Why don't you get the client program for the Trojan and see if you can
connect to it? If you can you obviously have a problem (some Trojan
clients allow you to remove the server). Also if you track down the
default name of the Trojan process perhaps you could match it up by
using Fport????
Cheers,
Leon
-----Original Message-----
From: Sheik Abdulla [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 5:45 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: WinME-Port 5000 Socket23 - Trojan??
Hi,
While I scanned my client's network for trojans, I found that Windows ME
machines were shown having trojans at "PORT 5000 - Socket23". When I
checked for port 5000 for windows me, it shows as 'WindowsME ships with
a
program called "SSDPSRV.EXE", or Simple Service Discover Protocol
Server,
which is used for Universal Plug and Play. This process listens on TCP
5000
for XML exchange' in www.portsdb.org. But also there is a description
for
this port as 'Sockets De Troie Trojan'. Should I ignore this as simply
a
*indows problem, or take it serious as infected by trojans. FYI, They
are
using Trend Micro's Office Scan to scan all the machines.
regards,
sheik
