How-To Remove Backdoor Trojan Ports 12345 & 123456

Elephant · November 6, 2019

Fing Android app TCP scan found Backdoor Trojan Ports 12345 & 123456?

An online search at a .org security site, a URL I cannot recall, says the Trojan is a malicious full-fledged keylogger+.

What does this mean?

Should I be concerned?

Does the Fing TCP scan check all ports on my router and / or all devices on home network?

How do I respond?

How do I remove? Does Fing app's option to 'delete' remove it from my router and / or remove from my mobile device where I control service?

Thank you for your time! New community member.

~ Elephant 👍

kltaylor · November 6, 2019

Hi @Elephant and welcome to our community.

What does this (possibly) mean? It means that data traffic was detected on that port(s) which has a history of being used by Trojan Horse infections. If you issued a search for the ports will show you a list of what has used it before.

Should you be concerned? Yes, absolutely.

One of the first things that I would do is ensure that your router isn't using UPNP (Universal Plug and Play) and then also ensure that you do not have those ports open or forwarded.

Let us know how that goes for you.

Elephant · November 6, 2019

Hi @kltaylor,

Thank you for the warm welcome! Okay questions.

1. How / where do I search for port open list history on PC? I'm pretty sure the router does not show past logs, and Fing App does not.

2. Do I use the CMD functionality on the PC? What specifically should I type as administrator?

3. Router - where do I look under the router dashboard for universal plug and play? If it is ticked I will untick it. Correct? Or am I able to determine if UPNP is on via PC? If so, what do I type?

4. How do I ascertain if the two ports in question are open or are forwarded? Via cmd on PC? What do I type as admin to analyze?

Thank you so much for your time, and the quick reply.

Elephant 🤓

#fingapp #router #malware #openports

VioletChepil · November 7, 2019

Thanks @Elephant
Lets see what @kltaylor can add. I'm not personally able to add any further insight on this.
Also seeing if some other experts can help us.
@Pooh @Marc @Andrea @Idroy @Stratt3000 @Manny_Cavalier @GlenBo84

Idroy · November 7, 2019

Hello Elephant
1. How / where do I search for port open list history on PC? I'm pretty sure the router does not show past logs, and Fing App does not.
##Open a CMD on the windows pc and type "netstat -n" end press enter, then you will see al de TCP connection open en listing,
But better to use "Resource Monitor" go to the tab Network, an down to "TCP Connection" there u see all the TCP connection and Files using them..
2. Do I use the CMD functionality on the PC? What specifically should I type as administrator?
##netstat -n --> better is "Resource monitoring"
3. Router - where do I look under the router dashboard for universal plug and play? If it is ticked I will untick it. Correct? Or am I able to determine if UPNP is on via PC? If so, what do I type?
## UPNP : When enabled (tickt) than the router allows a client (pc, smartphone, x-box, ... ) to "open" a port on the public site of the router. (NAT also for IPv4 and Firewall for IPv4 and IPv6)
You can disable it, but then you can have other "problems", and have to manually open ports ... (Xbox online gaming Voice not working for example...
4. How do I ascertain if the two ports in question are open or are forwarded? Via cmd on PC? What do I type as admin to analyze?
Use Resource Monitor !

Thank you so much for your time, and the quick reply.

PS: use a one time online free scanner : https://www.eset.com/int/home/online-scanner/
Elephant 🤓
#fingapp #router #malware #openports

Robin_Ex_Fing · November 7, 2019

Hi @Elephant
Can you please let me know if the above-mentioned screenshot is from Find Open ports or Vulnerability test? If it is from the Find open ports feature, then can you please let me know which device or IP address have you selected to run this feature?

For open ports, I would share some insight as The use of ports allow computers/devices to run multiple services/applications. A port number uses 16 bits and so can, therefore, have a value from 0 to 65535 decimal. If you have an open port, then it doesn't mean it is dangerous, it means these are the ports through which anybody can try to connect to your network. You may wish to close these ports if you don't use it. Different port and their numbers are used for different purposes like port 3000,3030 are used by software developers, port 80 is used by web access. Think of it as open windows in your locked house. These two open ports are acting as windows while the router is your main door.

When an application is using some service, it makes use of some ports and then after using it, that port becomes free. Once the port is not in use, the Fing App will let you know that the port is open and none of the applications is using it, thus telling you to close it.

