Mydoom- How do I know if port is opened?

[Uncle Vinnie]

I've cleaned up my pc after being foolish enough to open that zip file.. how
do I know if the ports spoken of are open? And how do I know ahead of time
what might happen Feb 1.. thanks! Using CA's EZ, also ran f-secures cleaner
for extra measure...

 

[null]

I've cleaned up my pc after being foolish enough to open that zip file.. how
do I know if the ports spoken of are open?

Open a DOS window right after booting up and going on line. Type:

netstat -an

What you'll see depends on which version of Windows you use and what
you've done to close ports (getting rid of unnecessary services):

http://home.epix.net/~artnpeg/internet.html

And how do I know ahead of time
what might happen Feb 1.. thanks! Using CA's EZ, also ran f-secures cleaner
for extra measure...

Then you should be clean.


Art
http://www.epix.net/~artnpeg

 

[Gabriele Neukam]

On that special day, Uncle Vinnie, ([email protected])
said...

I've cleaned up my pc after being foolish enough to open that zip file.. how
do I know if the ports spoken of are open?

Open a command line window and enter
netstat -a

Watch the results. If there are ports opened in the range from 3127 till
3198, this might be a sign for infection (these are the ports of the
included back door).

And how do I know ahead of time
what might happen Feb 1.. thanks!

You can set the system clock to february 1st, remove the modem or
whatever you use to enter the internet, and watch, if netstat shows a
connection on port 80 (HTML requests) going out to SCO.


Gabriele Neukam

(e-mail address removed)

 

[Uncle Vinnie]

Thanks Null, thanks Gabrielle..

All's good and clean.. thanks for your help!

 

[Gabriele Neukam]

On that special day, Uncle Vinnie, ([email protected])
said...

Thanks Null, thanks Gabrielle..

All's good and clean.. thanks for your help!

You're welcome. Glad to hear that you are well off.


Gabriele Neukam

(e-mail address removed)

 

[Jim Walker]

One thing you can do is uncheck send email immediately. Then the mail goes
into the Outbox until you send it. You will know what you have sent that
way.

 

[Conor]

One thing you can do is uncheck send email immediately. Then the mail goes
into the Outbox until you send it. You will know what you have sent that
way.

Unreliable as most trojans contain their own SMTP engine so are thus
completely independent of any e-mail program.


--
Conor

"The vast majority of Iraqis want to live in a peaceful, free world.
And we will find these people and we will bring them to justice."
- George Bush

 

[Jeffrey A. Setaro]

One thing you can do is uncheck send email immediately. Then the mail goes
into the Outbox until you send it. You will know what you have sent that
way.

Won't help... W32/MyDoom, like most modern worms, has it's own SMTP
engine it DOES NOT rely on Outlook or Outlook Express to send messages.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34