Need to know why I have so many tcp port 1025 connections

windows xp media center edition 2004, sp2...
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
zoidberg
zoidbergmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MazaraatCommented:
Ports 1025/1026 are used by active directory, DCOM, and several other services..Not to mention several viruses like to get in on those ports =) since there open....
0
winkingtigerCommented:
I would go into safe mode and run all of your scanning utilities there.  Also get a reg tool such registrar lite (free).  In the past I have found some registry keys changed all around.  A program like HijackThis could give you some hints on to where they are.  'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page' and some other keys in the registry could give you hints onto where malicious code could be lurking.  Also, just to see what happens, I would close those two ports and see how the PC reacts.  Of course AD would not work if that service was active.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MazaraatCommented:
Do all of these in safe mode:

**Items to verify PC is clean**
Download run ad-aware:
--http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Download run spybot:
--http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but
Download run Virusscanner:
--http://vil.nai.com/vil/stinger/

Boot Normally and do this:

Download and run hijackthis:
--http://209.133.47.12/~merijn/files/HijackThis.exe
Either post the log here or you can post the log file at this site and it will go through it for you:
--http://www.hijackthis.de/index.php?langselect=english
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

zoidbergmanAuthor Commented:
i've done a hijackthis before... came up clean. I've gotta know though, is that stinger proggie any good?
0
zoidbergmanAuthor Commented:
Heh, i just checked it out... That's the same program we used to use back in high school. The computers there were constantly infected.
0
MazaraatCommented:
Stinger is only a scanner, and must be download to get the latest versions, it is NOT Anti-Virus protection.  It is only good for cleaning, and must be redownloaded every time there is a new update......its just a tool.  Norton also has fix tools, but they are individual to the virus repair tools.  Yes stinger is good, remember to scan in safe mode =)

Here are 2 more "free" online virus scanners:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
0
zoidbergmanAuthor Commented:
I'll tell ya guys what, I'll give out the points to whoever can give me the most/most accurate info on port 1025, what it does, some tools to download, etc. Shift the focus to port 1025... I got rid of aim and moved to TRILLIAN.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.