsync

880/tcp   unknown unknown

888/tcp   unknown accessbuilder

898/tcp   unknown sun-manageconsole

900/tcp   unknown unknown

901/tcp   unknown samba-swat

902/tcp   unknown iss-realsecure

903/tcp   unknown iss-console-mgr

911/tcp   unknown unknown

912/tcp   unknown unknown

981/tcp   unknown unknown

987/tcp   unknown unknown

990/tcp   unknown ftps

992/tcp   unknown telnets

993/tcp   unknown imaps

995/tcp   unknown pop3s

999/tcp   unknown garcon

1000/tcp  unknown cadlock

1001/tcp  unknown unknown

1002/tcp  unknown windows-icfw

1007/tcp  unknown unknown

1009/tcp  unknown unknown

1010/tcp  unknown unknown

1011/tcp  unknown unknown

1021/tcp  unknown unknown

1022/tcp  unknown unknown

1023/tcp  unknown netvenuechat

1024/tcp  unknown kdm

1025/tcp  unknown NFS-or-IIS

1026/tcp  unknown LSA-or-nterm

1027/tcp  unknown IIS

1028/tcp  unknown unknown

1029/tcp  unknown ms-lsa

1030/tcp  unknown iad1

1031/tcp  unknown iad2

1032/tcp  unknown iad3

1033/tcp  unknown netinfo

1034/tcp  unknown zincite-a

1035/tcp  unknown multidropper

1036/tcp  unknown unknown

1037/tcp  unknown unknown

1038/tcp  unknown unknown

1039/tcp  unknown unknown

1040/tcp  unknown netsaint

1041/tcp  unknown unknown

1042/tcp  unknown unknown

1043/tcp  unknown boinc

1044/tcp  unknown unknown

1045/tcp  unknown unknown

1046/tcp  unknown unknown

1047/tcp  unknown unknown

1048/tcp  unknown unknown

1049/tcp  unknown unknown

1050/tcp  unknown java-or-OTGfileshare

1051/tcp  unknown optima-vnet

1052/tcp  unknown ddt

1053/tcp  unknown unknown

1054/tcp  unknown unknown

1055/tcp  unknown ansyslmd

1056/tcp  unknown unknown

1057/tcp  unknown unknown

1058/tcp  unknown nim

1059/tcp  unknown nimreg

1060/tcp  unknown polestar

1061/tcp  unknown unknown

1062/tcp  unknown veracity

1063/tcp  unknown unknown

1064/tcp  unknown unknown

1065/tcp  unknown unknown

1066/tcp  unknown fpo-fns

1067/tcp  unknown instl_boots

1068/tcp  unknown instl_bootc

1069/tcp  unknown cognex-insight

1070/tcp  unknown unknown

1071/tcp  unknown unknown

1072/tcp  unknown unknown

1073/tcp  unknown unknown

1074/tcp  unknown unknown

1075/tcp  unknown unknown

1076/tcp  unknown sns_credit

1077/tcp  unknown unknown

1078/tcp  unknown unknown

1079/tcp  unknown unknown

1080/tcp  unknown socks

1081/tcp  unknown unknown

1082/tcp  unknown unknown

1083/tcp  unknown ansoft-lm-1

1084/tcp  unknown ansoft-lm-2

1085/tcp  unknown unknown

1086/tcp  unknown unknown

1087/tcp  unknown unknown

1088/tcp  unknown unknown

1089/tcp  unknown unknown

1090/tcp  unknown unknown

1091/tcp  unknown unknown

1092/tcp  unknown unknown

1093/tcp  unknown unknown

1094/tcp  unknown unknown

1095/tcp  unknown unknown

1096/tcp  unknown unknown

1097/tcp  unknown unknown

1098/tcp  unknown unknown

1099/tcp  unknown unknown

1100/tcp  unknown unknown

1102/tcp  unknown unknown

1104/tcp  unknown unknown

1105/tcp  unknown unknown

1106/tcp  unknown unknown

1107/tcp  unknown unknown

1108/tcp  unknown unknown

1110/tcp  unknown nfsd-status

1111/tcp  unknown unknown

1112/tcp  unknown msql

1113/tcp  unknown unknown

1114/tcp  unknown unknown

1117/tcp  unknown unknown

1119/tcp  unknown unknown

1121/tcp  unknown unknown

1122/tcp  unknown unknown

1123/tcp  unknown unknown

1124/tcp  unknown unknown

1126/tcp  unknown unknown

1130/tcp  unknown unknown

1131/tcp  unknown unknown

1132/tcp  unknown unknown

1137/tcp  unknown unknown

