Trend Micro Housecall on-line scanner won't run

docfxit · Jan 20, 2007

I am having trouble with a very slow Win'98se PC. ZoneAlarm is blocking outgoing IP addresses every minuite with a destination of port 80. I am running eTrust Antivirus. I have run Spybot & Adaware Pro. Both updated to latest signatures. I would like to see what program is trying to communicate out to the internet but I can't find a program that will show me the source program trying to get out of a port. Active Ports works great on XP but doesn't run on '98.

Does anyone know of a program that will show which program is trying to get out of a port in '98se?

I have wanted to submit a HijackThis log. In preparing to submit a log I tried running the Trend Micro Housecall on-line scanner. It's been stuck on the Update screen for 12hrs.

How can I get Housecall to run so I can submit a HijackThis log to figure out what is tieing up this PC?

Thank you,

Docfxit

TimW · Jan 20, 2007

It may be best to follow the instructions in the Read and Run First

However, to answer your question:
How do I close a specific TCP port
To close a port, it's usually only necessary to shut down the program holding the port open. On some ports it's enough to tell the program or service that the port should not be opened. A good example is the Microsoft Internet Information Services in Windows 2000 and Windows XP. If installed, they open three ports automatically: 21, 25 and 80. Port 21 is the FTP server, port 25 the SMTP server (email server) and port 80 the webserver for http.

Here's how we find out what processes are keeping those ports open:

1. Hit windows key + r (or click start --> run)
2. Type 'cmd' (without the quotes)
3. Press enter (or click 'ok')
4. Type 'netstat -ano' (without the quotes)
5. Press enter

This lists all ports, the IP addresses using them, and more importantly, the Process IDentifier (PID) that has them open. Find any listings of the ports you specified, and make a note of the PID. Now, follow these steps:

1. Hit ctrl + shift + esc
2. From the 'View' menu, select 'Select Columns'
3. Check the box next to 'Process Identifier'
4. Press 'ok'

Now, Task manager will show you all the processes running on your machine, and the PID of each. Find the ones you noted earlier, and stop them. This is typically all you need to do!

docfxit · Jan 20, 2007

Hi Tim,

Thank you for posting an answer to my questions.

TimW said: ↑

It may be best to follow the instructions in the Read and Run First
Click to expand...

As you can see in my post I tried and would like to follow those instructions. My second question that you did not address is that I got stuck in the middle of those instructions.

TimW said: ↑

However, to answer your question:
How do I close a specific TCP port
To close a port, it's usually only necessary to shut down the program holding the port open. On some ports it's enough to tell the program or service that the port should not be opened. A good example is the Microsoft Internet Information Services in Windows 2000 and Windows XP. If installed, they open three ports automatically: 21, 25 and 80. Port 21 is the FTP server, port 25 the SMTP server (email server) and port 80 the webserver for http.

Here's how we find out what processes are keeping those ports open:

1. Hit windows key + r (or click start --> run)
2. Type 'cmd' (without the quotes)
3. Press enter (or click 'ok')
4. Type 'netstat -ano' (without the quotes)
5. Press enter

This lists all ports, the IP addresses using them, and more importantly, the Process IDentifier (PID) that has them open. Find any listings of the ports you specified, and make a note of the PID. Now, follow these steps:

1. Hit ctrl + shift + esc
2. From the 'View' menu, select 'Select Columns'
3. Check the box next to 'Process Identifier'
4. Press 'ok'

Now, Task manager will show you all the processes running on your machine, and the PID of each. Find the ones you noted earlier, and stop them. This is typically all you need to do!
Click to expand...

These instructions are really great when a person is working with XP. I'm working with '98se. Do you have a solution similar for '98se?

Thank you,

Docfxit

docfxit · Jan 20, 2007

I did discover the outgoing ports that are being used are trying to connect to akamaitechnologies.com. My guess is this PC is very busy with some sort of advertising trying to send my info out. It sure would be great if I could figure out what program is doing that.

Thank you,

Docfxit

TimW · Jan 20, 2007

Port Monster will run on your system: http://majorgeeks.com/Port_Monster_d3454.html

docfxit · Jan 21, 2007

TimW said: ↑

Port Monster will run on your system: http://majorgeeks.com/Port_Monster_d3454.html
Click to expand...

I have installed Port Monster. I can't find where it shows what program is associated with each port. It does show :
66.80.129.198, 1053, remote-as, TheThief, 80, ESTABLISHED
The IP address points to akamaitechnologies.com.
It also shows:
127.0.0.1, 1027, ICKiller, 1036, ESTABLISHED
I installed and ran Spy Sweeper which claims to remove ICKiller. I don't know if I believe ICKiller is really on this PC or if Port Monster uses that name as a default for the port#.
At the same time ZoneAlarm is still showing:
Source IP 192.168.1.3:1104 This port keeps changing
Destination IP 66.80.129.200:80
Blocked
and
Source IP 192.168.1.3:1104 This port keeps changing
Destination IP 66.80.129.199:80
Blocked

Still looking for a way
1. To see what program is associated with a port.
2. To get get Housecall to run so I can submit a HijackThis log to figure out what is tieing up this PC?

Thank you,

Docfxit

TimW · Jan 21, 2007

"Akamai provides many IT services like application hosting, content delivery,
and streaming media services, but they are probably best known for their
massive distributed computer infrastructure. In lay terms, they have upwards
of 15,000+ servers positioned around the globe providing content (software
downloads, etc) and media (like QuickTime, RealAudio, or Windows Media
files) for their customers (the likes of Apple, GM, MTV, Department of
Defense, IBM, Microsoft, Monster.com, Yahoo!, Adobe...).

So for instance, say your company developed a web site/application for use
by your customers. On this website, you wanted to make available a few
hundred moderate length video clips. If you intend your website to have even
moderate traffic, you will quickly realize the potentially prohibitive
time/energy/costs involved with building an infrastructure capable of
delivering this content - to make those files available reliably you'll need
lots of bandwidth, reliable servers with a backup strategy, redundant power
and A/C, lots of RAID-ed disk space, finely tuned security precautions, lots
of manpower to watch over everything, and on and on and on.

This is where Akamai comes in. They have the infrastructure already in place
to deliver these services. Companies can save money by having Akamai deliver
their content for them. Akamai has become so ubiquitous that it's hard to go
a day without (perhaps unknowingly) pulling at least some content of one of
their servers, as you have discovered!"
Click to expand...

Not something you need to block.

However: ICQ Killer trojan/backdoor

YOu need to do the Read and Run First instructions in order for us to help you.

docfxit · Jan 22, 2007

TimW said: ↑

YOu need to do the Read and Run First instructions in order for us to help you.
Click to expand...

Tim,

I can't follow the instructions. Who do I go to to get help following the insturctions? Did you see the title of this thread?

Thank you,

Docfxit

chaslang · Jan 22, 2007

Your problem may be that you are not following the directions in this Sticky thread READ & RUN ME FIRST Before Asking for Support

The READ & RUN ME does not ask you to run Trend Micro Housecall!

Please follow the directions in the current version of th READ & RUN ME that is online and not something that you may have stored locally from a long time ago.

Also those IP addresses (66.80.129.200 and 66.80.129.199) are more than likely your ISP if MegaPath your ISP. See: http://www.megapath.com/

Log in or Sign up

Trend Micro Housecall on-line scanner won't run

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

Trend Micro Housecall on-line scanner won't run

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

docfxit Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches