Close port common approach:
113 Trojan port clearance (only for windows system): This is an irc chat room based on the control of Trojans.
1. First, use the netstat -an command to determine whether to open the port 113 on your system
2. Use fport command look out which program is listening on port 113
For example, we use fport see the following results:
Pid Process Port Proto Path
392 svchost -> 113 TCP C: \ WINNT \ system32 \ vhos.exe
We can determine the listening port in the 113 Trojans are vhos.exe and the path where the program is
c: \ winnt \ system32 under.
3. Determine the Trojan name (that is listening on port 113 program), the find to the process in Task Manager,
And use the end of the process manager.
4. In the Start - Run, type regedit to run registry management program, just look in the registry to find the program,
And delete all related keys.
5. Go to the directory where the Trojan horse program to remove the Trojan. (Typically Trojan also includes a number of other programs, such as
rscan.exe, psexec.exe, ipcpass.dic, ipcscan.txt, etc., according to
Trojans different, different files, you can see the program and modifying the time to determine a
Monitor 113 port of Trojan programs and other programs)
6. Restart the machine.
3389 port closed:
First described is windows 3389 remote management port terminal opened, it is not a Trojan horse program, please
Determine whether the service is your own open. If it is not necessary, turn off the service.
win2000 close approach:
win2000server Start -> Programs -> Administrative Tools -> Services Terminal Services service entry found,
Select the Properties option startup type to Manual, and stop the service.
win2000pro Start -> Settings -> Control Panel -> Administrative Tools -> Services Terminal Services found
Service items, select the Properties option to startup type to Manual, and stop the service.
Right click select Properties on My Computer -> Remote, which the Remote Assistance and Remote Desktop are two options box to remove the hook.
4899 port closed:
First 4899 port is a remote control software (remote administrator) the server listening port, he can not
Be a Trojan horse program, but with remote control function, usually anti-virus software can not detect it come, first determine if the service
Service whether it is your own open and is required. If not, please close it.
Close port 4899:
Please Start - Enter> run cmd (98 The following is the command), then cd C: \ winnt \ system32 (your system
After the installation directory), enter r_server.exe / stop and press Enter.
Then enter r_server / uninstall / silence
To C: \ Remove r_server.exe admdll.dll radbrv.dll three files winnt \ system32 (system directory)
1. First use fport command to determine the listening port in 5800 and 5900 the location of the program (usually is c: \ winnt \ fonts \
2. kill related processes in the Task Manager (note that there is a system itself is normal, please note! If you can re-victimizes
Run c: \ winnt \ explorer.exe)
3. Delete the C: \ winnt \ fonts \ explorer.exe in the program.
4. Remove the registry HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run in
5. restart the machine.
6129 port closed:
First 6129 port is a remote control software (dameware nt utilities) have to port the server listens, he is not
A Trojan horse program, but with remote control function, the usual anti-virus software is unable to detect it. Please make sure that service
Whether it is installed and you are necessary, if not close.
Close port 6129:
Select Start -> Settings -> Control Panel -> Administrative Tools -> Services
DameWare Mini Remote Control items found right click select Properties option, will start after the type to disabled
Stop the service.
To c: \ program will DWRCS.EXE delete winnt \ system32 (system directory).
Into the registry HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ DWMRCS entries deleted.