Port 4567 name: filenail Open

I am never sure of what the "protocol" is on Lists for thanking folks
who
offer advice. I was brought up to say "Please" and "Thank you" and
that's
what I want to do here.

Thanks to all for all the time and effort that went into your
suggestions.
I have combined them all into one document and will go through them
one
by one. I would have done so sooner but I had a problem with another
computer that took all day yesterday to fix.

For the record, the stats on the computer with the Trojan Horse
problem
a

MacBook running Mac's Leopard, v 10.5.6
Windows XP Home, SP3 being run on the MacBook courtesy of VMware
Fusion v
2.0.2
I have the Windows firewall activated
I am running Avira's free anti-virus program
I am running Windows Defender
I have a Westell VersaLink327W with custom inbound/outbound firewall
settings I can cut and paste here should they be of interest or use.

I started running Windows/Fusion about 6 months ago and last week was
the
first time that I went to the Symantec online site to run their free
tests.

I'll post back on what my results are as I follow the steps suggested
by
all who responded.

Again, many thanks. Off now to deal with about five inches of snow on
the
driveway and walk.

Carl

I am never sure of what the "protocol" is on Lists for thanking folks
who
offer advice. I was brought up to say "Please" and "Thank you" and
that's
what I want to do here.

Thanks to all for all the time and effort that went into your
suggestions.
I have combined them all into one document and will go through them
one
by one. I would have done so sooner but I had a problem with another
computer that took all day yesterday to fix.

For the record, the stats on the computer with the Trojan Horse
problem
a

MacBook running Mac's Leopard, v 10.5.6
Windows XP Home, SP3 being run on the MacBook courtesy of VMware
Fusion v
2.0.2
I have the Windows firewall activated
I am running Avira's free anti-virus program
I am running Windows Defender
I have a Westell VersaLink327W with custom inbound/outbound firewall
settings I can cut and paste here should they be of interest or use.

I started running Windows/Fusion about 6 months ago and last week was
the
first time that I went to the Symantec online site to run their free
tests.

I'll post back on what my results are as I follow the steps suggested
by
all who responded.

Again, many thanks. Off now to deal with about five inches of snow on
the
driveway and walk.

Carl

Ohh, seems I hit a sore spot. Poor baby! You're losing it flunky; you
must need more naps.


Mick Murphy wrote:
The truth about your dumbness, in your own words, really hurts a
thin-skinned buffoon like you.

You can't handle the truth about yourself, written in your own words.
Go and wipe your crybaby eyes in your Mama's apron, you little,
ignorant boy.

I was the 1st one to answer the OP, you ignorant dope.

I am getting sick and tired of correcting YOUR mistakes that you are
posting to OPs
Get out of these Newsgroups, and let people that know what the are
doing help here.

Mick Murphy wrote:
"Gather together an arsenal of spyware programs, update them and
scan with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

You missed WinPatrol, you clueless cryptic and childish dummy.
Whenever you have nothing useful to say I notice you're very good at
saying it. I think your momma's calling you.

Read the garbage that you post, lol.

Carl wrote:
I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0
files infected on the disk drives and no viruses detected in
memory.

Their Security Scan found only one problem, Port 4567 name:
filenail Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is
installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port,
typically TCP port 4567, to allow the client system to connect.
File Nail could allow a remote attacker to gain unauthorized
access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus
program to determine if the target computer is host to a backdoor
program. If the program detects a backdoor, follow its
instructions to disinfect and repair the computer.

Again: Symantec Virus Detection found no infected files and I
ran a system check with the free version of Avira and it too
reported no problems.

So, in the immortal words of Laurence Olivier in "Marathon Man":
"Is it safe?"

Many thanks,
Carl

Maybe not. Symantec, Avira and the rest of them detect the
signatures of everything they know about. However, spyware, in the
form of trojans, worms, etc., are not detected by virus scanners.
Therefore, it's possible something is still there.
Gather together an arsenal of spyware programs, update them and
scan with those. I usually get decent luck with Adaware
(lavasoft.com), Spybot Search & Destroy (spybot.com I -think-) and
Spyware Blaster, along with running WinPatrol. Ymmv of course, and
others have differing opinions of the "best" spyware removers;
there are several of them that are good ones.
No single spyware program catches everything; each will usually
have strngths in some particular areas but not all; thus it's good
to maintain an arsenal of them for this type of problem.

