
Posted: 3/2/2002 4:49:59 PM EDT
I have noticed that I somtimes see outgoing traffic on port 9999. Do any computer guru`s here know what this is?
|
|
|
Possible trojan horse. Get yourself a good virus scanner and run it!
Here are the specifics...
The Prayer
--------------------------------------------------------------------------------
Name: The Prayer
Aliases:
Ports: 2716, 9999
Files: Prayer.zip - 256,349 bytes Prayer.zip - 806,956 bytes ThePrayer1.0.zip - 208,450 vytes ThePrayer1.2.zip - 256,553 bytes ThePrayer1.3.zip - 255,994 bytes ThePrayer1.5.zip - 526,730 bytes Prayer.exe - 240,897 bytes Prayer.exe - 423,936 bytes Prayer13.exe - 418,304 bytes Server.exe - 206,336 bytes Server.exe - 226,304 bytes Ps.exe - 160,982 bytes Mswinsck.ocx - 62,540 bytes Tabctl32.ocx - 118,781 bytes Winsck.ocx - 106,768 bytes Winsck.ocx - 126,976 bytes Msinet.ocx - 64,567 bytes S etup.exe - 89,600 bytes Setup1.exe - 73,501 bytes Prayer.mid- 22,557 bytes St5unst.exe - 38,692 bytes Vb5stkit.dll - 16,457 bytes Dlls32.exe - - 208,869 bytes
Created: Nov 1999
Requires: Winsck.ocx - is required to run the trojan.
Actions: Remote Access
Versions: 1.0, 1.2, 1.3, 1.5,
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Notes: Works on Windows.
Country: written in Brazil
Program:
|
|
|
According to the IANA, port 9999 is used by a UNIX function called "distinct". I have no idea of any other programs that use this port on windows platforms. However, the Prayer 1.2 and 1.3 trojans also use this port. Try upgrading your virus scanning software or defintions and scanning your entire computer.
|
|
|
Could be just about anything... lots of programs like to use port 9999, from proxy programs to the malicious. I'd agree with Capone on this one... run some antivirus.
Another possibility... run a firewall. There are lots of free firewall programs (Tiny Personal Firewall for example). Configure the firewall to block outgoing traffic on port 9999. If one of your legit programs complains, then let it through, otherwise keep it blocked.
Viper Out
|
|
|
Well thats scarry! Here`s the deal. I have latest McAfee Ver. 6.02.1019. And the only time I see activity on port 9999 is when I connect to AR15.COM.
edited to add I have a firewall router and I run zone alarm.
|
|
|
Firewalls only stop what you tell them to stop. I doubt you would block access to the internet, though you could increase your surveilance. I recommend 'zone alarm' [url]www.zonealarm.com[/url] it's free!- and effective for the home user. A good virus scanning software- with current dats is essential as well!
[8D]
|
|
|
a packet sniffer may help you figure out what type of information is being sent...or at least identify if it is headed anywhere significant. but it's probably just the batf. in conjunction with ar15.com, they sometimes use 9999 to gather data on gun owners.
|
|
|
WTF....???
found this script in the AR15.com Source code
-START Of Script Attempt-
SRC="http://www.ar15.com:9999/engine/advertise.html?zid=1&js=1 Any comments? |
|
|
AR15.COM is the world’s largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2018 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.