1138/tcp  unknown unknown

1141/tcp  unknown unknown

1145/tcp  unknown unknown

1147/tcp  unknown unknown

1148/tcp  unknown unknown

1149/tcp  unknown unknown

1151/tcp  unknown unknown

1152/tcp  unknown unknown

1154/tcp  unknown unknown

1163/tcp  unknown unknown

1164/tcp  unknown unknown

1165/tcp  unknown unknown

1166/tcp  unknown unknown

1169/tcp  unknown unknown

1174/tcp  unknown unknown

1175/tcp  unknown unknown

1183/tcp  unknown unknown

1185/tcp  unknown unknown

1186/tcp  unknown unknown

1187/tcp  unknown unknown

1192/tcp  unknown unknown

1198/tcp  unknown unknown

1199/tcp  unknown unknown

1201/tcp  unknown unknown

1213/tcp  unknown unknown

1216/tcp  unknown unknown

1217/tcp  unknown unknown

1218/tcp  unknown aeroflight-ads

1233/tcp  unknown unknown

1234/tcp  unknown hotline

1236/tcp  unknown unknown

1244/tcp  unknown unknown

1247/tcp  unknown unknown

1248/tcp  unknown hermes

1259/tcp  unknown unknown

1271/tcp  unknown unknown

1272/tcp  unknown unknown

1277/tcp  unknown unknown

1287/tcp  unknown unknown

1296/tcp  unknown unknown

1300/tcp  unknown unknown

1301/tcp  unknown unknown

1309/tcp  unknown unknown

1310/tcp  unknown unknown

1311/tcp  unknown rxmon

1322/tcp  unknown unknown

1328/tcp  unknown unknown

1334/tcp  unknown unknown

1352/tcp  unknown lotusnotes

1417/tcp  unknown timbuktu-srv1

1433/tcp  unknown ms-sql-s

1434/tcp  unknown ms-sql-m

1443/tcp  unknown ies-lm

1455/tcp  unknown esl-lm

1461/tcp  unknown ibm_wrless_lan

1494/tcp  unknown citrix-ica

1500/tcp  unknown vlsi-lm

1501/tcp  unknown sas-3

1503/tcp  unknown imtc-mcs

1521/tcp  unknown oracle

1524/tcp  unknown ingreslock

1533/tcp  unknown virtual-places

1556/tcp  unknown unknown

1580/tcp  unknown unknown

1583/tcp  unknown unknown

1594/tcp  unknown unknown

1600/tcp  unknown issd

1641/tcp  unknown unknown

1658/tcp  unknown unknown

1666/tcp  unknown netview-aix-6

1687/tcp  unknown unknown

1688/tcp  unknown unknown

1700/tcp  unknown mps-raft

1717/tcp  unknown fj-hdnet

1718/tcp  unknown unknown

1719/tcp  unknown unknown

1720/tcp  unknown H.323/Q.931

1721/tcp  unknown unknown

1723/tcp  unknown pptp

1755/tcp  unknown wms

1761/tcp  unknown landesk-rc

1782/tcp  unknown hp-hcip

1783/tcp  unknown unknown

1801/tcp  unknown unknown

1805/tcp  unknown unknown

1812/tcp  unknown unknown

1839/tcp  unknown unknown

1840/tcp  unknown unknown

1862/tcp  unknown unknown

1863/tcp  unknown msnp

1864/tcp  unknown paradym-31

1875/tcp  unknown unknown

1900/tcp  unknown upnp

1914/tcp  unknown unknown

1935/tcp  unknown rtmp

1947/tcp  unknown unknown

1971/tcp  unknown unknown

1972/tcp  unknown unknown

1974/tcp  unknown unknown

1984/tcp  unknown bigbrother

1998/tcp  unknown x25-svc-port

1999/tcp  unknown tcp-id-port

2000/tcp  unknown cisco-sccp

2001/tcp  unknown dc

2002/tcp  unknown globe

2003/tcp  unknown finger

2004/tcp  unknown mailbox

2005/tcp  unknown deslogin

2006/tcp  unknown invokator

2007/tcp  unknown dectalk

2008/tcp  unknown conf

2009/tcp  unknown news

2010/tcp  unknown search

2013/tcp  unknown raid-am

2020/tcp  unknown xinupageserver

2021/tcp  unknown servexec

2022/tcp  unknown down

2030/tcp  unknown device2

2033/tcp  unknown glogger

2034/tcp  unknown scoremgr

2035/tcp  unknown imsldoc

2038/tcp  unknown objectmanager

2040/tcp  unknown lam

2041/tcp  unknown interbase

2042/tcp  unknown isis

2043/tcp  unknown isis-bcast