Until you get it taken care of, you could close that port with your
firewall, whichever one you use. I don't think that will break
anything, but those can be famous last words; if something you use
suddenly stops working you may have to decide whether it's worth it
to take the block off the port.

HTH,

Twayne

Ohh, seems I hit a sore spot. Poor baby! You're losing it flunky; you
must need more naps.


Mick Murphy wrote:
The truth about your dumbness, in your own words, really hurts a
thin-skinned buffoon like you.

You can't handle the truth about yourself, written in your own words.
Go and wipe your crybaby eyes in your Mama's apron, you little,
ignorant boy.

I was the 1st one to answer the OP, you ignorant dope.

I am getting sick and tired of correcting YOUR mistakes that you are
posting to OPs
Get out of these Newsgroups, and let people that know what the are
doing help here.

Mick Murphy wrote:
"Gather together an arsenal of spyware programs, update them and
scan with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

You missed WinPatrol, you clueless cryptic and childish dummy.
Whenever you have nothing useful to say I notice you're very good at
saying it. I think your momma's calling you.

Read the garbage that you post, lol.

Carl wrote:
I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0
files infected on the disk drives and no viruses detected in
memory.

Their Security Scan found only one problem, Port 4567 name:
filenail Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is
installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port,
typically TCP port 4567, to allow the client system to connect.
File Nail could allow a remote attacker to gain unauthorized
access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus
program to determine if the target computer is host to a backdoor
program. If the program detects a backdoor, follow its
instructions to disinfect and repair the computer.

Again: Symantec Virus Detection found no infected files and I
ran a system check with the free version of Avira and it too
reported no problems.

So, in the immortal words of Laurence Olivier in "Marathon Man":
"Is it safe?"

Many thanks,
Carl

Maybe not. Symantec, Avira and the rest of them detect the
signatures of everything they know about. However, spyware, in the
form of trojans, worms, etc., are not detected by virus scanners.
Therefore, it's possible something is still there.
Gather together an arsenal of spyware programs, update them and
scan with those. I usually get decent luck with Adaware
(lavasoft.com), Spybot Search & Destroy (spybot.com I -think-) and
Spyware Blaster, along with running WinPatrol. Ymmv of course, and
others have differing opinions of the "best" spyware removers;
there are several of them that are good ones.
No single spyware program catches everything; each will usually
have strngths in some particular areas but not all; thus it's good
to maintain an arsenal of them for this type of problem.

Until you get it taken care of, you could close that port with your
firewall, whichever one you use. I don't think that will break
anything, but those can be famous last words; if something you use
suddenly stops working you may have to decide whether it's worth it
to take the block off the port.

HTH,

Twayne

You, upset me!!!??! You'd have to he joking!
I laugh at CRAP like you.
You are just a TROLL that lurks here, giving WRONG information to the OPs.

Look at your answers in security: "do a Repair install to remove a Virus."
That sums up your lack of knowledge about computers; probably everything in
life as well.
--
Mad Mike


"Twayne" wrote:

Ohh, seems I hit a sore spot. Poor baby! You're losing it flunky; you
must need more naps.


Mick Murphy wrote:
The truth about your dumbness, in your own words, really hurts a
thin-skinned buffoon like you.

You can't handle the truth about yourself, written in your own words.
Go and wipe your crybaby eyes in your Mama's apron, you little,
ignorant boy.

I was the 1st one to answer the OP, you ignorant dope.

I am getting sick and tired of correcting YOUR mistakes that you are
posting to OPs
Get out of these Newsgroups, and let people that know what the are
doing help here.

Mick Murphy wrote:
"Gather together an arsenal of spyware programs, update them and
scan with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

You missed WinPatrol, you clueless cryptic and childish dummy.
Whenever you have nothing useful to say I notice you're very good at
saying it. I think your momma's calling you.

Read the garbage that you post, lol.

Carl wrote:
I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0
files infected on the disk drives and no viruses detected in
memory.

Their Security Scan found only one problem, Port 4567 name:
filenail Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is
installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port,
typically TCP port 4567, to allow the client system to connect.
File Nail could allow a remote attacker to gain unauthorized
access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus
program to determine if the target computer is host to a backdoor
program. If the program detects a backdoor, follow its
instructions to disinfect and repair the computer.

Again: Symantec Virus Detection found no infected files and I
ran a system check with the free version of Avira and it too
reported no problems.

So, in the immortal words of Laurence Olivier in "Marathon Man":
"Is it safe?"

