stop trojan virus

The best method for Trojan Detection:

Author's email address is dkelloway@commodon.com and URL

To determine if your system has been compromised, but it requires that you:
A. have a basic understanding of the state of an "active connection" and
B. that you're familiar with the port numbers commonly used by the trojans.

With regards to the state of an "active connection". There are several types, but there's really only one type that you need to know about.
The "listening" state - which is when your PC listens on a port number, awaiting for another PC to make a connection to it. The "listening state" is the state that the trojan will be in after your system is rebooted.

NOTE: Some trojans may use more than one port number. This is because one port is used for "listening" and the other/s are used for the transfer of data.

The following ports used In the default configurations of Trojans:

Back Orifice - UDP port 31337 or 31338
Deep Throat - UDP port 2140 and 3150
NetBus - TCP port 12345 and 12346
Whack-a-mole - TCP port 12361 and 12362
NetBus 2 Pro - TCP port 20034
GirlFriend - TCP port 21544
Sockets de Troie - TCP port 5000, 5001 or 50505
Masters Paradise - TCP port 3129, 40421, 40422, 40423 and 40426
Devil - port 65000
Evil FTP - port 23456
GateCrasher - port 6969
Hackers Paradise - port 456
ICKiller - port 7789
ICQTrojan - port 4590
Phineas Phucker - port 2801
Remote Grab - port 7000
Remote Windows Shutdown - port 53001

If you know of another Trojan (and/or a corrections) to add to the above, please mail thewebmaster.

How to detect

If after following the directions outlined further down below, you've determined that your PC is "listening" on any of the above ports. It's a very strong indicator that your PC has been compromised. Click the appropriate link to learn how to remove the trojan involved.

Important Notes:

Although Back Orifice and NetBus are commonly found to be configured to use their default port/s in establishing the connection between the client and server, they have been found to be configured to use different port/s.
Regardless what port/s they may be configured to use, the important thing to know is that if your a home user (and your PC doesn't participate on a LAN or a SoHo LAN), your PC shouldn't be "listening" on any port (or ports) after it's been rebooted.
Keep in mind that for some PC's that are connected to a LAN or a SoHo LAN, it is common for certain ports (137,138 and 139) to be listening. Such ports are used for NetBIOS, and sometimes port 135 (RPC) may be used as well.

How to determine what ports are "listening"

Perform the following steps:
Step 1. - Reboot your PC. Do NOT establish a dial-up connection.
Click Start | Shut Down
Click Restart
Click OK
Step 2. - After you reboot your PC and before doing anything else, open a DOS window.
Click Start | Programs | MS-DOS Prompt
NOTE: If you don't have a shortcut to the MS-DOS Prompt, don't worry. You can
Click Start | Run
Type command
Click OK
Step 3. - Type "netstat -an >>c:\netstat.txt" (without the quotes)
Type netstat -an >>c:\netstat.txt
Press ENTER
Step 4. - Close the DOS window.
Type exit
Press ENTER
Step 5. - Open Explorer
Click Start | Programs | Windows Explorer
Step 6. - Change to the C drive and double click on the netstat.txt file. It should open with NOTEPAD.
Click (C:)
Double-click netstat.txt
Step 7.
Look under the "Local Address" column and examine the port numbers for any connection found to be in a "listening" state.
For reference, the port numbers are shown as ":XXXXX" to the right of the IP address, where "XXXXX" is a 1 to 5 digit number.

Firewalls

Before one can understand what a Firewall does and how it improves ones security one has to understand a little of how information is transferred over the Internet. All Internet communication is accomplished by the exchange of individual "packets" of data. Packets are the fundamental unit of information flow across the Internet. Even through we refer to "connections" between computers, this "connection" is actually comprised of individual packets travelling between those machines. Once a machine has received a packet it sends back an "acknowledgement packet" to let the sending machine know that the data was received. The Packets do not go direct from one machine to another, they go through many intermediate machines on their way like a a letter going through many different post offices on route or a telephone call through many exchanges. The difference is that the message may be divided between many Packets which can even take different routes to their destination.

In order to reach its destination, whether it's another computer two meters or two continents away every Internet Packet must clearly contain a destination address and, so that the receiving computer knows who sent the packet, every packet also contain the address of the originating machine. The address is made up of two parts, the IP address which always identifies a single machine on the Internet (you often see these as blocks of numbers like 123.456.789.012 in your Browser status line) and a port which is associated with a particular service or conversation happening on the machine. Think of an IP address as a computer's switchboard number and a port as an individual phone extension. Software on your PC creates ports to allow specific networking functions. Web access, for example, generally uses port 80, while FTP runs through port 21. To get in, the hacker must find an open port on your machine.

Firewall software inspects each and every packet of data before it's seen by any other software running within your computer. A Firewall therefore has total veto power over your computer's receipt of anything from the Internet. A TCP/IP port is only "open" on your computer if the first arriving packet, which requests the establishment of a connection, is answered by your computer. If the arriving packet is simply ignored, that port of your computer will effectively disappear from the Internet.

The real power of a Firewall is derived from it's ability to be selective about what it lets through and what it blocks. Since every arriving packet must contain the correct IP address of the sender's machine, (in order for the receiver to send back a receipt acknowledgment) the Firewall can be very selective about which packets are admitted and which are dropped. A Firewall can be designed to "filter" the arriving packets based upon any combination of the originating machine's IP address and port and the destination machine's IP address and port. So, for example, if you were running a web server and needed to allow remote machines to connect to your machine on port 80 (http), the Firewall could inspect every arriving packet and only permit connection initiation on your port 80. New connections would be denied on all other ports. The Firewall allows - in the telephone analogy - you to select, depending on who calls and which extension whether you answer, allow the phone to ring or give an unobtainable note.

Firewall technology makes it possible for your home and office computers to safely share their files without any danger of unauthorized intrusion. You simply instruct the Firewall running on your office computer to permit connections on the NetBIOS file sharing ports 137-139 only from the IP address of your home computer. The Firewall running on your home machine would similarly be instructed to permit connections on ports 137-139 only from your office machine's IP address. Thus, either machine can "see" the other's ports, but no one else on the Internet can see them.

This sounds great but what about outgoing calls where you expect information back. It is slightly more complex than the telephone analogy because we are using packets. For example, when you surf the web you need to connect to web servers that might have any IP address (how the http://www.xyz.com is converted to an IP address for you is another story). You wouldn't want all those to be blocked just because you want to block everyone from getting into your machine. It turns out that this is easy for a Firewall too. Since each computer involved in an Internet connection is usually acknowledging the other's data, most packets that flows between the two machines have a bit set in it as a "flag" to denote that it as an acknoledgement. Only the first packet which initiates a new connection would not be acknowledging any previous data from the other machine. In other words, a Firewall can easily determine whether an arriving packet is initiating a new connection, or continuing an existing conversation. Packets arriving as part of an established connection can be allowed to pass through the Firewall, but packets representing new connection attempts can be discarded. Thus, a Firewall can permit the establishment of outbound connections while blocking any new connection attempts from the outside.

There is one more thing that one might want to do and that is to restrict the programs that can access the Internet from within the Firewall and initial connections just in case a virus, hacker, disgruntled employee or industrial spy has left a piece of code on your machine which sends your passwords or data out. The Firewall has no way of knowing what data is being sent but it can filter based on the basis of the application generating the data. In the telephone analogy it is like checking that nobody connects a Fax machine that you do not know about and sends without approval.

The difficulty is not in writing a Firewall program but but in making it user friendly. It must be easy to configure so that it stops everything you do not want to get in whilst allowing you to carry on your normal activities without you having to know the IP address and port number for every connection and details of every program. It should also tell you what it is doing - you do not want to find things stop working without any idea why yet not swamp you with so many warnings etc so you grind to a halt.

protect from hackers

For firewalls, there is the physical firewall and the software firewall.
Physical firewalls, basically and i think comes with routers, brands like 2wire and linksys. It is more of a firewall tat protects ur entire network unlike software firewall, which oni protects that particular computer
Software firewalls would be programs like norton internet security, which provides alot of features on top of a firewall tat are fantastic like intrusion detection, outbreak alert, antispam parantal control etc..

den programs like norton system works further enhance ur system with features like internet worm protection, e mail scanning, and other features to allow u to clean up or speed up ur comnputer.

Den, lastly and most importantly, it not enough to have these. U need to update the programs as fequently as possible to maintain the highest protection that is possible.

thou being hack is unlikely but lowering the chances is good. Is like sayin, if u left ur house door unlock, wat are the chances be robbed? on top of that while u prevent hankin, u be preventin virus and other **** frm affectin ur computer..

protect from hackers

For firewalls, there is the physical firewall and the software firewall.
Physical firewalls, basically and i think comes with routers, brands like 2wire and linksys. It is more of a firewall tat protects ur entire network unlike software firewall, which oni protects that particular computer
Software firewalls would be programs like norton internet security, which provides alot of features on top of a firewall tat are fantastic like intrusion detection, outbreak alert, antispam parantal control etc..

den programs like norton system works further enhance ur system with features like internet worm protection, e mail scanning, and other features to allow u to clean up or speed up ur comnputer.

Den, lastly and most importantly, it not enough to have these. U need to update the programs as fequently as possible to maintain the highest protection that is possible.

thou being hack is unlikely but lowering the chances is good. Is like sayin, if u left ur house door unlock, wat are the chances be robbed? on top of that while u prevent hankin, u be preventin virus and other **** frm affectin ur computer..

Protect Computer from Viruses

You can protect yourself against viruses with a few simple steps:

• If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.
• If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.
• If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses.
• You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.
• You should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is never to run executables that arrive via e-mail.

Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled. Newer versions of Word allow you to customize the level of macro protection you use.

Protect Computer from Spyware and Adware

As if spam, viruses, and worms aren't bad enough. Adware and spyware are here to sap the remaining life out of your productivity and privacy. Cookies are harmless in comparison!

Adware is software that displays advertisements on your computer. These are ads that inexplicably pop up on your display screen, even if you're not browsing the Internet. Some companies provide "free" software in exchange for advertising on your display. It's how they make their money.

Spyware is software that sends your personal information to a third party without your permission or knowledge. This can include information about Web sites you visit or something more sensitive like your user name and password. Unscrupulous companies often use this data to send you unsolicited targeted advertisements.

I've noticed more postings in the Microsoft Windows XP newsgroups about these threats. Many of the postings ask how they can tell if they have spyware on their systems and how to remove spyware if they find it. A small handful asks how to fix problems left over after removing spyware. I'm glad to see a lot of the advice offered from other enthusiasts and I'm going to share some of that advice with you in this month's column.

TIME OUT PC

TimeOut PC software controls and limits time spent on a computer. It is aimed mainly at parents who want to control how much time their children are spending playing games and surfing the Internet. After a specific access time a user will be informed that their time is up and the application automatically shutdown. It cannot be re-activated until a specific timeout time has elapsed. In addition, the PC can automatically be shutdown. you can download this application in http://www.timeoutpc.com/