RE: Sygate Online Services trojan scan

Toggle sidebar Toggle sidebar
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
The computer I am testing was one I had loaned to my B-I-L, they downloaded every cursor and screensaver they could get their hands on
rolleye.gif
I went to Sygate Online Services and did a trojan scan, and it found port 8080 (web server) open, reason = Ringzero trojan . I ran two trojan removers as well as my antivirus program, but they found nothing. And a search for typical ringzero files on harddrive yields nothing. So my question is, am I infected or is the Sygate online scan worthless? I don't have any web servers installed on this machine.

Screenshot
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: wyvrn
The computer I am testing was one I had loaned to my B-I-L, they downloaded every cursor and screensaver they could get their hands on
rolleye.gif
I went to Sygate Online Services and did a trojan scan, and it found port 8080 (web server) open, reason = Ringzero trojan . I ran two trojan removers as well as my antivirus program, but they found nothing. And a search for typical ringzero files on harddrive yields nothing. So my question is, am I infected or is the Sygate online scan worthless? I don't have any web servers installed on this machine. Screenshot
Click to expand...

Your probably not infected. Not knowing exactly what the Sygate test is doing, I'll venture a guess that it's seeing the port open for some reason (what has 8080 open, do you know?) and then deciding it's probably RingZero while it might be something perfectly legit (like webcam software).

Bill


 
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
The only things I have running on bootup are my anti-virus and zonealarm. I made sure and uninstalled the web software from Windows98 and cannot think what else it could be. I think I am gonna format and have a clean slate.
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: wyvrn
The only things I have running on bootup are my anti-virus and zonealarm. I made sure and uninstalled the web software from Windows98 and cannot think what else it could be. I think I am gonna format and have a clean slate.
Click to expand...

Wooa, thats probably a bit overkill. I'd suggest first downloading tcpview from sysinternals.com, it should tell you what task is listenign on 8080...

Bill
 
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
On Windows 98, that show exactly the same thing as netstat -an. Not very useful unless you are on the NT kernel and can see the process. I disagree about overkill, I think formatting would be easier in the long run since I have already spent hours trying to figure out what it is, and there is nothing on the machine I need to keep.

Originally posted by: bsobel
Originally posted by: wyvrn
The only things I have running on bootup are my anti-virus and zonealarm. I made sure and uninstalled the web software from Windows98 and cannot think what else it could be. I think I am gonna format and have a clean slate.
Click to expand...

Wooa, thats probably a bit overkill. I'd suggest first downloading tcpview from sysinternals.com, it should tell you what task is listenign on 8080...

Bill
Click to expand...

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom