Security Scan has detected a Backdoors and trojan horses CVSS Temporal: 6.8 need guidance to mitigate the flaw

Posted on 2011-04-26
Last Modified: 2012-05-11
Hi Experts,

We would appreciate some help on this one.

One of our Windows servers has been flag with the following Category: Backdoors and trojan horses CVSS Temporal: 6.8 (please see more information below)

I was wondering if someone could help me out to narrow this down and provide a solution to fix this flaw. The server is MS Windows 2003 SP2 fully patch.

Any ideas?  


QID: 1004 CVSS Base: 7.5 [1]
Category: Backdoors and trojan horses CVSS Temporal: 6.8
Vendor Reference: -
Bugtraq ID: -
Service Modified: 06/04/2009
User Modified: -
Edited: No
There are known backdoors that use specific port numbers. At least one of these ports was found open on this host. This may indicate the presence of a backdoor;
however, it's also possible that this port is being used by a legitimate service, such as a Unix or Windows RPC.
If a backdoor is present on your system, then unauthorized users can log in to your system undetected, execute unauthorized commands, and leave the host
vulnerable to other unauthorized users. Malicious users may also use your host to access other hosts and perform a coordinated Denial of Service attack.
Scan Results page 238
Some well-known backdoors are "BackOrifice", "Netbus" and "Netspy". You should be able to find more information on these backdoors on the CERT
Coordination Center's Web site ( (
Call a security specialist and test the host for backdoors. If a backdoor is found, then the host may need to be re-installed.
Question by:llarava
    LVL 11

    Expert Comment

    use program called nmap ( or similar program ) and scan computer for open ports,

    scan with antivirus program
    LVL 10

    Expert Comment

    What AV product are you using? Do you have a specific virus that was identified?

    Author Comment

    No virus. We are running SEP. We have an application from a third party vendor that has an specific TCP port open. The result of the scan doesn't indicate the port.
    LVL 10

    Accepted Solution

    Do you know which application caused the violation? If so, do a "netstat -a -b" to show the ports the system is listening on. What is your goal here? Are you just trying to find the port the application is listening on?

    To use nmap to show a list of open ports run the following command:

    nmap -vv -sT -NP -sV <ip address>
    nmap -vv -sS -NP -sV <ip address>

    Another application you may want to look at is called "Process Hacker". It is like the Windows Process Manager but on steroids. It can cycle through all of the PIDs to see if there are any hidden processes (probably not an issue for you though). It will also tell you what processes are listening on any specific TCP/UDP port.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now