Common port shutdown method 113 port Trojan removal (only for windows system): This is a Trojan based on irc chat room control. 1. First use the netstat -an command to determine whether the 113 port is open on your system. 2. Use the fport command to see which program is downloaded in the ****113 port fport tool. For example, we use the fport to see the following result: Pid Process Port Proto Path 392 svchost -> 113 TCP C:\\WINNT\\system32\\vhos.exe We can determine that the Trojan program on port 113 is vhos.exe and the path to the program is c:\\winnt\\ Under system32. 3. After determining the Trojan program name (that is, the program on port ****113), find the process in the task manager and use the manager to end the process. 4. In the start-run, type regedit to run the registry management program, find the program you just found in the registry, and delete all relevant key values. 5. Delete the Trojan from the directory where the Trojan is located. (usually Trojans will include other programs, such as rscan.exe, p***ec.exe, ipcpass.dic, ipcscan.txt, etc., depending on the Trojan, the files are different, you can look at the program generation and Modify the time to determine other programs related to the Trojans on port ****113. 6. Restart the machine. Port 3389 is closed: First, the port 3389 is the port opened by the remote management terminal of Windows. It is not a Trojan horse. Please make sure that the service is open to you. If not, please turn off the service. Win2000 shutdown method: win2000server Start-->Program-->Administrative Tools-->Services to find the Terminal Services service item, select the property option to change the startup type to manual, and stop the service. Win2000pro Start-->Settings-->Control Panel-->Administrative Tools-->Services find the Terminal Services service item, select the property option to change the startup type to manual, and stop the service. Winxp close method: Right click on the property on my computer -> remote, remove the tick in the two options box of Remote Assistance and Remote Desktop. 4899 port shutdown: First, the port 4899 is a remote administrator software (remote administrator) server **** port, he can not be regarded as a Trojan horse, but with remote control function, usually anti-virus software can not find it Please determine if the service is open to you and is required. If not, please turn it off. Close port 4899: Enter cmd (command below 98) in the Start--> run, then cd C:\\winnt\\system32 (your system installation directory), type r_server.exe /stop and press Enter. Then enter r_server /uninstall /silence to C:\\winnt\\system32 (system directory) to delete r_server.exe admdll.dll radbrv.dll three files 5800, 5900 ports: 1. First use the fport command to determine **** The location of the 5800 and 5900 ports (usually c:\\winnt\\fonts\\ explorer.exe) 2. Kill the relevant process in the task manager (note that one of the systems is normal, please note! Error killing can re-run c:\\winnt\\explorer.exe) 3. Delete the explorer.exe program in C:\\winnt\\fonts\\. 4. Delete the Explorer item in the registry HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run. 5. Restart the machine. Port 6129 is closed: First, port 6129 is a remote control software (dameware nt utilities) server port, he is not a Trojan, but with remote control, the usual anti-virus software can not find it of. Please make sure that the service is installed by yourself and is required. If not, please close it. Close port 6129: Select Start-->Settings-->Control Panel-->Administrative Tools-->Services to find the DameWare Mini Remote Control item, right-click and select the Properties option, change the startup type to disable and stop the service. . Remove the DWRCS.EXE program from c:\\winnt\\system32 (system directory). Delete the HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\DWMRCS entry into the registry. Port 1029 and Port 20168: These two ports are backdoor ports that are open by the lovgate worm. For information about worms, see: Lovgate worm: http://it.rising.com.cn/newSite/... rus/Antivirus_Base/TopicExplorerPagePackage/lovgate.htm You can download the killer tool: http://it.rising. Com.cn/service/... ovGate_download.htm How to use: Run directly after downloading, restart the machine after the program finishes running, and then run the program again. Port 45576: This is the control port of the agent software. Please make sure that the agent software is not installed by you (the agent software will bring extra traffic to your machine). Close the agent software: 1. Please use the fport to see the agent first. Where the software is located 2. Turn off the service (usually SkSocks) in the service and turn it off. 3. Remove the program from the directory where the program is located. The defense against the 139 port attack is also different for different system settings, which are described separately below. For users who use Windows 9x system dial-up users, you can log in to the NT LAN environment, open the control panel, and then double-click the “Network” icon to select “Microsoft Friendly Login” in “Main Network Login”. Select the "Windows Network User" method. In addition, you don't have to set "File Print Sharing" for Windows NT users. You can unbind NetBIOS from TCP/IP protocol, open the "Control Panel", and then double-click the "Network" icon in "NetBIOS". In the interface, select "WINS Client (TCP/IP)" as "Disable" and restart the computer. Windows 2000 users can right-click on the "Network Neighborhood" icon and select the "Properties" command to open the "Network and Dial-up Connections" dialog box and right-click on the "Local Area Connection" icon. And then execute the "Properties" command to open the "Local Connection Properties" dialog. Double-click "Internet Protocol (TCP/IP)" and click the [Advanced] button in the dialog box that opens. Open the "Advanced TCP/IP Settings" dialog box, select the "Options" tab, click on the list to select the "TCP/IP Filter" option, click the [Properties] button, and in the "Allow only" & rdquo ; Click the [Add] button to fill in the ports to be used in addition to 139. For personal Internet users, you can use the “Tianwang Firewall” to customize firewall rules. Start “ Skynet Personal Firewall”, select an empty rule, set the packet direction to “receive”, the IP address of the other party selects “any address”, the protocol is set to “TCP”, the local port is set to “139 to 139”, the other port is set to “0 to 0”, set the flag to “SYN”, the action is set to “intercept”, and finally click the [OK] button and customize in “ld” The IP rule> check this rule in the list to start blocking the 139 port attack. Knowing that port 139 is better for frequently unused ports can be closed by closing port 139.