|
|
|
re: trojan? remote access??
Tuesday, December 2, 2003 at 9:25 am
Windows Me Annoyances Discussion Forum
Posted by worm
(792 messages posted)
Hi Allegro,
I think you should be concerned about this:
TCP 172.XXX.XXX.XXX:1787 64.125.138.190:7514 ESTABLISHED
The IP address 64.125.138.190 belongs to www.gay.com. Port #7514 is used by a spamming
program called "Backdoor.jeem". More info
HERE
This doesn't mean that you've got that installed on your system, but
your machine may possibly be acting as "Open Relay". This means that you are unknowlingly
acting as a server to bounce SPAM to other users throughout the world. To find out
whether that's the case or not, the best thing you can do is to test it
HERE
Theoretically AOL should be filtering it and the IP address that starts
with 172.XXX belongs to AOL. I think it would be in your interests to contact AOL
and report these incidents.
On Tuesday, December 2, 2003 at 7:36 am, allegro wrote:
>I have the following ports listening and connections established. It seems screwed
>up. I am using AOL on their broadband/dsl dialup. Does that matter?
>
>TCP 0.0.0.0:1808 0.0.0.0:0 LISTENING
>TCP 0.0.0.0:1847 0.0.0.0:0 LISTENING
>TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
>TCP 0.0.0.0:1787 0.0.0.0:0 LISTENING
>TCP 172.XXX.XXX.XXX:1847 64.125.XXX.XXX:80 ESTABLISHED
>TCP 172.XXX.XXX.XXX 0.0.0.0:0 LISTENING
>TCP 172.194.244.221:1694 0.0.0.0:0 LISTENING
>TCP 172.XXX.XXX.XXX:1694 64.12.X.XX:13784 ESTABLISHED
>TCP 172.XXX.XXX.XXX:1787 64.125.138.190:7514 ESTABLISHED
>UDP 0.0.0.0:68 *:*
>UDP 127.0.0.1:1696 *:*
>UDP 127.0.0.1:1699 *:*
>UDP 172.XXX.XXX.XXX:1900 *:*
>UDP 172.XXX.XXX.XXX:137 *:*
>UDP 172.XXX.XXX.XXX:138 *:*
>
>
>
- Written in response to:
- re: trojan? remote access?? (allegro: Tuesday, December 2, 2003 at 7:36 am)
There are presently no replies to this message.
|
|
All messages in this thread [show all]
 |  | |  | re: trojan? remote access?? (worm: Tue, Dec 2, 2003, 9:25 am) |
| |
| |
Return to the Windows Me Discussion Forum
|
|
|
|
