system listening on port 139 - nbsess


i read as much of the newcomer info as i thought applied to me. this isn’t so much a problem as i’m wondering if it is a legitimate access request or something to be concerned about.

i did a System Recovery to factory condition on a Dell laptop via the built-in Ghost image. the system runs Windows XP Home Edition SP2 (build 2600). i set up the wireless networking for Wi-Fi, then moved on to quickly downloading security programs. i forget the exact order, but i believe i installed CPF 3.0 first.

**here is the message of concern that i got from Comodo:
“System is listening on port 139.” and it referred to “nbsess”.

this happened two times, while i was setting up various antivirus programs and doing basic setup and organizing of shortcuts and such. i was also logged in as Admin. i was using Wi-Fi internet from the coffeeshop nearby.

i didn’t remove or disable anything that i recall before installing CFP, nor do i remember the exact order of installation (as i was in a terrible rush for my friend who needed this machine for schoolwork). however, i believe CFP was the first thing i installed, as i put it first on my list. i unfortunately didn’t update Windows (all 80 updates) until after the avast!, Spybot S&D, SpywareBlaster, Comodo BOClean, and Comodo were all installed. however, in between downloading programs i would disconnect from the wireless network to do installs. also, i also don’t recall removing or disabling any security apps after installing CFP. one more thing is that i didn’t establish any rules yet, as i was in a rush and just wanted some basic protection going on the machine to start. i plan on doing that part later, after i have read up on it and when i get another chance to work on the machine.

here are the programs that were probably installed at the time of the message:
avast! 4.7 Home Edition - running all 6 modules
Spybot 1.5.1 - running
SpywareBlaster 3.5.1 - had already run it probably
Firefox - running intermittently
IE 6
Windows AutoUpdate was on
Eraser 5.7 (i think that was the version) - context menu up
CCleaner 2.04.543 - installed, not running
Belarc Advisor 7.2 - installed
HijackThis v2 - installed
Comodo BOClean 4.25 - probably running
Dell Support 3.3 - running in background

also, in case this helps, these were possibly or probably running as listed in the msconfig but i took these names down before the recovery was done (names that i looked up as belonging to each .exe name in the list):
Intel graphics card
Synaptics touchpad
Intel ZeroConfigNic
Intel Wireless
Sigmatel Media Sound card (Dell)
Sound Blaster - Audigy - Creative Labs
some AutoUpdater Macro something thing (can’t read my writing) - isuspm.exe
issch.exe (some update service scheduler - can’t decipher my writing)
Sonic Solutions Drive Letter (CD/DVD Burning)
Yahoo’s MusicMatch tray
netWaiting.exe - some telephony thing
Dell Media & Dell’s multimedia suite launcher
Digital Line Detector
MSOffice Suite (ctfmon.exe)
office startup (OSA.exe)

that was probably way too much irrelevant info but i figure too much rather than not enough.

**my question, then, is:
1 - what is “nbsess”? i’ve read that it’s NetBui, and also that it’s NetBIOS. which is it?
2 - was this a legitimate/safe request?
3 - if not a legitimate/safe request, should i revoke permission for this nbsess (if i can figure out how, as it’s not listed anymore in the active list whose title i forget in CFP), then wait for it to happen again so i can take a different action? could there be any other adverse consequences from this act of permission that may require me to do yet another reformat…? (the machine had been infested with malware so i finally determined that a reformat was the safest way to go)

thank you for any assistance.

Port 139 is usually used for Windows File & Printer sharing-do you have that turned on?

File & Print Sharing is not turned on that i know of. perhaps i didn’t know how to answer the networking wizard (i’m bad at networking). i vaguely recall joining a network or being asked to join or having had it confirmed that i joined; but i thought i didn’t give permission for file/print sharing. i did give permission for files to be shared among user names, though.

1 - is there a quick way to check? (i’d need to call the owner of the laptop and have her check since the machine is not with me.) otherwise, i can look it up somewhere. i’m just wondering if there is just the one networking setting with the checkbox for File & Print Sharing, or if there are other places i need to check. i don’t want to overlook anything.

2 - are there other possibilities that this could be?

[i know i should never do this kind of thing in such a rush again. i actually don’t even want to work on other people’s computers anymore, because it always turns into way more time than i plan.]

If you gave permission for files to be shared, that should cause the system to listen on port 139 for sharing requests. nbsess is the NetBiosSession manager that handles the sharing requests. When you say you got a message, was it a popup from the firewall? Or something else? What did it actually say? You should take a look at your log and see if there are any messages, but this should be part of the normal network business with your settings. Keep an eye out for further messages, and do a Virus Scan.