• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

Need to know why I have so many tcp port 1025 connections

windows xp media center edition 2004, sp2...
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
zoidberg
0
zoidbergman
Asked:
zoidbergman
  • 3
  • 3
1 Solution
 
MazaraatCommented:
Ports 1025/1026 are used by active directory, DCOM, and several other services..Not to mention several viruses like to get in on those ports =) since there open....
0
 
winkingtigerCommented:
I would go into safe mode and run all of your scanning utilities there.  Also get a reg tool such registrar lite (free).  In the past I have found some registry keys changed all around.  A program like HijackThis could give you some hints on to where they are.  'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page' and some other keys in the registry could give you hints onto where malicious code could be lurking.  Also, just to see what happens, I would close those two ports and see how the PC reacts.  Of course AD would not work if that service was active.
0
 
MazaraatCommented:
Do all of these in safe mode:

**Items to verify PC is clean**
Download run ad-aware:
--http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Download run spybot:
--http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but
Download run Virusscanner:
--http://vil.nai.com/vil/stinger/

Boot Normally and do this:

Download and run hijackthis:
--http://209.133.47.12/~merijn/files/HijackThis.exe
Either post the log here or you can post the log file at this site and it will go through it for you:
--http://www.hijackthis.de/index.php?langselect=english
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
zoidbergmanAuthor Commented:
i've done a hijackthis before... came up clean. I've gotta know though, is that stinger proggie any good?
0
 
zoidbergmanAuthor Commented:
Heh, i just checked it out... That's the same program we used to use back in high school. The computers there were constantly infected.
0
 
MazaraatCommented:
Stinger is only a scanner, and must be download to get the latest versions, it is NOT Anti-Virus protection.  It is only good for cleaning, and must be redownloaded every time there is a new update......its just a tool.  Norton also has fix tools, but they are individual to the virus repair tools.  Yes stinger is good, remember to scan in safe mode =)

Here are 2 more "free" online virus scanners:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
0
 
zoidbergmanAuthor Commented:
I'll tell ya guys what, I'll give out the points to whoever can give me the most/most accurate info on port 1025, what it does, some tools to download, etc. Shift the focus to port 1025... I got rid of aim and moved to TRILLIAN.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now