Originally posted here by jinxy

I'm running a fire wall which has recently recorded a couple of inbound tcp connection attemps.
Using tds3 i did an interigation of the recorded ip address and found that netbus was running on port 12345.
And you also said you were scanned for a netbus server? So his connection tried to hit you on port 12345?

NetBus is not a virus it is a trojan. There are actually 2 programs associated with netbus a client and a server.
Unless somehow NetBus has been incorporated into a new virus which I doubt since every antivirus program has 1.7 in its sigs for quite a few years.

You have no right to disinfect as you say but I do not think you can even do this. It would be the same as brute forcing a remote password so I hope you have several super computers and a few years. Not only that but I know people who use netbus as there remote administration. This was a few years ago. Netbus was actually one of the pioneers of remote administration. So the guy may be using it on purpose.

Or the guy could be infected and the 'evil' user is scanning for other netbus servers from the clinet to hide his true ip. Either way you cant go into someones computer without there consent.