Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to detect trojans manually...

Status
Not open for further replies.
enzyme6

enzyme6

Technical User
Jul 11, 2005
2
US
Hi, I'm new here. I was wondering if there was an efficient way of finding trojans on one's computer. My firewall log is showing outbound traffic being blocked on port 139. I did some research and found a list of possible causes known to use that port. Now I'm wondering if something like typing in the name of a trojan like Sad Mind in Windows Search will do any good. Do trojans use different names to cloak themselves? If they do, is there any way other than using ur anti-virus/ spyware programs that u can do by urself? I would appreciate any help. Thanks.

Lijin
 
Sort by date Sort by votes
Just a thought but why would you not want to use an antivirus or antispyware product? They are made for the job.

 
Upvote 0 Downvote
If you are not comfortable using netstat to monitor ports, a freeware utility such as ActivePorts should help.
FileMon may also be of use to monitor file read / write activity.

Note that some anti-virus / anti-spyware products report ActivePorts as malicious because it includes an API that can be abused, although I'm not aware of any current exploits that do so.

HTH

TazUk

[pc] Blue-screening PCs since 1998
 
Upvote 0 Downvote
Thanks guys for responding. First, dyarwood, I didn't mean to imply that I dont use anti virus/spyware s/w. I do. But its those cases when something new is out and causing havoc that I was wondering about.

tazuk, I did have some exposure to netstat b4 so I was able to use that. but I wasn't able to find anything substantial. i'm gonna do some more research and get back to u. thx!

Lijin
 
Upvote 0 Downvote
port 139 is file and printer sharing, net bios. Make sure net bios is disabled, unless you are using it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
262
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
279
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
226
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
83
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
74
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top