Virus/trojan and my Win 2k - help!

[jorgeo]

Hello, All

I just had a virus/trojan eat away my Win 2K NTFS partition, to the point that I purchased a new disk and started a fresh installation.

Note: 3 anti-virus and 2 anti trojans did not get rid of it...

At that time I had internat.exe trying to access the WEB... (BTW, this one I was able to clean).

Now, after the new install, I have:

system - port 139;
system - port 137;
system - port 138;
lsass - port 500;

All of them are trying to access the WEB; is this OK or is there something fishy?

Is it possible to avoid these services?

Thanks,

Jorge

 

[netwalker1]

The Best way to get rid of them is to install any good Anti-Virus Software ,, I think It will eat the Trojan too..
I don't know about these ports ,, but I think It's normal for some application to try access the Web ,, ! Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[r2]

Ports 137 thru 139 are for NETBIOS communications, which if you've got enabled (for Msft Networking and file sharing), could be normal. Port 500 is defined for (UDP) use with the ISAKMP (Internet Security Association and Key Management Protocol), which in most cases is probably a VPN connection trying to get out or in.

 

[jorgeo]

Thanks, r2.

Question:

Before I had the virus, these ports were not open.

How to close them for peace of spirit? I'm just a homeuser with ADSL connection.


Jorge

 

[Jasen]

Those services are normal for those ports. But if there are no other computers on your LAN that you want to share files with, you may safely tell your firewall to block those ports. Remember, you're unique... just like everyone else.

 

[jorgeo]

Thanks, guys.

I went to config and turned Netbios off (the 3 services were gone), in component services I turned off ISAKMP, lsass gone also.

Now everithing looks OK.

Jorge