Software to show apps using open ports and close them

I sthere a s/w that shows open ports and the apps using them
and allows the user to specifically close the ports if not the apps

please help

i think my pc is infected bya trojan
more than 20 ports are open and sata is being ssent automatically
please help

thanks in advcne

Have you run a virus and spyware scan on your system? I would suggest doing that first. Once you are done with that, we can do a hijackthis log check and see what, if anything, is still there.

Everytime my nod av detects a sys file in the drivers folder or .exe file in the windows folder and says a worm has been found or a trojan

i remove those files they come back again
and i hav some of those annoying popups these days
and is uspect the viruses are generated from there

please tell me a s/w which can do what i had asked 4
please i am looking for such s/w 4 long

DiamondCS Port Explorer

Port Explorer shows you all the open ports on your system and what programs own them (called Port to Process mapping). Along with this ability it also has many tools including a packet sniffer, bandwidth throttling and country detection to name just a few. Port Explorer has an intuitive GUI that allows you to quickly see all your network activity, and thanks to its ease of use is allowing people everywhere to do advanced network activities. Providing unprecedented viewing and control over the sockets on your Microsoft Windows system, the data traffic going through it, and the computers that are connected to it, Port Explorer is a completely unique and powerful program that goes where few others can.

In this day and age where system security means everything on the Internet, Port Explorer is a program you can't afford to be without. Designed for 32-bit Microsoft Windows systems, Port Explorer supports Windows 95, 98, 98 SE, ME, NT4, 2K, and XP, and also has a built-in dynamic language support system (supported languages include English, Dutch, French, Swedish, and Portuguese).

Port Explorer gives you the ability to see all sockets that are open, and shows the state these are in, be it established and sending or receiving data, listening, or closing. Port Explorer also gives the great ability to control these sockets - by allowing the user to spy on any or all sockets owned by a process, and to block sending or receiving of any or all sockets. A user could block data sending by a suspicious socket - yet still see what data is coming in by spying on this socket. Port Explorer also includes new detection for trojans, by showing hidden sockets in red. This technology was developed for the upcoming DiamondCS TDS-4 Professional trojan scanner.


Direct Download Link: (license: Shareware... OS: Win95,Win98,WinME,WinNT 4.x,WinXP,Windows2000)

http://www.programurl.com/siteclick.php?a=0&b=1&url=/siteclick.php?a=0&b=1&url=http://www.diamondcs.com.au/portexplorer/downloads/pedemosetup.exe


*********
From what I know ZoneAlarm Pro also has an ability to protect a computer systems vulnerable open ports. An open port is a small doorway in your computer system that allows data to enter and leave. When you use a chat program online, for instance, your computer opens four ports to allow data to flow back and forth. ZoneAlarm Pro was effective at protecting and closing ports. ZoneAlarm Pro also passed trojan tests; no trojan programs made it past the firewall.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


As for your problem with the trojan, I recommend you to download the trail version of Kaspersky or Avast! and disinfect the trojan, since our Malware Support forum is down for the moment. The reason why nod32 did not get rid of the trojan is because it only deletes it instead of disinfecting it.

Regards Doc. 8)

Last edited by Doctor Inferno on 2nd April 2008, 10:54 am; edited 1 time in total

Hi DN

Thanks for your help,i found the software very useful ,btw i clened the worm it was actually a trojan downloader ,i had to install quick heal,it deleted the file,otherwise it was not getting deleted

PS :the file named judgemq.dll is found in the system32 folder

It downloads/creates trojans (with ext exe) files on its own ,usually in the temp folder.

Download a copy of HijackThis and save it to your desktop in a folder. Do a scan and save the HijackThis logfile. Do not remove anything. Post your log file here. Link to HijackThis:

