Open ports on laptop. Concerned about port '12345'. Is it a sign that my computers been compromised?

AdreAdre Member Posts: 6
Name Dropper First Comment

I'm abit worried about the results that I got from scanning the open ports on my laptop. Especially the port '12345' as I searched it up and came back with results on it being some sort of remote control software that's linked to it.

Plus the names for each port next to '139' and '12345' seem quite similar. So I'm wondering if theres connected in some way?

I'm not very tech savvy so I'm not sure on what it means. And if there would be anyway to close it?

Also how would these ports have opened?

Sorry, if that's a little vague I'm not too sure how to phrase the questions directly. As I dont really know much about ports.

Answers

  • MarcMarc Moderator, Beta Tester Posts: 1,516
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭
    @Adre, the 1234 port is concerning.  Do you have antivirus on the laptop and have you run a full scan on it?  @kltaylor, do you have any suggestions?
    Thats Daphnee, she's a good dog...
    RobinAdre
  • CountZerohCountZeroh Member Posts: 1
    First Comment

    Definitely concerning.

    I would assume you are hacked and download an antivirus program that is trusted. TrendMicro, BitDefender. Make sure you uninstall your installed one.


    If you have a good one already. Update it.

    Then disconnect network.

    Then do a FULL scan.

    MarcAdre
  • Lee_BoLee_Bo Member Posts: 234
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭
    Are you, by chance, using a Windows computer to control ambient lighting via network controls?  Port 12345 can also be used for that.
    But like others have said, it is a concern.  BitDefender has a 30 day trial.  I say give that a try.  
    Adre
  • AdreAdre Member Posts: 6
    Name Dropper First Comment

    Yeah I have both mccaffe and malwarebytes installed on my computer but they havent flagged up anything suspicious.

  • AdreAdre Member Posts: 6
    Name Dropper First Comment

    Ohh no I havent used it to control lighting. But would it be open if It were enabled on my computer?

    Yeah I'll try downloading bit defender and see if turns up with anything different. Mccaffe hasn't turned up with any threats.

  • MarcMarc Moderator, Beta Tester Posts: 1,516
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭
    edited September 4
    FYI, I didn’t see you mention using it but there is a trend micro product that uses this port, office scan.  So if you do not have what @Lee_Bo mentioned or some other type of IOT control software, get that system scanned asap.  By the way, if you have windows firewall enabled on your laptop, you can block that port.  See this article..  https://www.ghacks.net/2017/05/19/how-to-block-ports-in-windows/
    Thats Daphnee, she's a good dog...
    AdreLee_Bo
  • AdreAdre Member Posts: 6
    Name Dropper First Comment

    Ahh yeah I've scanned the laptop with the other two softwares and they havent picked up on any threats either.

    I did the netstat scan on my laptop and I found the Pid addresses for the ports. That's what the guide said to do.

    I got the PId for both of them then it said to match them in the task manager.

    When I did that it said they were linked to an application called elevationservice.exe (wondershare) for '12345' and oneapp.IGCC.winservice it was located in the driver store>filerespitory for '808'. Not sure if I missed anything tho.

    I then scanned them individually with all of the antivirus softwares but they didnt show up with any threats either.

    I'll go look at the article thank you.

  • AdreAdre Member Posts: 6
    Name Dropper First Comment

    @Marc I did a file upload to virus total and it came back as a 'trojan.generic' as it stated in the article to do that.

    Plus Somehow the port closed by itself but then my internet went down aswell for abit around the same time. Could it have spread to my wifi?

  • MarcMarc Moderator, Beta Tester Posts: 1,516
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭

    It probably would not spread to your WiFi , but it could spread via WiFi to other devices.


    The port closure is not unusual after a reboot as some routers perform a cleanup till the next time a device requests a port be open.

    Thats Daphnee, she's a good dog...
    Adre
  • AdreAdre Member Posts: 6
    Name Dropper First Comment

    @ Chris thank you. would there be anyway to ensure that it has not spread to other devices.

  • MarcMarc Moderator, Beta Tester Posts: 1,516
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭
    @Adre, if its determined that you have been compromised, your only choice if your anti virus products can’t clean this system, is it take it off the wire, wipe it clean (wipe out the hard drive and its data) and reinstall your os and software, being very care to only install software from vendors you trust from locations you trust.
    Thats Daphnee, she's a good dog...
  • reygio349reygio349 Member Posts: 19
    10 Comments Name Dropper Photogenic

    I noticed that port 1234 when I ran fingdesktop weeks ago but didn't realize its a concern coz fingdesk says everything looks good when I ran vulnerability scan . I use Bitdefender Total software for 2 years now since I had used the Bitdefender Box 2 for a year then disconnected it but continued use of the software on my PC . Ran Bitdefender quick scan when I open PC and ran total system scan everyweek but nothing found .

  • reygio349reygio349 Member Posts: 19
    10 Comments Name Dropper Photogenic

    @Marc if it spread and infected other devices on my network . Any suggestions ?

    Will it spread to other devices even if its connected via ethernet wired connection?

Sign In or Register to comment.