Are they UDP ports?
Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [mailto:david....@nwea.org] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS "netstat -ano". The "o" gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) ________________________________ From: David Lum [david....@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (6666,6667). TCPView shows nothing in that range....comments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 ________________________________ From: David Lum [mailto:david....@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. ******************************************************************* ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 dlid...@trone.com http://www.trone.com/ Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~