Re: Hidden windows ports, files and services.

[Alex Yan <drcyyan () yahoo com>]

Hi all,

Thanks a lot for your help.
On weekend I tried some suggested options, but still
didn't get much yet.

Scanned the system using the latest Norton AV and
Stinger in the safe mode. Nothing came out.

Run "netstat -baon". It gives process IDs and program
names for other processes. For the processes related
to port 21, it says "No ownership information can be
found".

Tried fport, cport, process explorer, etc, but no
luck.

"telnet 127.0.0.1 21" gives prompt "220 ." and then
times out in 15 seconds. No telnet service was found
in Windows service list.

Tonight I will follow the Mark's suggestions step by
step and see if I can get something. I will also try
other options. If anything came out, I will let you
know.

I am a software developer, more on Unix, not so
familiar with Windows registry and all kinds of
services and processes on XP. If I can not find the
problem and fix it, I have to reformat the system. But
even after reformating, there is still a chance that
the system could not be totally clean, because I have
to restore some critical data from the backup.

Thanks again.
Alex



--- H Carvey <keydet89 () yahoo com> wrote:

> In-Reply-To:
> <000d01c5103c$de9472c0$6401a8c0@emachine>
>
> Bob, 
>
> > Check out administrative tools>Services>Telnet if
> it's running your
> > listening
> >
> > From my system:
> >
> > Microsoft Windows XP [Version 5.1.2600]
> > (C) Copyright 1985-2001 Microsoft Corp.
>
> what does having the Telnet service running on a
> system have to do with running the telnet client, or
> with running it against port 21 on your local
> system?
>
> thanks,
>
> H. Carvey
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
> http://windowsir.blogspot.com



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250