2045/tcp  unknown cdfunc

2046/tcp  unknown sdfunc

2047/tcp  unknown dls

2048/tcp  unknown dls-monitor

2049/tcp  unknown nfs

2065/tcp  unknown dlsrpn

2068/tcp  unknown advocentkvm

2099/tcp  unknown unknown

2100/tcp  unknown unknown

2103/tcp  unknown zephyr-clt

2105/tcp  unknown eklogin

2106/tcp  unknown ekshell

2107/tcp  unknown unknown

2111/tcp  unknown kx

2119/tcp  unknown unknown

2121/tcp  unknown ccproxy-ftp

2126/tcp  unknown unknown

2135/tcp  unknown unknown

2144/tcp  unknown unknown

2160/tcp  unknown unknown

2161/tcp  unknown apc-agent

2170/tcp  unknown unknown

2179/tcp  unknown unknown

2190/tcp  unknown unknown

2191/tcp  unknown unknown

2196/tcp  unknown unknown

2200/tcp  unknown unknown

2222/tcp  unknown unknown

2251/tcp  unknown unknown

2260/tcp  unknown unknown

2288/tcp  unknown unknown

2301/tcp  unknown compaqdiag

2323/tcp  unknown unknown

2366/tcp  unknown unknown

2381/tcp  unknown unknown

2382/tcp  unknown unknown

2383/tcp  unknown ms-olap4

2393/tcp  unknown unknown

2394/tcp  unknown unknown

2399/tcp  unknown unknown

2401/tcp  unknown cvspserver

2492/tcp  unknown unknown

2500/tcp  unknown rtsserv

2522/tcp  unknown unknown

2525/tcp  unknown unknown

2557/tcp  unknown unknown

2601/tcp  unknown zebra

2602/tcp  unknown ripd

2604/tcp  unknown ospfd

2605/tcp  unknown bgpd

2607/tcp  unknown unknown

2608/tcp  unknown unknown



Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
Logged
Britec
Administrator
Hero Member
*****
Posts: 3346



View Profile
« Reply #6 on: June 03, 2010, 03:12:13 AM »
Software Firewall intercepts the TCP/IP traffic, since most of Windows Networked computers use the TCP/IP protocol for local file sharing it might intercept and block the LAN’s traffic too.
Almost all Software Firewall includes a setting that let you to enter the IP range of your Networked computers and thus allow free flow of TCP/IP traffic between these computers without the Firewall's intervention.

This function is usually referred to as Computers in the Trusted Zone. I.e. trusted to allow uncontrolled traffic.
I would use as an example one of the most popular software firewall Norton Internet Security (NIS).
Open NIS main menu and highlight Personal Firewall, click on Configure and choose the Home Network Tab.
Click Enter / Choose Entering Range and enter into the menus the lower and upper IP range of your Local Network.

The same applies to any software Firewall. It might use terms like Allows, Trusted etc. you might find the way to set the “Trusted Zone” by looking at the Firewall’s Help menu under the Local Network (LAN) section.

http://support.microsoft.com/kb/308127
Logged


esmusic
Newbie
*
Posts: 4


View Profile
« Reply #7 on: June 28, 2010, 11:34:47 AM »
I do not have a 3rd party FIREWALL such as ZoneAlarm or others install on this harddrive
and I have turn off the Windows firewall...

But my TCP /UDP ports are not allowing internet access except for Https

-Jose
Logged
davedudeit
Sr. Member
****
Posts: 380



View Profile
« Reply #8 on: July 08, 2010, 05:18:56 PM »
Quote from: esmusic on June 28, 2010, 11:34:47 AM
I do not have a 3rd party FIREWALL such as ZoneAlarm or others install on this harddrive
and I have turn off the Windows firewall...

But my TCP /UDP ports are not allowing internet access except for Https

-Jose
pfff format and reinstall ?
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to: