How can i find all the hidden programs that are requesting a
connection to the internet, all the backdoors and trojans in my
computer ? When i connect and type netstat i get a lot of connections
that i dont recognize and i need to remove all this from my computer
without reseting my C: drive. Thanks

---

Request for Question Clarification by livioflores-ga on 06 Apr 2004 20:05 PDT

Please, can you tell us what operative system (Mac, windows or Linux)
and which version have you installed in your PC?
Thank you

---

Clarification of Question by vir0-ga on 07 Apr 2004 10:36 PDT

I am using PC and Windows XP Professional 5.1 2600 Build number and
black ice for firewall and panda for antivirus

Hi vir0!!


The first step is to download and install the program Active Ports. I
use it and I verified in my Windows XP Pro computer that it will be an
essential tool for the requested task.
Acording to the developer, SmartLine, Active Ports is an "easy to use
tool for Windows NT/2000/XP that enables you to monitor all open TCP
and UDP ports on the local computer. Active Ports maps ports to the
owning application so you can watch which process has opened which
port. It also displays a local and remote IP address for each
connection and allows you to terminate the owning process. Active
Ports can help you to detect trojans and other malicious programs." If
I read right your question, this is what you need!!
http://www.ntutility.com/freeware.html


But how do you will use this tool?
First of all download it from download.com:
http://download.com.com/3000-2085-10062969.html?part=65960%20&subj=dlpage&tag=button

Unzip the downloaded file aports.zip and run the file setup.exe and follow
the instructions. Remember that you must have administrative
privileges, in other words you must be logged as Administrator.

After installing Active Ports run it and you will see a window with a
list of ALL the processes that are using a TCP/UDP port. The list
shows the name of the processes, the processes IDs, Local and remote
ports and IPs, connection states, protocols and the complete path of
the processes.

If you know (or feel) that one of the processes in the list is a
trojan or another type of pestware you must take note of the full path
of the process and then select it and click on the "Terminate Process"
button.
Use the full path to search for the process in your system and delete it.

Now use the "Microsoft System Configuration Utility" to delete the
pestware from the Start Up list if it is on it. To see how to use this
tool please visit the following page:
"How to Use MSCONFIG":
http://netsquirrel.com/msconfig/


All this stuff will help you if you need to stop and delete manually a
pestware, this method is used for advanced users and for emergencies.
You have a lot of tools to clean up your PC from pests, for each
category select one and use it:

-Anti Spyware/Adware:

Spybot Search & Destroy: free (recommended).
http://www.safer-networking.org/index.php?page=spybotsd

Adaware: free.
http://www.lavasoftusa.com/

-----------------------------------------------------------

- Anti Trojans:

The Cleaner: shareware 
The Cleaner includes background scanning of all activity in memory; a
faster, redesigned scan engine (about 100 files per second); a newer,
tougher, Trojan fingerprinting process; scanning inside compressed
archives; and a completely redesigned Interface (GUI).
http://www.moosoft.com/


PestPatrol: shareware (recommended)
PestPatrol detects spyware, trojans, worms, AOL pests, droppers, probe
tools, mail bombers, password crackers, remote control servers,
spoofers, trojan creation tools, & more. PestPatrol detects what
anti-virus software misses, and is designed to work in conjunction
with anti-virus software.
http://www.pestpatrol.com/


-----------------------------------------------------------

In regards to the firewall I am not familiar with Black Ice, but I
heard that it is a good one. But I feel that Kerio Personal Firewall
is better, it is free and fully costumizable.
Kerio Download:
http://download.kerio.com/dwn/kpf4-en-win.exe

User Manual:
http://www.kerio.com/supp_kpf_manual.html


--------------------------------------------------------------

Another suggestion that I will do is to install and run XPAntispy:
"XP-AntiSpy is a little utility that lets you disable some built-in
update and authentication 'features' in WindowsXP." it also helps you
to deactivate other undesirable features of Windows XP.
http://www.xp-antispy.org/index.php?option=content&task=view&id=12&Itemid=40

To download XPAntispy:
http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26

FAQ-English:
http://www.xp-antispy.org/index.php?option=content&task=view&id=9&Itemid=38

Screenshot:
http://www.xp-antispy.org/index.php?option=content&task=view&id=17&Itemid=45

--------------------------------------------------------------

For additional reference see:

"How to remove trojans and protect your sytem against them!":
http://battleforums.com/history/show/24013.html


---------------------------------------------------------------

I hope this helps you. If you need further assistance please let me
know via the clarification feature.


Best regards.
livioflores-ga

---

Clarification of Answer by livioflores-ga on 08 Apr 2004 07:46 PDT

Hi!!

I am here again because I found a wonderful page that will be very
useful to you in the fight against trojans. Just follow the link (and
the page's sublinks too!!):
"Trojan TCP/IP Ports" by Richard Akerman:
'This page documents DANGEROUS TCP/IP ports, that are used by trojan
horse and backdoor programs or that expose system vulnerabilities,
that hackers use to break into your network. These are ports that you
definitely want closed, possibly with firewall alarms set on them to
detect any external probes or internal compromise.'

Table of Contents:
-FAQ on Port Probes 
-Trojan Ports Lists and Resources 
-Trojans in the News 
-Other Dangerous Ports 
-NET SEND on Windows 
-Blaster Worm on Windows 
-Protecting Yourself 
-Security Sites and Guidelines 
-Windows Security 
-Macintosh Security 
-Linux Security 
-Scanning Services 
-Software to List Open Ports 
-Security Software 
-Windows Security Software 
-Macintosh Security Software 
-Linux Security Software 
-Security Hardware 
-Articles on Security 
-How Can You Contribute? 
-Help I'm Being Hacked 
-Firewall Books (including free book) 
-Questions 

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html


Regards.
livioflores-ga

---

Clarification of Answer by livioflores-ga on 09 Apr 2004 08:54 PDT

Hi!!

I just want to put in your hands another usefull tool:
RegCleaner: (freeware)
This tool will help you to delete all the entries that the spywares
and trojans may leave in the registry after uninstall them:
http://www.cybertechhelp.com/download.php?RegCleaner.exe

For documentation about this program and for guidelines about its
usage please visit:
"RegCleaner Readme":
A complete help file.
http://freeware4u.com/shots/regcleaner/readme.htm

"Spyware Removal Guide":
http://www.clarkson.edu/~leiderjd/tutorial/spyware/spyware-4.htm

The last link is part of the very useful "How to remove spyware and
popups from your computer using free programs!" article by Justin
Leider:
http://www.clarkson.edu/~leiderjd/tutorial/spyware/spyware-1.htm


Hope this helps!!

Regards.
livioflores-ga