[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Antivirus

Posted on 2007-08-02
6
Medium Priority
?
227 Views
Last Modified: 2013-12-04
How can you discover what port a viruses uses to infect a computer on a network. We have Symantec server. Can you supply me with a freeware to do forensic to help learn about what port a virus comes in on.
0
Comment
Question by:SuperFly07
  • 4
  • 2
6 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 375 total points
ID: 19620241
Are you asking in general about future viruses, or are you asking about a specific virus that may have already infected the system?

There is no one answer to the question. The most common ports used by viruses are file and printer sharing ports, but over time viruses have used just about every possible port to exploit weaknesses in common applications. You may want to start by checking what ports are currently open:

 "netstat -ab" from a command prompt

or use TCPview (http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx)

Your computer is as secure as the application listening on that port.

You may find this useful as well:

 http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx
0
 

Author Comment

by:SuperFly07
ID: 19620329
PC has been infected by a virus. We want to traced what port it used to comein on.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19620361
That will depend on what the virus is. Did Symantec already identify the virus?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:SuperFly07
ID: 19620405
Yes it has but we are tying to locate the port and site from which it was downloaded.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19621671
Can you post the name or some description of the virus. Without knowing that it will be hard to know.

Otherwise you just have to review your open network ports, password  policy, file creation dates and times, and network logs (e.g. ftp server, web server etc.) and hope to find something around the time of the infection. The time of infection can be deduced by looking at all files created by the virus and checking dates and times.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19629998
Hope you got some info on how the virus got in.

Thanks and good luck.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question