0
Bhullarz's Avatar
Skilled contributor
Quote:
Originally Posted by neo_vi View Post
"And the fact that the Trojan was managed by one group through its history and maintained for nearly three years is also very unusual" Its not my words. See this link
http://www.circleid.com/posts/200810...eware_created/
So sometimes it rarely happens. But if u know the normal operation of a computer u'll definitely come to know the trojan combined operation (most of the time). Now a days anti vruses have become so powerful , with advanced heuristics it can trace any trojan. So no need to worry about a system unless it is a webserver or something that contains valuable informations.
Sometimes extra powerful anti-viruses can give you false warnings. Kaspersky is good example for this. I just developed an application which connects to internet to see if update is available and notify the status. But kaspersky alerted it as Downloader trojan. I was surprised. then I used avira and ESET. they didn't give any warning.
So, I don't trust anti-viruses much, but believe in my ways to handle.
Precaution is better than cure.
0
reddyschintu's Avatar
Banned
ok you are right i accept what u said but as we technically know how the code works we have to decode the transfer code and use it for cracks ,so that no data will be transferred from our system ..here the matter is forums giving us cracking code we have to utilize it off course some websites provide trojans but removing trojans is dead easy now a days
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
Quote:
but removing trojans is dead easy now a days
Nice mate. Thats wat i'm saying for many days, but this guy is not understanding that thing.
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
Quote:
Originally Posted by Bhullarz View Post
Sometimes extra powerful anti-viruses can give you false warnings. Kaspersky is good example for this. I just developed an application which connects to internet to see if update is available and notify the status. But kaspersky alerted it as Downloader trojan. I was surprised. then I used avira and ESET. they didn't give any warning.
So, I don't trust anti-viruses much, but believe in my ways to handle.
Precaution is better than cure.
So u won't even believe microsoft, if its the case u have to develop ur own OS and use it. VISTA or XP may be packed with backdoors to see whether they have linux installed in their systems and delete the linux partitions. so u don't get any OS, jus develop ur own and allow us to use it. Pls don't pack any trojans in ur OS..
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
Quote:
Originally Posted by Bhullarz View Post
Sometimes extra powerful anti-viruses can give you false warnings. Kaspersky is good example for this. I just developed an application which connects to internet to see if update is available and notify the status. But kaspersky alerted it as Downloader trojan. I was surprised. then I used avira and ESET. they didn't give any warning.
So, I don't trust anti-viruses much, but believe in my ways to handle.
Precaution is better than cure.
U might have heard of Sysinternals suite, here is the download link.
http://www.softpedia.com/get/System/...ls-Suite.shtml
In this there is a tool named "procmon" -- process monitor,which has the ability to monitor the registry keys, file handling issues, Network control . So if any think goes wrong, we can fix by our own. so u can download anything from the net provided u must know how to get rid of viruses and trojans.
0
Bhullarz's Avatar
Skilled contributor
Quote:
Originally Posted by neo_vi View Post
U might have heard of Sysinternals suite, here is the download link.
http://www.softpedia.com/get/System/...ls-Suite.shtml
In this there is a tool named "procmon" -- process monitor,which has the ability to monitor the registry keys, file handling issues, Network control . So if any think goes wrong, we can fix by our own. so u can download anything from the net provided u must know how to get rid of viruses and trojans.
Do you think a normal user who is not from COMPUTERS background can decide which process is useful and which is harmful. using SYSINTERNALS suites quite handy task but need lots of care. If everyone could use it, there would be no department named as TECHNICAL SUPPORT.
