Remove-Malware.com Forums

[securitynoob]

Okay, here's how it goes. I went to grc.com, and ran the SheildsUp! test, and it said that my ports 1035 and 1036 were open. I saw that these ports were used by the Multidropper Trojan. I'm pretty good with security, and wondered how Comodo Firewall W/ antivirus and DefencePlus! could have missed this. I wanted to know if there was anything else that could be using those ports. I'm currently scanning with SUPERAntiSpyware, and will do a malwarebytes scan when that is done. I'll post the logs. Just wanted to see if you guys knew anything...

[sss20]

Hi securitynoob!
I bet that you aren't infected. ......but let's wait for the mbam and sas scan.You can also do a Hitman Pro scan if you like. (http://www.surfright.nl/en/downloads)

[securitynoob]

lol, yeah, thanks. I'm just kinda paranoid about computer security. Ever since my computer got infected about a year ago (Almost to the date).

Did a full scan with SUPERAntiSpyware, and it found a few tracking cookies, but nothing else. MalwareBytes' is 40 something odd thousand files into a full scan and hasn't found anything yet. I'll let you know.

EDIT: malwarebyte's finished it's scan, and didn't find anything. Hey, is there a way that I can specify those ports in Comodo's Internet Security to make sure that those ports are stealthed?

[sss20]

If you went to grc.com and run the ShieldUp test...then proably you wont get infected in this life (sorry for the bad news ). .....CIS is pure gold in the hands off a pro user.....Also ShieldsUP Tests is just for testing the firewall for vulnerabilities................If you tweak CIS you can easily pass their test.....

[bogdan]

The fact that some ports are opened doesn't mean you are infected. Some application running on your pc uses those ports. You can use netstat, or even better CurrPorts (run it as admin) to find out what application uses those ports.

BTW, Comodo Firewall can do this too. Check under Firewall > View Active Connections. Look for xxx:1035 and xxx:1036 (where xxx is your ip address) under the source column.

[sss20]

For maximum protection setup CIS like in languy99 video.... (also you will probably pass he ShielUp test )
http://www.youtube.com/watch?v=3g5pqV9nQUg

[Dieselman]

Excuse me but all of you are wrong. The Shields Up test will test your router/hardware firewall first and they tell you this. So if you are behind a router/hardware firewall then you need to go into your router settings and check off the proper settings. Then restart your router and re-test. If you are not behind a router/hardware firewall then you need to run Comodo's stealth port wizard under the firewall tab.

[securitynoob]

Alright, I went through Comodo's firewall page, and I set it to "Make my ports stealth for everyone...". l Will my internet connection work as before? My online games?

[Dieselman]

Are you behind a router/hardware? If you are that's what matters.

[bogdan]

Dieselman You are right, it will first test your router. But if one port is opened in the router it can still be closed by your software firewall. The fact that two ports are opened means that they are opened in both the software firewall and the router (if securitynoob has one). At least this is what I think.