Many thanks,
Carl

Maybe not. Symantec, Avira and the rest of them detect the
signatures of everything they know about. However, spyware, in the
form of trojans, worms, etc., are not detected by virus scanners.
Therefore, it's possible something is still there.
Gather together an arsenal of spyware programs, update them and
scan with those. I usually get decent luck with Adaware
(lavasoft.com), Spybot Search & Destroy (spybot.com I -think-) and
Spyware Blaster, along with running WinPatrol. Ymmv of course, and
others have differing opinions of the "best" spyware removers;
there are several of them that are good ones.
No single spyware program catches everything; each will usually
have strngths in some particular areas but not all; thus it's good
to maintain an arsenal of them for this type of problem.

Until you get it taken care of, you could close that port with your
firewall, whichever one you use. I don't think that will break
anything, but those can be famous last words; if something you use
suddenly stops working you may have to decide whether it's worth it
to take the block off the port.

HTH,

Twayne

You, upset me!!!??! You'd have to he joking!
I laugh at CRAP like you.
You are just a TROLL that lurks here, giving WRONG information to the OPs.

Look at your answers in security: "do a Repair install to remove a Virus."
That sums up your lack of knowledge about computers; probably everything in
life as well.
--
Mad Mike


"Twayne" wrote:

Ohh, seems I hit a sore spot. Poor baby! You're losing it flunky; you
must need more naps.


Mick Murphy wrote:
The truth about your dumbness, in your own words, really hurts a
thin-skinned buffoon like you.

You can't handle the truth about yourself, written in your own words.
Go and wipe your crybaby eyes in your Mama's apron, you little,
ignorant boy.

I was the 1st one to answer the OP, you ignorant dope.

I am getting sick and tired of correcting YOUR mistakes that you are
posting to OPs
Get out of these Newsgroups, and let people that know what the are
doing help here.

Mick Murphy wrote:
"Gather together an arsenal of spyware programs, update them and
scan with those."

Your words, loser.
You get ANTI-spyware Programs.

And a bit of knowledge for you, you don't scan with SpywareBlaster.

You missed WinPatrol, you clueless cryptic and childish dummy.
Whenever you have nothing useful to say I notice you're very good at
saying it. I think your momma's calling you.

Read the garbage that you post, lol.

Carl wrote:
I ran the Symantec online checks for Security Scan and Virus
Detection.

Their Virus Detection check reported 25,934 files scanned & 0
files infected on the disk drives and no viruses detected in
memory.

Their Security Scan found only one problem, Port 4567 name:
filenail Open.

Googling filenail produced this:

File Nail backdoor (FileNail_TCP_Request)
Unauthorized Access Attempt
Vulnerability description File Nail, also known as Nail and
Backdoor.Nail, is a backdoor Trojan written in Visual Basic that
affects Microsoft Windows operating systems. The backdoor uses a
client/server relationship, where the server component is
installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port,
typically TCP port 4567, to allow the client system to connect.
File Nail could allow a remote attacker to gain unauthorized
access and gain complete control of the system.

How to remove this vulnerability: Use an up-to-date antivirus
program to determine if the target computer is host to a backdoor
program. If the program detects a backdoor, follow its
instructions to disinfect and repair the computer.

Again: Symantec Virus Detection found no infected files and I
ran a system check with the free version of Avira and it too
reported no problems.

So, in the immortal words of Laurence Olivier in "Marathon Man":
"Is it safe?"

Many thanks,
Carl

Maybe not. Symantec, Avira and the rest of them detect the
signatures of everything they know about. However, spyware, in the
form of trojans, worms, etc., are not detected by virus scanners.
Therefore, it's possible something is still there.
Gather together an arsenal of spyware programs, update them and
scan with those. I usually get decent luck with Adaware
(lavasoft.com), Spybot Search & Destroy (spybot.com I -think-) and
Spyware Blaster, along with running WinPatrol. Ymmv of course, and
others have differing opinions of the "best" spyware removers;
there are several of them that are good ones.
No single spyware program catches everything; each will usually
have strngths in some particular areas but not all; thus it's good
to maintain an arsenal of them for this type of problem.

Until you get it taken care of, you could close that port with your
firewall, whichever one you use. I don't think that will break
anything, but those can be famous last words; if something you use
suddenly stops working you may have to decide whether it's worth it
to take the block off the port.

HTH,

Twayne