Please help regarding Trojan Port 5000

[METALLICA]

i have one problem..even i detected that..i have one trojan....port 5000....sockets de troie,back door, ... i tried avg,microsoft antispyware,...and many things...but it didnt go..it creates a BLANK folder when i am using my pc...he has access to my pc ... how to remove this trojan...plz help...plz help... plzzzzzzzzzzzzzzzzz help.... dont tell me to do format..that i cant do....plzzzzz help....waiting for anyone's reply....plzzzzzzzzzz help....[/b]

[Edited Batty] Topic edited to reflect the thread contents

[Charley]

Should be helpful & also the tojan is in Port 5001


http://www.doshelp.com/Ports/Trojan_Ports.htm

[tuxfan]

Spybot Search and destroy. This is one of the best!

[saROMan]

Sockets de Troie

A French Trojan Horse and virus

Means "Trojan Sockets" in French.
Typically uses the ports 5000, 5001, 30303, and 50505.
Was created with Delphi 3.
Several variants known.
Includes remote administration tool like Back Orifice and NetBus, so it has a server (spread with virus) and client portion.
Pretends to be a setup program lacking setup32.dll.
Copies file to system directory called mschv32.exe, which runs during startup HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunLoad MSchv32 Drv = C:\WINDOWS\SYSTEM\MSchv32.exe
To detect if you are infect, HKEY_CLASSES_ROOT\DirectSockets DirectSocketsCtrl = $A4 D5 #FFF
Executing creates an error message about a missing SETUP32.DLL or ISAPI32.DLL.


d/l The Removal Tool From Here ...also download...McAfee AVERT Stinger v2.5.3 - Specific viruses remover and scan your PC with it...

[Charley]

Quote:

Originally Posted by tuxfan

Spybot Search and destroy. This is one of the best!

Doesnt detect it .....

[tuxfan]

Quote:

Originally Posted by achacko@dataone.in

Doesnt detect it .....

Too bad!! My recommendation is based on what I have heard and what I have read. I am not an expert in the field of security

[METALLICA]

thanx everyone..but there is no software or dos code(which can run in safe mode) to remove this port 5000.....after this,,,i dont trust to any softwares,,,i tried norton,avg,microsoft antispyware,mcafee,,,,kept them updated but nothing useful...all sucks....so,,can anyone tell me how to remove this port 5000..and thanx for replying every one...but give me any suggestion to cure it..(port5000)...

[saROMan]

Quote:

Originally Posted by saROMan

Sockets de Troie

A French Trojan Horse and virus

Means "Trojan Sockets" in French.
Typically uses the ports 5000, 5001, 30303, and 50505.
Was created with Delphi 3.
Several variants known.
Includes remote administration tool like Back Orifice and NetBus, so it has a server (spread with virus) and client portion.
Pretends to be a setup program lacking setup32.dll.
Copies file to system directory called mschv32.exe, which runs during startup HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunLoad MSchv32 Drv = C:\WINDOWS\SYSTEM\MSchv32.exe
To detect if you are infect, HKEY_CLASSES_ROOT\DirectSockets DirectSocketsCtrl = $A4 D5 #FFF
Executing creates an error message about a missing SETUP32.DLL or ISAPI32.DLL.


d/l The Removal Tool From --->>> Here <<<---...also download...McAfee AVERT Stinger v2.5.3 - Specific viruses remover and scan your PC with it...

Guess i gaved you the Solution ???

[AMITAGARWAL02]

What are ports
i have heard many times but what are they good or bad

[anandk]

use TDS-3. (trojan download suite). its the best in its category.
click tds.diamondcs.com.au/

[digen]

Quote:

Originally Posted by AMITAGARWAL02

What are ports
i have heard many times but what are they good or bad

Ports are channels through which connections are made.There are 65,535 TCP & 65,535 UDP ports.

Take for example when you enter www.thinkdigit.com in the browser & press retrieves pages/content which is situated at the port/IP address [of thinkdigit].Same is the case with FTP or any other application for that matter,even your P2P applications kazaa & others require a port for communication & transfer.

I hope you got what I've written.

[METALLICA]

THANX EVERYONE..... AND SAROMAN...THERE is no directsocket...as u said....so can u tell anything else to remove port 5000.....and can u tell me from where u got that information abt trojan....setup de troie....abt where it is located...can u give me that source from where u got that info.but....plz help me anyone....abt port5000...it has not been removed yet...i installed spybot..and it showed me some adwares .. i deleted them but there is still port5000 in my pc...i can get to know that thru running netstat in command..... plz reply.....saroman...

[saROMan]

Well as far information is consern I get all My Information from Here....Hmm so registry tweak didnot worked..Did u tryed the removal Tool from Here : ftp://sac-ftp.gratex.sk/avir/antisock.zip ...if u havnt ..plz d/l it and try it..also d/l stinger and scan ur PC with it to remove any stains of Trojan from your PC....also here is all info about Port 5000..also Visit Here , Here , here , and Here ..please visit the above sites if u have any Doubts/Queries about Sockets de Troie .......

Best of Luck.....

also plz reply ASAP so better rectification of Problem can be done ..

[METALLICA]

thnx for everything.......man,,,u just shocked me with that links...abt plug n play...ok..lets suppose if there is no trojan in my pc,,,then blank folders used to get created with the name "BLANK" - 0 kb...ok now it happens less bcoz that day i run spybot and it showed me some registry problems and i deleted that..so i have not seen that blank folders again...but when i run netstat in cmd prompt,,it shows port5000...i will try to disable plug n play and c what happens next...thnx for everything again..saroman...and i cannot access ftp sites..not accessible from here....can u tell me some http links for that....