Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
Posted: 3/2/2002 4:49:59 PM EDT
I have noticed that I somtimes see outgoing traffic on port 9999. Do any computer guru`s here know what this is?
Link Posted: 3/2/2002 5:02:38 PM EDT
Possible trojan horse. Get yourself a good virus scanner and run it! Here are the specifics... The Prayer -------------------------------------------------------------------------------- Name: The Prayer Aliases: Ports: 2716, 9999 Files: Prayer.zip - 256,349 bytes Prayer.zip - 806,956 bytes ThePrayer1.0.zip - 208,450 vytes ThePrayer1.2.zip - 256,553 bytes ThePrayer1.3.zip - 255,994 bytes ThePrayer1.5.zip - 526,730 bytes Prayer.exe - 240,897 bytes Prayer.exe - 423,936 bytes Prayer13.exe - 418,304 bytes Server.exe - 206,336 bytes Server.exe - 226,304 bytes Ps.exe - 160,982 bytes Mswinsck.ocx - 62,540 bytes Tabctl32.ocx - 118,781 bytes Winsck.ocx - 106,768 bytes Winsck.ocx - 126,976 bytes Msinet.ocx - 64,567 bytes S etup.exe - 89,600 bytes Setup1.exe - 73,501 bytes Prayer.mid- 22,557 bytes St5unst.exe - 38,692 bytes Vb5stkit.dll - 16,457 bytes Dlls32.exe - - 208,869 bytes Created: Nov 1999 Requires: Winsck.ocx - is required to run the trojan. Actions: Remote Access Versions: 1.0, 1.2, 1.3, 1.5, Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Notes: Works on Windows. Country: written in Brazil Program:
Link Posted: 3/2/2002 5:06:26 PM EDT
According to the IANA, port 9999 is used by a UNIX function called "distinct". I have no idea of any other programs that use this port on windows platforms. However, the Prayer 1.2 and 1.3 trojans also use this port. Try upgrading your virus scanning software or defintions and scanning your entire computer.
Link Posted: 3/2/2002 5:07:26 PM EDT
Could be just about anything... lots of programs like to use port 9999, from proxy programs to the malicious. I'd agree with Capone on this one... run some antivirus. Another possibility... run a firewall. There are lots of free firewall programs (Tiny Personal Firewall for example). Configure the firewall to block outgoing traffic on port 9999. If one of your legit programs complains, then let it through, otherwise keep it blocked. Viper Out
Link Posted: 3/2/2002 5:10:28 PM EDT
[Last Edit: 3/2/2002 5:16:34 PM EDT by Diss_ipator]
Well thats scarry! Here`s the deal. I have latest McAfee Ver. 6.02.1019. And the only time I see activity on port 9999 is when I connect to AR15.COM. edited to add I have a firewall router and I run zone alarm.
Link Posted: 3/2/2002 5:13:15 PM EDT
Firewalls only stop what you tell them to stop. I doubt you would block access to the internet, though you could increase your surveilance. I recommend 'zone alarm' [url]www.zonealarm.com[/url] it's free!- and effective for the home user. A good virus scanning software- with current dats is essential as well! [8D]
Link Posted: 3/2/2002 5:36:09 PM EDT
a packet sniffer may help you figure out what type of information is being sent...or at least identify if it is headed anywhere significant. but it's probably just the batf. in conjunction with ar15.com, they sometimes use 9999 to gather data on gun owners.
Link Posted: 3/4/2002 4:13:10 AM EDT
WTF....??? found this script in the AR15.com Source code -START Of Script Attempt-
SRC="http://www.ar15.com:9999/engine/advertise.html?zid=1&js=1 Any comments?
Top Top