0
reddyschintu's Avatar
Banned
two fire walls never matter becoz they are programmed with same techniques and codings so it never matters
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
Code:
                Commonly Used Trojan Ports


	 port   21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
	 port   23 - Tiny Telnet Server
	 port   25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz
	            Stealth, Terminator, WinPC, WinSpy
	 port   31 - Hackers Paradise
	 port   80 - Executor
	 port   456 - Hackers Paradise
	 port   555 - Ini-Killer, Phase Zero, Stealth Spy
	 port   666 - Satanz Backdoor
	 port   1001 - Silencer, WebEx
	 port   1011 - Doly Trojan
	 port   1170 - Psyber Stream Server, Voice
	 port   1234 - Ultors Trojan
	 port   1245 - VooDoo Doll
	 port   1492 - FTP99CMP
	 port   1600 - Shivka-Burka
	 port   1807 - SpySender
	 port   1981 - Shockrave
	 port   1999 - BackDoor
	 port   2001 - Trojan Cow
	 port   2023 - Ripper
	 port   2115 - Bugs
	 port   2140 - Deep Throat, The Invasor
	 port   2801 - Phineas Phucker
	 port   3024 - WinCrash
	 port   3129 - Masters Paradise
	 port   3150 - Deep Throat, The Invasor
	 port   3700 - Portal of Doom
	 port   4092 - WinCrash
	 port   4590 - ICQTrojan
	 port   5000 - Sockets de Troie
	 port   5001 - Sockets de Troie
	 port   5321 - Firehotcker
	 port   5400 - Blade Runner
	 port   5401 - Blade Runner
	 port   5402 - Blade Runner
	 port   5569 - Robo-Hack
	 port   5742 - WinCrash
	 port   6670 - DeepThroat
	 port   6771 - DeepThroat
	 port   6969 - GateCrasher, Priority
	 port   7000 - Remote Grab
	 port   7300 - NetMonitor
	 port   7301 - NetMonitor
	 port   7306 - NetMonitor
	 port   7307 - NetMonitor
	 port   7308 - NetMonitor
	 port   7789 - ICKiller
	 port   9872 - Portal of Doom
	 port   9873 - Portal of Doom
 	 port   9874 - Portal of Doom
	 port   9875 - Portal of Doom
	 port   9989 - iNi-Killer
	 port 10167 - Portal of Doom
	 port 11000 - Senna Spy
	 port 11223 - Progenic trojan
	 port 12223 - Hack´99 KeyLogger
	 port 12345 - GabanBus, NetBus
	 port 12346 - GabanBus, NetBus
	 port 12361 - Whack-a-mole
	 port 12362 - Whack-a-mole
	 port 16969 - Priority
	 port 20001 - Millennium
	 port 20034 - NetBus 2 Pro
	 port 21544 - GirlFriend
	 port 22222 - Prosiak
	 port 23456 - Evil FTP, Ugly FTP
	 port 26274 - Delta
	 port 31337 - Back Orifice
	 port 31338 - Back Orifice, DeepBO
	 port 31339 - NetSpy DK
	 port 31666 - BOWhack
	 port 33333 - Prosiak
	 port 34324 - BigGluck, TN
	 port 40412 - The Spy
	 port 40421 - Masters Paradise
	 port 40422 - Masters Paradise
	 port 40423 - Masters Paradise
	 port 40426 - Masters Paradise
	 port 47262 - Delta
	 port 50505 - Sockets de Troie
	 port 50766 - Fore
	 port 53001 - Remote Windows Shutdown
	 port 61466 - Telecommando
	 port 65000 - Devil
Hope this will help the beginners.
0
Bhullarz's Avatar
Skilled contributor
Thanks NEO_VI for this useful info for all. I hope SOME KNOWN Trojans can be recognized now by beginners too.
Just use
Code:
netstat -a
to know what ports are in use on your computer.
0
Bhullarz's Avatar
Skilled contributor
Quote:
Originally Posted by reddyschintu View Post
ok you are right i accept what u said but as we technically know how the code works we have to decode the transfer code and use it for cracks ,so that no data will be transferred from our system ..here the matter is forums giving us cracking code we have to utilize it off course some websites provide trojans but removing trojans is dead easy now a days
I can tell you one thing trojan is not just piece of code which can be downloaded through other softwares. Sometimes, some websites do spread trojans. Just visiting them can cause your machine infected. There are lots of hackers who do this. They just find the bugs in the server software and transfer their malicious code to server and whenever a visitor comes to the website, he can be infected. Usually premium editions of anti-viruses have online security system which can detect these but the free anti-viruses usually doesn't have such tools. They can be infected.

Rest you talked about decoding the code, i couldn't get you. Can u explain that?