Solved

Need to know why I have so many tcp port 1025 connections

Posted on 2004-10-22
301 Views
Last Modified: 2013-11-16
windows xp media center edition 2004, sp2...
Does anybody out there know why I have so many svchost dealies connecting through port 1025. I think it might be aim, but i thought aim always connects with port 5190. I keep my computer clean, to my knowledge at least, using norton internet security/antivirus 2004, ad-aware, pest patrol, spysweeper, spybot s&d, and hijack this. I have also used pdg3, advanced administrative tools, and mcaffe's online scan.
The only question now is, what to do next. I have a 160gb harddrive with around 70gigs left to go, so you can imagine, scans aren't quick.
I'm using netstat in dos all the time, and when i'm connected to the net, sometimes i get huge lists of connections, all to port 1025, some established, others time wait, and sometimes end wait.
I think i'm on a blacklist somewhere, as i'm getting those swen@mm viruses daily in my email account, which i changed. I'm also occasionally invited to aim chats by an obvious bot with an archaic number as a name.
I've been working with computers for a long time, and I don't want to boast, but I do know quite a bit about computers, so don't euphemize my answers please.
with props to all the 31337...
zoidberg
0
Question by:zoidbergman
    7 Comments
     
    LVL 12

    Expert Comment

    by:Mazaraat
    Ports 1025/1026 are used by active directory, DCOM, and several other services..Not to mention several viruses like to get in on those ports =) since there open....
    0
     
    LVL 2

    Accepted Solution

    by:
    I would go into safe mode and run all of your scanning utilities there.  Also get a reg tool such registrar lite (free).  In the past I have found some registry keys changed all around.  A program like HijackThis could give you some hints on to where they are.  'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page' and some other keys in the registry could give you hints onto where malicious code could be lurking.  Also, just to see what happens, I would close those two ports and see how the PC reacts.  Of course AD would not work if that service was active.
    0
     
    LVL 12

    Expert Comment

    by:Mazaraat
    Do all of these in safe mode:

    **Items to verify PC is clean**
    Download run ad-aware:
    --http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
    Download run spybot:
    --http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but
    Download run Virusscanner:
    --http://vil.nai.com/vil/stinger/

    Boot Normally and do this:

    Download and run hijackthis:
    --http://209.133.47.12/~merijn/files/HijackThis.exe
    Either post the log here or you can post the log file at this site and it will go through it for you:
    --http://www.hijackthis.de/index.php?langselect=english
    0
     

    Author Comment

    by:zoidbergman
    i've done a hijackthis before... came up clean. I've gotta know though, is that stinger proggie any good?
    0
     

    Author Comment

    by:zoidbergman
    Heh, i just checked it out... That's the same program we used to use back in high school. The computers there were constantly infected.
    0
     
    LVL 12

    Expert Comment

    by:Mazaraat
    Stinger is only a scanner, and must be download to get the latest versions, it is NOT Anti-Virus protection.  It is only good for cleaning, and must be redownloaded every time there is a new update......its just a tool.  Norton also has fix tools, but they are individual to the virus repair tools.  Yes stinger is good, remember to scan in safe mode =)

    Here are 2 more "free" online virus scanners:
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    0
     

    Author Comment

    by:zoidbergman
    I'll tell ya guys what, I'll give out the points to whoever can give me the most/most accurate info on port 1025, what it does, some tools to download, etc. Shift the focus to port 1025... I got rid of aim and moved to TRILLIAN.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include tâ€Ĥ

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now