"Multiple Ports Open"

Hyde_nSneek · May 19, 2010

Hello again,
Well I hope I did everything right, the logs of the scans I was able to run, are attached to this (I hope), I'm not sure if I did the MGtools right, because I'm not sure if I'm running Windows 7 or 8? I feel I should know this, I think it's 8, but I didn't know where to go, to know for sure. Thank you again for any help you can provide, I've been dealing with this for about 8 months :cry, lol very frustrating, not getting anywhere, so I'm curious to know what you find out from the logs. :confused
Thank you,

Hyde_nSneek

TimW · May 20, 2010

You didnt attach anything.

Please read this:
How to attach items to your post.

Hyde_nSneek · May 20, 2010

I'm sorry, let me try this again.....

Hyde_nSneek

TimW · May 21, 2010

You are running Microsoft Windows XP Professional.

The MGlogs.zip was basically empty. You need to re-run it and wait until it says it is finished.

Hyde_nSneek · May 21, 2010

Really? I saw it was 9 Kb, so I just assumed there was a log in it, I didn't even look at it myself, because I wouldn't know what anything meant, Lol. Okay I will try it again.
Thank you,

Hyde_nSneek

Hyde_nSneek · May 21, 2010

Hyde_nSneek said: ↑

Really? I saw it was 9 Kb, so I just assumed there was a log in it, I didn't even look at it myself, because I wouldn't know what anything meant, Lol. Okay I will try it again.
Thank you,

Hyde_nSneek
Click to expand...

Hi, I attatched the file I think I was supposed to attatch on the last post, let me know, thanks.

Hyde_nSneek

TimW · May 22, 2010

What I want is the C:\MGlogs.zip. There will be numerous files in that, not just the unkeys log. What is happening when you run the C:\MGtools\GetLogs.bat file by double clicking on it? Are you getting any error messages, does HJT pop up to ask for an agreement to run it? Are you waiting until it tells you to hit any key?

Hyde_nSneek · May 22, 2010

TimW said: ↑

What I want is the C:\MGlogs.zip. There will be numerous files in that, not just the unkeys log. What is happening when you run the C:\MGtools\GetLogs.bat file by double clicking on it? Are you getting any error messages, does HJT pop up to ask for an agreement to run it? Are you waiting until it tells you to hit any key?
Click to expand...

Okay, now I think I did it right, the last time, it ran 2 scans and stopped, with the command window open, I left it there for a awhile, like an hour, it hadn't changed so I closed it, it said it was scanning still, but the screen froze and didn't finish. To start it I just double clicked on the "C:\MGtools" in the root folder of windows, it started scanning automatically, HJT never popped up, nothing ever asked me to agree to anything, when it was finished, it said "scans complete, press any key to close this window", and told me the log files were in a zip file on the C drive, so I clicked the space bar, and it closed. It froze when I tried to install RootRepeal also, so I wasn't able to run that scan. I'm sorry, I feel like I'm not doing something right..??

Hyde_nSneek

TimW · May 22, 2010

You did that fine. The only thing I am seeing is that you have Avira installed along with Iobit360 ( or rather, had, since I am not seeing it in your add/remove program list).

What issues are you having?

Hyde_nSneek · May 23, 2010

TimW said: ↑

You did that fine. The only thing I am seeing is that you have Avira installed along with Iobit360 ( or rather, had, since I am not seeing it in your add/remove program list).

What issues are you having?
Click to expand...

Hi TimW, I'm sorry, I was under the impression that you had read my original post that I posted in "Networking", on 5/17/10. If you read that post you will understand. when I posted it, someone with the name "thesmokingun", answered my post and told me to run the scans and do the cleaning, and post the logs in the "Malware Removal" section. If you could please read that post, so you can better understand, thank you.

Hyde_nSneek

TimW · May 23, 2010

As I stated, I am not seeing any malware. However, I suggest you install a firewall. This would give you better info on what ports are open and what programs are accessing them. Is that what your issue is about...closing ports?

As a general guide:

How do I close a specific TCP port
To close a port, it's usually only necessary to shut down the program holding the port open. On some ports it's enough to tell the program or service that the port should not be opened. A good example is the Microsoft Internet Information Services in Windows 2000 and Windows XP. If installed, they open three ports automatically: 21, 25 and 80. Port 21 is the FTP server, port 25 the SMTP server (email server) and port 80 the webserver for http.

