Hi,
First of all Sockets De Troie is a well-known trojan that will be detected
by Trend Micro's Office Scan if virus definitions are updated. Secondly this
is very likely to be SSDPSRV.EXE running since port 5000 apparently is open
on several PC's. But you could try telnetting to port 5000 TCP or download a
small tool from Foundstone called FPort (not to be mistaken with F-prot).
This tool will upon execution report all open TCP/IP and UDP ports and map
them to the owning application. I hope this will help you.
Med venlig hilsen / Kind regards
Peter Kruse
Security & Virusresearch
Telia Telecom A/S
S�ren Frichsvej 34C - DK 8230 �byh�j
Email: [EMAIL PROTECTED] - Mobil: +45 2827 9785
> -----Oprindelig meddelelse-----
> Fra: Sheik Abdulla [mailto:[EMAIL PROTECTED]]
> Sendt: 11. september 2001 11:45
> Til: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Emne: WinME-Port 5000 Socket23 - Trojan??
>
> Hi,
>
> While I scanned my client's network for trojans, I found that Windows ME
> machines were shown having trojans at "PORT 5000 - Socket23". When I
> checked for port 5000 for windows me, it shows as 'WindowsME ships with a
> program called "SSDPSRV.EXE", or Simple Service Discover Protocol Server,
> which is used for Universal Plug and Play. This process listens on TCP
> 5000
> for XML exchange' in www.portsdb.org. But also there is a description for
> this port as 'Sockets De Troie Trojan'. Should I ignore this as simply a
> *indows problem, or take it serious as infected by trojans. FYI, They
> are
> using Trend Micro's Office Scan to scan all the machines.
>
> regards,
> sheik
