[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now



Posted on 2007-08-02
Medium Priority
Last Modified: 2013-12-04
How can you discover what port a viruses uses to infect a computer on a network. We have Symantec server. Can you supply me with a freeware to do forensic to help learn about what port a virus comes in on.
Question by:SuperFly07
  • 4
  • 2
LVL 32

Accepted Solution

r-k earned 375 total points
ID: 19620241
Are you asking in general about future viruses, or are you asking about a specific virus that may have already infected the system?

There is no one answer to the question. The most common ports used by viruses are file and printer sharing ports, but over time viruses have used just about every possible port to exploit weaknesses in common applications. You may want to start by checking what ports are currently open:

 "netstat -ab" from a command prompt

or use TCPview (http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx)

Your computer is as secure as the application listening on that port.

You may find this useful as well:


Author Comment

ID: 19620329
PC has been infected by a virus. We want to traced what port it used to comein on.
LVL 32

Expert Comment

ID: 19620361
That will depend on what the virus is. Did Symantec already identify the virus?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Author Comment

ID: 19620405
Yes it has but we are tying to locate the port and site from which it was downloaded.
LVL 32

Expert Comment

ID: 19621671
Can you post the name or some description of the virus. Without knowing that it will be hard to know.

Otherwise you just have to review your open network ports, password  policy, file creation dates and times, and network logs (e.g. ftp server, web server etc.) and hope to find something around the time of the infection. The time of infection can be deduced by looking at all files created by the virus and checking dates and times.
LVL 32

Expert Comment

ID: 19629998
Hope you got some info on how the virus got in.

Thanks and good luck.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question