Bla Trojan Horse

Sutto · 07-01-2004, 11:43 PM

Ok i think i may have this trojan.. Twice i turn on my pc and get this message from norton antivirus

Details: Rule "Default Block Bla Trojan horse" blocked (64.4.12.201,1042)
Inbound UDP packet
Local address,service is (NONE(10.0.0.8),1042)
Remote address,service is (64.4.12.201,7001)
Process name is "N/A"

2 days in a row and havn't had it today (got it yesterday and day before.) I have ran Adaware Pro, Norton Antivirus, Pestcontrol, Trojan Hunter 3.8 (without update)... And all found nothing.. I think it may have got in and made itself invisible, or does that norton thing mean it tried to get on my pc but never made it on?

Also a CCproxy.exe is taking up alot of my cpu space (hasn't normally)

Help appreciated..

~~Lobos~~ · 07-02-2004, 02:14 AM

I believe it was telling you it blocked it

Default Block Bla Trojan horse" blocked (64.4.12.201,1042)
Inbound UDP packet

Do you use nortons firewall that looks like a firewall

im not familar with antivirus telling you it blocked something

Lobos

Sutto · 07-02-2004, 02:30 AM

thats what i thought... Yes its a firewall

Ive talked to a variety of people on msn who know computers quite well and some have told me that the trojan is on my pc trying to connect but got blocked, some are telling me it tried to get on but norton canned it before it made it on... Also is that IP address it came with, is that the person who sent it to me or a hacker or what..

**jgvernonco** · 07-02-2004, 08:16 AM

You will note that it identifies the UDP packet as inbound, which means that it is being blocked on the way in, not out.

The addy is not registered, which means it is part of a network set up by the bad guys.

After they get done sweeping your little patch of the web, things will settle back down.

Sutto · 07-02-2004, 11:31 PM

Well i have 2 firewalls installed on my pc (norton, and sygate) and sygate logs, show that "Somebody is scanning your computer" and it has that log about 20 times... and then after each one an address that was blocked!!! My is my computer being screwed with! :no:

**jgvernonco** · 07-03-2004, 07:48 AM

"Barbarians at the Gate".

I have been through a couple of periods like this, myself. As a matter of fact, I finally set my firewall to NOT notify me about these things, as it was getting monotonous.

I am going to close this thread. If you have any further problems, please feel free to start another one.

Drop by anytime!

07-01-2004, 11:43 PM	#1 (permalink)
Sutto Registered User Join Date: Jul 2004 Posts: 15 OS: XP Pro	Bla Trojan Horse Ok i think i may have this trojan.. Twice i turn on my pc and get this message from norton antivirus Details: Rule "Default Block Bla Trojan horse" blocked (64.4.12.201,1042) Inbound UDP packet Local address,service is (NONE(10.0.0.8),1042) Remote address,service is (64.4.12.201,7001) Process name is "N/A" 2 days in a row and havn't had it today (got it yesterday and day before.) I have ran Adaware Pro, Norton Antivirus, Pestcontrol, Trojan Hunter 3.8 (without update)... And all found nothing.. I think it may have got in and made itself invisible, or does that norton thing mean it tried to get on my pc but never made it on? Also a CCproxy.exe is taking up alot of my cpu space (hasn't normally) Help appreciated..

07-02-2004, 08:16 AM	#4 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	You will note that it identifies the UDP packet as inbound, which means that it is being blocked on the way in, not out. The addy is not registered, which means it is part of a network set up by the bad guys. After they get done sweeping your little patch of the web, things will settle back down. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

07-03-2004, 07:48 AM	#6 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	"Barbarians at the Gate". I have been through a couple of periods like this, myself. As a matter of fact, I finally set my firewall to NOT notify me about these things, as it was getting monotonous. I am going to close this thread. If you have any further problems, please feel free to start another one. Drop by anytime! __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

07-02-2004, 02:14 AM	#2 (permalink)
~~Lobos~~ Troubled Join Date: Apr 2004 Location: California Posts: 943 OS: Windows XP	I believe it was telling you it blocked it Default Block Bla Trojan horse" blocked (64.4.12.201,1042) Inbound UDP packet Do you use nortons firewall that looks like a firewall im not familar with antivirus telling you it blocked something Lobos

07-02-2004, 02:30 AM	#3 (permalink)
Sutto Registered User Join Date: Jul 2004 Posts: 15 OS: XP Pro	thats what i thought... Yes its a firewall Ive talked to a variety of people on msn who know computers quite well and some have told me that the trojan is on my pc trying to connect but got blocked, some are telling me it tried to get on but norton canned it before it made it on... Also is that IP address it came with, is that the person who sent it to me or a hacker or what..

07-02-2004, 11:31 PM	#5 (permalink)
Sutto Registered User Join Date: Jul 2004 Posts: 15 OS: XP Pro	Well i have 2 firewalls installed on my pc (norton, and sygate) and sygate logs, show that "Somebody is scanning your computer" and it has that log about 20 times... and then after each one an address that was blocked!!! My is my computer being screwed with! :no: