Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: port doom

Original Message
Name: echobunny
Date: November 26, 2003 at 05:33:04 Pacific
Subject: port doom
OS: XP pro
CPU/Ram: PIII 700 / 386mb sdram
Comment:
i keep getting this alert by my firewall every so often

Direction: incoming
Local Point: 0.0.0.0, port 1026
Adapter: USB Cable Modem 351000 - Packet Scheduler Miniport
Remote Point: dialup-64.156.39.12.Dial1.Denver1.Level3.net [64.156.39.12], port doom [666]
Protocol: UDP

"generic host process for win32 services" is also mentioned in the alert

whats that all about? port doom [666] doesnt sound too good to me so ive been denying them


Report Offensive Message For Removal

Response Number 1
Name: tamtam
Date: November 26, 2003 at 07:37:48 Pacific
Subject: port doom
Reply: (edit)
I don't fully understand what they are saying in that link, but i think it will be off help
http://ricardo.ecn.wfu.edu/~plug/mail_archive/0309/0005.html

Report Offensive Follow Up For Removal

Response Number 2
Name: LiQuiD7
Date: November 26, 2003 at 08:05:25 Pacific
Subject: port doom
Reply: (edit)
POrt 666 TCP attack:
Attack FTP simply installs a custom version of Serv-u invisibly.
Quick fix: no quick fix programs
Trojan B' Gone plugin might be as well.

Manual removal:
Remove the Reminder key located in the registry at: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. This can be done with regedit or any other registry editing program.
Change the load=Wscan.exe key under [Windows] to load= in the win.ini. Which can be done with any text editing program.
Reboot the computer or close the trojan.
Delete the trojan files WScan.exe and drwatsom.exe in the windows system directory.

If you got Port 666 UDP attack then its the N0kN0k Trojan, in this case:
Attack FTP. 666 UDP N0kN0k Trojan/ 777 TCP, AIM Spy Application.


Report Offensive Follow Up For Removal

Response Number 3
Name: echobunny
Date: November 28, 2003 at 00:41:19 Pacific
Subject: port doom
Reply: (edit)
no that link didnt make much sense to me either tamtam =/

i couldnt find any of the registry settings/files you mentioned LiQuiD7 and i didnt understand the last thing you said. is that a different trojan? what do i do for that one. why didnt a trojan scanner pick this up


Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: port doom

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC