Trojan attacks.

**wonwinglo** · 17-01-2005

Can anyone help here-
For the past few days my Nortons firewall has detected half hourly attacks which are reported as 'Default block Sokets de Trois V1 Trojan' the firewall blocks the port for 30 minutes,I then did a security check for network vulnerability port status which showed up 'open port' warning scan was able to make a connection with your computer.
I then did another check via Nortons firewall as follows-
Options>View statistics>One>Local column,I found alg.exe as the only executable in there which on checking is a legit c:\windows\System32 folder and disabling is not advised.
However a further check says that a similar file can hide itself away as spyware so I did a virus check which found nothing ?
The question is-Is the trojan trying to access via that open port and what can I do at this stage before any harm is done,it seems to have somehow latched onto my computer ?
Any help much appreciated.

Phoenix · 18-01-2005

close the port

**wonwinglo** · 18-01-2005

Quote:

Originally Posted by Phoenix

close the port

*** Phoenix how do I do this ?

IainM · 18-01-2005

I routinely use a couple of programmes that, together, seem to keep my system clear of all the real nasties (touch wood)!
TrojanHunter, marketed by Mischel Internet Security in the USA does a marvelous job of scanning for Trojans and the like. Costs $48 but has excellent update functionality.

Ad-Aware, by Lavasoft, is available in a single user, personal, version as a freebe.
Its great at detecting and getting rid of the data miners and such like. Again, a very good update function is provided.

Quite amazing the stuff that creeps onto your PC when you are not looking :-(

**wonwinglo** · 18-01-2005

Thanks Iain,could be worth purchasing this Trojan buster,nothing shows on a virus scan with Nortons ? has it parked something and feeding onto it ?

Phoenix · 18-01-2005

i dont use norton now so i cant remember how to do it i will let someone with more knowlege of norton tell you how to do it

**wonwinglo** · 18-01-2005

Quote:

Originally Posted by Phoenix

i dont use norton now so i cant remember how to do it i will let someone with more knowlege of norton tell you how to do it

*** John can you help here ? how do I close a port with Nortons please ?

**wonwinglo** · 18-01-2005

Just found this on the net-
First, the port isn't open, it's in Stealth Mode (actually not even open, but Norton doesn't advertise this--if it did, the distant end would know the computer existed and would run a port scan against it.)

The fact that you are getting the messages tells you that the firewall is actually working. That trojan horse attempts port 5000 by default.

You can copy the emoticons, but be aware that they are probably copyrighted, which means you can't use them. Check with the site owner.

So apparently their is no virus that shows on my computer because there is non,but why is this Trojan attempting attack every evening ? and is there a way that I can stop it ? will that Trojan Hunter programme help in this case ?

**wonwinglo** · 19-01-2005

Why does a firewall only block an offending port for only 30 minutes at a time ? surely if the firewall detects something like a Trojan it should block it altogether ?

IainM · 05-02-2005

Ports are a bit like letter boxes in the front door.
All sorts of stuff needs to be able to come through them ... much of which is legitimate.

Trojans and the like spend their time 'polling' PCs connected to the web, looking for an unprotected port. ( a bit like cold calls from the call centre in timbucktoo ..pick it up and ..)
If they find one ... bingo, they are in and installing all sorts, most of which attempts to use the unprotected port as a way in/out of your PC.
If your Firewall NEVER reports any form of activity ... I'd get a wee bit worried whether or not it was working! At least you know it is when it blocks a port or a trojan etc.

If the firewall blocked the port permanently .. you'd soon not be able to connect to the internet at all!!