Here's how we find out what processes are keeping those ports open:

1. Hit windows key + r (or click start --> run)
2. Type 'cmd' (without the quotes)
3. Press enter (or click 'ok')
4. Type 'netstat -ano' (without the quotes)
5. Press enter

This lists all ports, the IP addresses using them, and more importantly, the Process IDentifier (PID) that has them open. Find any listings of the ports you specified, and make a note of the PID. Now, follow these steps:

1. Hit ctrl + shift + esc
2. From the 'View' menu, select 'Select Columns'
3. Check the box next to 'Process Identifier'
4. Press 'ok'

Now, Task manager will show you all the processes running on your machine, and the PID of each. Find the ones you noted earlier, and stop them. This is typically all you need to do!
Click to expand...

You can use Active Ports.

Hyde_nSneek · May 26, 2010

TimW said: ↑

As I stated, I am not seeing any malware. However, I suggest you install a firewall. This would give you better info on what ports are open and what programs are accessing them. Is that what your issue is about...closing ports?

As a general guide:

You can use Active Ports.
Click to expand...

Yes part of it is, there is other computers connected to me remotely, how do I get rid of them, and block them from accessing my my computer? Whenever I'm on the computer, it seems it's getting slower and slower at loading pages, and there are folders that I don't know where they came from on my computer, and if I try to open them, or move them, a message pops up saying "I don't have permission to acess, and to check with my Administrator"? So I don't understand, I feel something or someone is controling my computer. Very Frustrating.....:cry
Please help......

Hyde_nSneek

TimW · May 27, 2010

How do you know that other computers are accessing your computer? What files or folders are "appearing" that you cant remove? Have you installed a firewall? Have you turned off File and Print sharing?

Hyde_nSneek · May 31, 2010

TimW said: ↑

How do you know that other computers are accessing your computer? What files or folders are "appearing" that you cant remove? Have you installed a firewall? Have you turned off File and Print sharing?
Click to expand...

Hello again,
Yes I did install the one you suggested "Active Ports", and I turned off File and Print Sharing, but I'm telling you I don't know that much about all the networking possibilities, that can happen, but I just did a virus scan, using
Avira Antivirus, and I was looking at the log, and there seems to be alot of things in the log, like "Remote-something, RemotePC, files in Documents and settings, that are system files-password protected, that I didn't password protect, cannot be opened, files that say access denied, files with all kinds of different countries, and states, in the name, etc., can I post the log for you to review, on here?
I also tried what you said about closing the ports that are open, and as soon as I would close them, they would open another port (with a different number), or this big warning would pop up saying "NTAuthority Security Shutting Down" and then my computer would re-boot. So if you could let me know if I can post the log here, please, then maybe you can see what I'm talking about. Thank you for all your help...

Hyde_nSneek

TimW · May 31, 2010

Yes, you may attach that log. Have you installed a firewall program yet? One of the simplest is PCTools Firewall. Do not install ThreatFire.

Hyde_nSneek · May 31, 2010

TimW said: ↑

Yes, you may attach that log. Have you installed a firewall program yet? One of the simplest is PCTools Firewall. Do not install ThreatFire.
Click to expand...

Hi Tim,
Alright here is the log from running Avira Antivirus, and I misunderstood you I guess, I was thinking "Active Ports" was a firewall program, and I downloaded that, but after reading this message, I downloaded "PC Tools Firewall", and I'm going to install it now. So hopefully you can find some answers for me in this log....my fingers are crossed, lol.
Thank you so much for all your help, I really appreciate it.

Hyde_nSneek

TimW · Jun 1, 2010

Your Avira log is perfectly fine. I am more interested in you having a firewall to block some of the things that may be opening ports without your knowledge. I would suggest that you post in the software forum if you have questions about what programs are legit and what you may be needing to block.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Hyde_nSneek · Jun 2, 2010

Okay Tim,
Thank you so much for all your help, I will post in the sofware forum, regarding which ports should be blocked, and which are legitimate. I really appreciate your help. And I will follow through with the final steps.
Best Wishes....

Hyde_nSneek

TimW · Jun 2, 2010

You are most welcome. Safe surfing.

Log in or Sign up

"Multiple Ports Open"

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

SASlog.txt

mlwrebytes-log.txt

ComboFix-log.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Hyde_nSneek Private E-2

Attached Files:

GetUnKey.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

AviraAntivirusScan.LOG

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

"Multiple Ports Open"

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Hyde_nSneek Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Hyde_nSneek Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Useful Searches