If you are unsure on how to close the ports on router page, then get in touch with your router's manufacturer and they can guide you with your brand of router correctly.

kltaylor · November 7, 2019

Elephant said:

Hi @kltaylor,
Thank you for the warm welcome! Okay questions.
1. How / where do I search for port open list history on PC? I'm pretty sure the router does not show past logs, and Fing App does not.
You can search for open ports in a few different ways, but one of the most user-friendly methods would be to usea GUI application to help you visualize the results. As the first method, I use this tool to start a baseline result and work from there.

2. Do I use the CMD functionality on the PC? What specifically should I type as administrator?
You can, and one of our community members has already shared the netstat command that can assist you with that as well.

3. Router - where do I look under the router dashboard for universal plug and play? If it is ticked I will untick it. Correct? Or am I able to determine if UPNP is on via PC? If so, what do I type?
That really depends on the make and model of the router that you own and use. Once you're logged into your router, take some time to 'get-to-know' the functions that it allows you to select and configure.

4. How do I ascertain if the two ports in question are open or are forwarded? Via cmd on PC? What do I type as admin to analyze?
Best way is to look in the router and see if it's set in there. Once UPnP is disabled you should familiarize yourself with that area since literally a port forward is a 'hole' in your firewall that allows traffic to flow using that port allocation.

Thank you so much for your time, and the quick reply.
My pleasure, hope I helped.

RichCreedy · November 7, 2019

I would go to Steve Gibsons website https://www.grc.com/x/ne.dll?bh0bkyd2 and run the tests there.
it will report back if indeed there are open ports this will tell you and should explain how and why they are a problem, and how to sort them.
12345, could be used by the italk chat system.
if your router is behaving as it should the ports would report back as stealth

kltaylor · November 8, 2019

RichCreedy said:

I would go to Steve Gibsons website https://www.grc.com/x/ne.dll?bh0bkyd2 and run the tests there.
it will report back if indeed there are open ports this will tell you and should explain how and why they are a problem, and how to sort them.
12345, could be used by the italk chat system.
if your router is behaving as it should the ports would report back as stealth

Ahh, Shields Up is another really good tool for that, too. Thanks for sharing that @RichCreedy.

Try out the suggestions that we've posted and please let us know the results so that we may help you to remedy the situation.

Elephant · November 8, 2019

Hello @RichCreedy , @kltaylor , @VioletChepil , @Robin , @Idroy . Wow I am very impressed with you all. Let me sort through these recommendations on how to do these tasks, and I shall keep you posted. Thank you.

VioletChepil · November 8, 2019

Great to hear @Elephant - feel free to ask any more Device/Security or Network Troubleshooting questions on Fing Community too.
Also, giving out LIKES are very nice for responses too! (Since we have some points/badges on the Fing Community).

Elephant · November 8, 2019

Hi there @VioletChepil ! Thanks for the quick reply. I look forward to combing over the responses, running tests, and communicating what I find or have questions about here.

Thanks for heads up re: likes. What is the difference between LIKE and AWESOME? Oh. One more question. If I were to tick 'Did this answer the question? YES' what happens to my post? ? Thanks. ~ @Elephant

VioletChepil · November 8, 2019

oh thanks @Elephant there is no difference and you can only choose one or the other. I guess it depends on your feeling towards the comments! Whether you add LIKE/AWESOME or AGREE.

Thanks for updating us on your testing. That will be great and we look forward to your results.

Choose a best answer: Did this answer the question? Yes/No - this marks the answer as accepted and lets users know they can find a good answer in the thread. Also, accepted answers will move to the top of the thread too. You can choose as many as you want.
Here is an example of Accepted Answer on a thread!

Image: https://us.v-cdn.net/6031733/uploads/editor/xj/xlh9m1i1gcns.png

SimoneSpinozzi · November 10, 2019

RichCreedy said:

I would go to Steve Gibsons website https://www.grc.com/x/ne.dll?bh0bkyd2 and run the tests there.
it will report back if indeed there are open ports this will tell you and should explain how and why they are a problem, and how to sort them.
12345, could be used by the italk chat system.
if your router is behaving as it should the ports would report back as stealth

Ohy! Thanks! I needed some way to explain to newbs! I get too ranty and lengthy when i do.

How-To Remove Backdoor Trojan Ports 12345 & 123456

Best Answer

Answers

Categories