http://castlecops.com/zx/Merijn/hijackthis.zip

Here it is

Logfile of HijackThis v1.99.1
Scan saved at 12:06:21 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Utilities\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Utilities\PC Tools Firewall Plus\FirewallGUI.exe
D:\PROGRA~1\QUICKH~1\EMLPROUI.EXE
D:\PROGRA~1\QUICKH~1\UPSCHD.EXE
D:\PROGRA~1\QUICKH~1\SCANMSG.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\QUICKH~1\OnlineNT.EXE
d:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
d:\PROGRA~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Utilities\Universal Shield\US30Service.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Opera\Opera.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 127.0.0.2 www.youtube.com
O1 - Hosts: 127.0.0.2
O1 - Hosts: 127.0.0.2 kproxy.com
O1 - Hosts: 127.0.0.2 www.kproxy.com
O1 - Hosts: 127.0.0.2 www.anonymizer.ru
O1 - Hosts: 127.0.0.2 anonymizer.ru
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Flash Module - {B9249083-6055-476c-A69D-13E110BFEA91} - tconn1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\Utilities\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Video Driver] C:\Program Files\Common Files\Microsoft Shared\DAO\GEEKMACHINE\svchost.exe
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\GEEKMACHINE\svchost.exe
O4 - HKLM\..\Run: [Usbrun] C:\Documents and Settings\Admin\Desktop\USB_Toolbox_v2.2_Portable\USB Toolbox v2.2 Portable\USBRun.exe
O4 - HKLM\..\Run: [mssrv32] c:\windows\system32\mssrv32.exe
O4 - HKLM\..\Run: [Email Protection] d:\PROGRA~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] d:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] D:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] d:\PROGRA~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] D:\PROGRA~1\QUICKH~1\Sensor.EXE /LOADRUN
O4 - HKLM\..\RunOnce: [Startup Scan] D:\PROGRA~1\QUICKH~1\Sensor.EXE /check
O4 - HKCU\..\Run: [Yahoo! Pager] "d:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - d:\Program Files\utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'wsock3.dll' missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA77C1A5-AA4B-4535-92BA-AA89AFFE8A00}: NameServer = 61.1.96.69,61.1.96.71
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NT Online Protection - Unknown owner - d:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\Utilities\PC Tools Firewall Plus\FWService.exe
O23 - Service: Quick Heal Mail Protection - Unknown owner - d:\PROGRA~1\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Unknown owner - d:\PROGRA~1\QUICKH~1\scanwscs.exe
O23 - Service: US30Service - Unknown owner - D:\Program Files\Utilities\Universal Shield\US30Service.exe

Sorry for the delay, i have been away with work!

Print out or copy this page to Notepad since you will CAN NOT have any of browsers open while you are fixing this and try to follow it as closely as possible taking it STEP by STEP.



Update your Antivirus program.


Download Spybot Search and Destroy install it and UPDATE the program.

http://www.safer-networking.org/en/mirrors/index.html


Download VundoFix.exe to your desktop. Ignore the AntiVirus warnings and download it anyway because you need to run it.... Wait on installation and running.

http://www.atribune.org/ccount/click.php?id=4

Download CleanUp and install it. Wait on installation and running.

http://www.stevengould.org/downloads/cleanup/CleanUp452.exe


Download following program CWSHREDDER. Wait on installation and running
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe


Download About:Buster and save it to your desktop. When it has finished downloading, unzip the folder to your desktop as well. You should now be left with an aboutbuster folder on your desktop.Wait on installation and running.

http://www.malwarebytes.org/AboutBuster.zip


I would also recommentd that you download CCleaner. It is a great little program that I use every time I close my browser to get rid of temporary files. I usually just run the cleaner part every time I'm done with the browser.During the install there will be check marks for checking for updates which you should do.....Dont install the toolbars unless you want them so you can uncheck these boxes.
It is a very safe program and it is free.(CCleaner Quick Setup: Go to > Options > Advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours" as this will help in cleaning malware that may be hiding in your temp files etc)

http://www.ccleaner.com/

_______________________________________________________________________

Now make sure no OS files are hidden.
To do this:
For XP go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
For Vista go to the Control Panel->Appearance and Personalization
Under the Folder Options, click Show Hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
You may change the above options back after your log is clean.


Turn off system restore.

Steps to turn off System Restore for XP
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.

Steps to turn off System Restore for Vista:
1. Control Panel -> System Maintenance -> Back Up and Restore Center
2. On the right column, click on "create a restore point or change settings" (this requires administrator's password if set)
3. Uncheck all drives.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.





Do all steps below in safe mode except for at the end when you generate a new HiJackThis log





Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).

3) Instead of Windows loading as normal, a menu should appear

4) Use the up arrow key to highlight Safe Mode and press Enter.





Please run HijackThis and click "Scan". Place checks next to the following entries if still present in the code and close all browser and other windows except for HijackThis, and click "Fix Checked".

