Jon Harrison wrote:

>My dad is running w2k and netstat shows an unbelievable number of
>ports open.
>
>Listening on more than 50.  My thoughts are worm but which one?  He
>cannot start his antivirus, it immediately closes and his computer
>is running slower than a slug.
>
>I've had him check services and startup stuff.  Nothing stands out
>unless it has taken on a name of something else that is legitimate.
>
>Entries are like this:
>
>  TCP    jrobert:1181           jrobert:0              LISTENING
>  TCP    jrobert:1182           jrobert:0              LISTENING
>  TCP    jrobert:1183           jrobert:0              LISTENING
>  TCP    jrobert:1391           jrobert:0              LISTENING
>  TCP    jrobert:1394           127.0.0.120:epmap      SYN_SENT
>  TCP    jrobert:1397           127.0.0.120:epmap      SYN_SENT
>  TCP    jrobert:1407           127.0.0.120:epmap      SYN_SENT
>
>I've searched these port numbers at Symantec and google but nothing
>definite comes up.
>
>Does anyone have an idea of what could be causing entries like
>this.
>
>I guess I'll have to drive down there and install the latest
>definitions and hope that solves it, but if it's not a worm, what
>else would be doing this type of activity.
>
>Thanks, Jon
>
>
>  
>
Just a guess but you might try adaware.  It is likely he has 
adware/spyware on his system.  These programs such as gator, gaim, 
bargain buddy, etc. might do this (not sure on that account).  I do know 
it is becoming very prevalent and causes many stability issues on windoze.
Andy

 

Yahoo! Groups Links

To visit your group on the web, go to:
 http://groups.yahoo.com/group/os2user/

To unsubscribe from this group, send an email to:
 os2user-unsubscribe{at}yahoogroups.com

Your use of Yahoo! Groups is subject to:
 http://docs.yahoo.com/info/terms/ 



---