http://www.dslreports.com/forum/r18408506 en Thu, 04 Dec 2008 13:12:56 EDT Thu, 04 Dec 2008 13:12:56 EDT http://www.dslreports.com/forum/remark,18409375 The Snowman :

At this point I am not totally convinced the Trojan has been completely removed.....an would suggest you do a Hijack This .....

will drop back here later.....to see what you post back]]> http://www.dslreports.com/forum/remark,18409375 Mon, 28 May 2007 15:20:53 EDT http://www.dslreports.com/forum/remark,18409305 anon :

DEFINITELY YOU SHOULD READ THIS

»www.securityfocus.com/infocus/1605

>Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough>]]> http://www.dslreports.com/forum/remark,18409305 Mon, 28 May 2007 15:09:27 EDT http://www.dslreports.com/forum/remark,18409231 The Snowman :

If in fact you do have Trillian.....and you have used it for File Transfer...then perhaps thats were the Trojan came from, but no matter....there appears NO REASON for that particular Port to be doing anything....unless someone else here can offer a reason.......
My suggestion would be to remove Trillian if in fact you do have it installed....if its the Agent in all this then removing it should shut down that port....
Are you ABSOLUTELY SURE you removed that Trojan ?]]> http://www.dslreports.com/forum/remark,18409231 Mon, 28 May 2007 14:56:41 EDT http://www.dslreports.com/forum/remark,18409168 anon :

Cerulean Studios, LLC

Trillian (instant messenger)

»www.ceruleanstudios.com/

============================================================
Here are the ports that Trillian uses by default:

MSN
Connection: 1863
File Transfer: 6891

ICQ
Connection: 5190
File Transfer: Dynamic unless specified

AIM
Connection: 5190
File Transfer: 5190
Direct Connect: 4443

Yahoo
Connection: 5050
File Transfer: 80
Webcam: 5100

»www.ceruleanstudios.com/support/···ROOT/C_T

------------------------------------------------------------

Here are the default ports that Trillian uses:

MSN
Connection: 1863
File Transfer: 6891

ICQ
Connection: 5190
File Transfer: Dynamic unless specified

AIM
Connection: 5190
File Transfer: 5190

Yahoo
Connection: 5050
File Transfer: 80
Webcam: 5100

Jabber:
Connection: 5222
File Transfer: (automatic by default)

»forums.ceruleanstudios.com/showt···id=35182]]> http://www.dslreports.com/forum/remark,18409168 Mon, 28 May 2007 14:44:30 EDT http://www.dslreports.com/forum/remark,18408506 kpatz : Port 3158 = "SmashTV Protocol", whatever that is.

But it could be a trojan as well. Is the connection inbound or outbound? Can you post the output of netstat -ano?]]> http://www.dslreports.com/forum/remark,18408506 Mon, 28 May 2007 12:45:52 EDT http://www.dslreports.com/forum/remark,18408253 dannyboy 950 : The next thing to consider is do these people have any buisness connecting to you or you to them? Do they even know they are trying to connect to you?]]> http://www.dslreports.com/forum/remark,18408253 Mon, 28 May 2007 11:52:34 EDT http://www.dslreports.com/forum/remark,18407968 DR_JAY : Thanks Amy

boy do I feel like an idiot :D]]> http://www.dslreports.com/forum/remark,18407968 Mon, 28 May 2007 10:51:42 EDT http://www.dslreports.com/forum/remark,18407917 amysheehan : WhoIs info: »/whois/70.42.52.11
CustName: Cerulean Studios, LLC
Address: 475 Federal Road
Address: Unit F
City: Brookfield
StateProv: CT
PostalCode: 06804
Country: US
RegDate: 2006-03-09
Updated: 2006-03-09

-amy-
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,18407917 Mon, 28 May 2007 10:35:28 EDT http://www.dslreports.com/forum/remark,18407904 DR_JAY : Hi All,

Over the weekend I was using my laptop and unfortunately I found a virus/trojan named "dna.exe" which was slowing down my computer. I did a "netstat" in the Windows XP command prompt and my laptop was trying to connect to over 100 computers. I removed this virus and the laptop is running fine.

However...

I noticed that there is a connection to port: 3158 and the IP address is 70.42.52.11 . I tried doing a trace route and unfortunately it didn't give me much information as to where is the location of this IP address is coming from. Even after I do a clean reboot, my laptop keeps connecting to that IP address and the same port.

The question I ask is port: 3158 a potential security hole or is it a safe service program that I am unaware that my laptop keeps executing?

If need anymore details, I am more than happy to provide it if there is any good Samaritan willing to assist me.

Thanks]]> http://www.dslreports.com/forum/remark,18407904 Mon, 28 May 2007 10:31:57 EDT