Open local ports

[dos]

Hi,
i have two local trojan ports open. I found that using LPS program. The
ports are 80 and 110. I have winXP firewall and a router. Can i somehow close
this two ports only by using xp firewall?

Thnx a lot.

 

[Volodymyr M. Shcherbyna]

At the initial stage use TCPView
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx to get the
name of process, which opened the ports. After this you may de-install or
remove applications or put them into black list in XP FireWall

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"dos" <dos@discussions.microsoft.com> wrote in message
news5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...
> Hi,
> i have two local trojan ports open. I found that using LPS program. The
> ports are 80 and 110. I have winXP firewall and a router. Can i somehow
> close
> this two ports only by using xp firewall?
>
> Thnx a lot.

 

[dos]

Thanks for reply.
I have licenced copy of port explorer but there, i don't see any mentioned
open local ports. Only firefox.exe is using remote port 80, for 110 i'm not
sure. Thats strange.

"Volodymyr M. Shcherbyna" wrote:

> At the initial stage use TCPView
> http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx to get the
> name of process, which opened the ports. After this you may de-install or
> remove applications or put them into black list in XP FireWall
>
> --
> V.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> "dos" <dos@discussions.microsoft.com> wrote in message
> news5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...
> > Hi,
> > i have two local trojan ports open. I found that using LPS program. The
> > ports are 80 and 110. I have winXP firewall and a router. Can i somehow
> > close
> > this two ports only by using xp firewall?
> >
> > Thnx a lot.
>
>
>

 

[Juergen Nieveler]

dos <dos@discussions.microsoft.com> wrote:

> i have two local trojan ports open. I found that using LPS program.
> The ports are 80 and 110. I have winXP firewall and a router. Can i
> somehow close this two ports only by using xp firewall?

a) If it's really a trojan, merely installing a firewall will not help
you

b) A trojan won't use 80 and 110, the chance of colliding with real
applications would be too high. I'm willing to bet that those two ports
are opened by your virus scanner which is trying to scan your web
traffic and email downloads...

Juergen Nieveler
--
Take my advice, I don't use it anyway.

 

[Tom [Pepper] Willett]

Port 110 is for email.

"dos" <dos@discussions.microsoft.com> wrote in message
news:C8499AC2-1F0D-4CB4-B8D2-FE059CF36196@microsoft.com...
: Thanks for reply.
: I have licenced copy of port explorer but there, i don't see any mentioned
: open local ports. Only firefox.exe is using remote port 80, for 110 i'm
not
: sure. Thats strange.
:
: "Volodymyr M. Shcherbyna" wrote:
:
: > At the initial stage use TCPView
: > http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx to get the
: > name of process, which opened the ports. After this you may de-install
or
: > remove applications or put them into black list in XP FireWall
: >
: > --
: > V.
: > This posting is provided "AS IS" with no warranties, and confers no
: > rights.
: > "dos" <dos@discussions.microsoft.com> wrote in message
: > news5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...
: > > Hi,
: > > i have two local trojan ports open. I found that using LPS program.
The
: > > ports are 80 and 110. I have winXP firewall and a router. Can i
somehow
: > > close
: > > this two ports only by using xp firewall?
: > >
: > > Thnx a lot.
: >
: >
: >

 

[Volodymyr M. Shcherbyna]

> b) A trojan won't use 80 and 110, the chance of colliding with real
> applications would be too high. I'm willing to bet that those two ports
> are opened by your virus scanner which is trying to scan your web
> traffic and email downloads...

I don't think so. This is a stupid approach from the point of view of
security software. Antivirus or whatever will try to enumerate all opened
ports, this operation is less costly then binding, and listening on some
port.

Even if the above solution would not be suitable for antivirus, it could
always call bind (...) on a specified port., and if it busy, it will get
WSAEACCES error . So, as you can, see, there is no need to create a fully
functional server to check some port (because listen (...) and accept (...)
are not called in this case)


--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns9A7AE0724445juergennieveler@nieveler.org...
> dos <dos@discussions.microsoft.com> wrote:
>
>> i have two local trojan ports open. I found that using LPS program.
>> The ports are 80 and 110. I have winXP firewall and a router. Can i
>> somehow close this two ports only by using xp firewall?
>
> a) If it's really a trojan, merely installing a firewall will not help
> you
>
> b) A trojan won't use 80 and 110, the chance of colliding with real
> applications would be too high. I'm willing to bet that those two ports
> are opened by your virus scanner which is trying to scan your web
> traffic and email downloads...
>
> Juergen Nieveler
> --
> Take my advice, I don't use it anyway.

 

[Volodymyr M. Shcherbyna]

BTW, what is the need to open 80 port or 110 to scan the traffic? The
traffic which going to be scanned should go to remote IP + remote port. Not
the local ones.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote in message
news:eMS3pOhmIHA.3780@TK2MSFTNGP06.phx.gbl...
>> b) A trojan won't use 80 and 110, the chance of colliding with real
>> applications would be too high. I'm willing to bet that those two ports
>> are opened by your virus scanner which is trying to scan your web
>> traffic and email downloads...
>
> I don't think so. This is a stupid approach from the point of view of
> security software. Antivirus or whatever will try to enumerate all opened
> ports, this operation is less costly then binding, and listening on some
> port.
>
> Even if the above solution would not be suitable for antivirus, it could
> always call bind (...) on a specified port., and if it busy, it will get
> WSAEACCES error . So, as you can, see, there is no need to create a fully
> functional server to check some port (because listen (...) and accept
> (...) are not called in this case)
>
>
> --
> V.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
> news:Xns9A7AE0724445juergennieveler@nieveler.org...
>> dos <dos@discussions.microsoft.com> wrote:
>>
>>> i have two local trojan ports open. I found that using LPS program.
>>> The ports are 80 and 110. I have winXP firewall and a router. Can i
>>> somehow close this two ports only by using xp firewall?
>>
>> a) If it's really a trojan, merely installing a firewall will not help
>> you
>>
>> b) A trojan won't use 80 and 110, the chance of colliding with real
>> applications would be too high. I'm willing to bet that those two ports
>> are opened by your virus scanner which is trying to scan your web
>> traffic and email downloads...
>>
>> Juergen Nieveler
>> --
>> Take my advice, I don't use it anyway.
>
>

 

[Juergen Nieveler]

"Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote:

> BTW, what is the need to open 80 port or 110 to scan the traffic? The
> traffic which going to be scanned should go to remote IP + remote
> port. Not the local ones.

AV software often contains built-in proxy servers that open for example
localhost:110 and alter the email software settings to route the mail
download through the local proxy.


Juergen Nieveler
--
I'll pass on the dope. The detonation is set for tomorrow which means
screws will destruct.

 

[Volodymyr M. Shcherbyna]

Yes, this may happen as-well, I agree.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns9A7B6C3A2D7B8juergennieveler@nieveler.org...
> "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote:
>
>> BTW, what is the need to open 80 port or 110 to scan the traffic? The
>> traffic which going to be scanned should go to remote IP + remote
>> port. Not the local ones.
>
> AV software often contains built-in proxy servers that open for example
> localhost:110 and alter the email software settings to route the mail
> download through the local proxy.
>
>
> Juergen Nieveler
> --
> I'll pass on the dope. The detonation is set for tomorrow which means
> screws will destruct.