zoidbergman
asked on
Need to know why I have so many tcp port 1025 connections
windows xp media center edition 2004, sp2...
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
zoidberg
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
zoidberg
Mazaraat
Ports 1025/1026 are used by active directory, DCOM, and several other services..Not to mention several viruses like to get in on those ports =) since there open....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do all of these in safe mode:
**Items to verify PC is clean**
Download run ad-aware:
--http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Download run spybot:
--http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but
Download run Virusscanner:
--http://vil.nai.com/vil/stinger/
Boot Normally and do this:
Download and run hijackthis:
--http://209.133.47.12/~merijn/files/HijackThis.exe
Either post the log here or you can post the log file at this site and it will go through it for you:
--http://www.hijackthis.de/index.php?langselect=english
**Items to verify PC is clean**
Download run ad-aware:
--http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Download run spybot:
--http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but
Download run Virusscanner:
--http://vil.nai.com/vil/stinger/
Boot Normally and do this:
Download and run hijackthis:
--http://209.133.47.12/~merijn/files/HijackThis.exe
Either post the log here or you can post the log file at this site and it will go through it for you:
--http://www.hijackthis.de/index.php?langselect=english
ASKER
i've done a hijackthis before... came up clean. I've gotta know though, is that stinger proggie any good?
ASKER
Heh, i just checked it out... That's the same program we used to use back in high school. The computers there were constantly infected.
Stinger is only a scanner, and must be download to get the latest versions, it is NOT Anti-Virus protection. It is only good for cleaning, and must be redownloaded every time there is a new update......its just a tool. Norton also has fix tools, but they are individual to the virus repair tools. Yes stinger is good, remember to scan in safe mode =)
Here are 2 more "free" online virus scanners:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Here are 2 more "free" online virus scanners:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
ASKER
I'll tell ya guys what, I'll give out the points to whoever can give me the most/most accurate info on port 1025, what it does, some tools to download, etc. Shift the focus to port 1025... I got rid of aim and moved to TRILLIAN.