Go Premium for a chance to win a PS4. Enter to Win


Need to know why I have so many tcp port 1025 connections

Posted on 2004-10-22
Medium Priority
Last Modified: 2013-11-16
windows xp media center edition 2004, sp2...
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
Question by:zoidbergman
  • 3
  • 3
LVL 12

Expert Comment

ID: 12385775
Ports 1025/1026 are used by active directory, DCOM, and several other services..Not to mention several viruses like to get in on those ports =) since there open....

Accepted Solution

winkingtiger earned 250 total points
ID: 12431308
I would go into safe mode and run all of your scanning utilities there.  Also get a reg tool such registrar lite (free).  In the past I have found some registry keys changed all around.  A program like HijackThis could give you some hints on to where they are.  'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page' and some other keys in the registry could give you hints onto where malicious code could be lurking.  Also, just to see what happens, I would close those two ports and see how the PC reacts.  Of course AD would not work if that service was active.
LVL 12

Expert Comment

ID: 12436432
Do all of these in safe mode:

**Items to verify PC is clean**
Download run ad-aware:
Download run spybot:
Download run Virusscanner:

Boot Normally and do this:

Download and run hijackthis:
Either post the log here or you can post the log file at this site and it will go through it for you:
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.


Author Comment

ID: 12450029
i've done a hijackthis before... came up clean. I've gotta know though, is that stinger proggie any good?

Author Comment

ID: 12450040
Heh, i just checked it out... That's the same program we used to use back in high school. The computers there were constantly infected.
LVL 12

Expert Comment

ID: 12464599
Stinger is only a scanner, and must be download to get the latest versions, it is NOT Anti-Virus protection.  It is only good for cleaning, and must be redownloaded every time there is a new update......its just a tool.  Norton also has fix tools, but they are individual to the virus repair tools.  Yes stinger is good, remember to scan in safe mode =)

Here are 2 more "free" online virus scanners:

Author Comment

ID: 12470023
I'll tell ya guys what, I'll give out the points to whoever can give me the most/most accurate info on port 1025, what it does, some tools to download, etc. Shift the focus to port 1025... I got rid of aim and moved to TRILLIAN.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question