D:\PROGRA~1\QUICKH~1\EMLPROUI.EXE
D:\PROGRA~1\QUICKH~1\UPSCHD.EXE
D:\PROGRA~1\QUICKH~1\SCANMSG.EXE
D:\PROGRA~1\QUICKH~1\OnlineNT.EXE
d:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
d:\PROGRA~1\QUICKH~1\scanwscs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 127.0.0.2 www.youtube.com
O1 - Hosts: 127.0.0.2
O1 - Hosts: 127.0.0.2 kproxy.com
O1 - Hosts: 127.0.0.2 www.kproxy.com
O1 - Hosts: 127.0.0.2 www.anonymizer.ru
O1 - Hosts: 127.0.0.2 anonymizer.ru
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
O2 - BHO: Flash Module - {B9249083-6055-476c-A69D-13E110BFEA91} - tconn1.dll (file missing)
O4 - HKLM\..\Run: [Video Driver] C:\Program Files\Common Files\Microsoft Shared\DAO\GEEKMACHINE\svchost.exe
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\GEEKMACHINE\svchost.exe

Run your Antivirus and do a full scan.....Remember this is all in safe mode.



Run Spybot Search and Destroy and do a full scan remember this is all in safe mode.



Open Cleanup by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

*Click "Options..."

*Move the arrow down to "Custom CleanUp!"

*Only Check the following for now:

-Empty Recycle Bins

-Delete Cookies

-Delete Prefetch Files

-Clean up All Users

*Uncheck the following:

-Delete Newsgroup cache

-Delete Newsgroup Subscriptions

*Press the Temporary Files Tab and check.

-Scan drives for files matching

Click OK

Press the CleanUp button to start the program. Reboot/logoff when prompted.

Note: CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup or MOVE THEM out of the Temp folder before running CleanUp
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.



Install and run CWSHREDDER

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.



Double-click on the AbouBuster.exe icon.

Click Begin scan. Close when completed.

It is advised that you run the AbouBuster twice in a row to make sure you get all the infections.

_____________________________________________________________

NOTE For AboutBuster: If you recieve the error"Run-time error '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".

Download and run this file http://www.spywareinfo.com/downloads/tools...ngfilesetup.exe






_____________________________________________________________



Double-click VundoFix.exe to run it(Do this a few times until nothing shows up)



Then install CCleaner but note it installs the Yahoo Toolbar as an option which IS check marked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option.

Before first use, select Options > Advanced and UNCHECK 'Only delete files in Windows Temp folder older than 48 hours'

Then select the items you wish to clean up.



In the Windows Tab:





* Clean all entries in the "Internet Explorer" section except Cookies.

* Clean all the entries in the "Windows Explorer" section.

* Clean all entries in the "System" section.

* Clean all entries in the "Advanced" section.

* Clean any others that you choose.





In the Applications Tab:





* Clean all except cookies in the Firefox/Mozilla section if you use it.

* Clean all in the Opera section if you use it.

* Clean Sun Java in the Internet Section.

* Clean any others that you choose.





Click the "Run Cleaner" button.

A pop-up box will appear advising this process will permanently delete files from your system.

Click "OK" and it will scan and clean your system.

Click the "Issues" button.

Click the "Scan For Issues" button.

Click the "Fix Selected Issues" button.

Click the "Fix All Selected Issues" button.

Click "OK"

Click "Close" when done.



REBOOT in normal mode and turn on System Restore.


Steps to turn on System Restore For XP:

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.

After a few moments, the System Properties dialog box closes.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.

To create a Restore point for Vista:

1.Control Panel – System Maintenance – Back Up and Restore Center. On the right column, click on "Create A Restore Point Or Change Settings" (This requires Administrator's password if set.) Put a check on the drive your OS is on. Then click on the Create button. Type in a name and then click OK.


Do another scan with HiJackThis in normal windows mode and post your new log file here for final verification. Make sure it is a new log file.

Also let us know how the systems overall condition is now.

Last edited by on 22nd January 2008, 1:56 am; edited 1 time in total

hac u found ne intrusion thru the log

Yes....your system has been comprimised so the most logical thing you can do is to flatten and rebuild (format n clean install the OS)

Most likely your important data has been comprimised with the attacker placing 'backdoor' access amongst it somewhere which will be nearly impossible to completely trace n delete.

After you format (wipe your HDD clean) and reinstall, make sure that you install a reputable firewall (see our free download section) and keep it running in the background continually.

You need to act quickly as the attacker is utilizing your bandwidth and has the ability to do what he wishes with your system.


Regards :-B:

I have PC tools firewall plus installed
NOD32 AND Spyware Doctor found some and removed the infected files,but i am still nt sure whether all of them hav een removed or not


thnks

If you have obeyed the above instructions, show us a NEW log!

:-B: