norton firewall, is it crazy?
Results 1 to 8 of 8

Thread: norton firewall, is it crazy?

  1. #1

    norton firewall, is it crazy?

    I have had norton personall firewall installed on my xp sp1 driven computer for awhile now.
    I turned it on today and I keep getting alerts for inboundUDP 63.127.192.226 was executed.(high risk) When I click o.k. it just keeps on coming up. I have checked my alert settings, nothing.I have scanned for trojans with adaware. I have norton anti 2004 with it.

    heres the details
    Program: system
    Protocol: UDP(inbound)
    Remote Address: 68.41.136.195:137
    Local Address: 68.41.136.195:137
    Location: Home
    Now when I click o.k. the Remote address and the local address change.

    80.71.71.182:2851 remote
    68.41.136.195:1026 home
    any suggestions??? thanks a million

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    Maybe some kiddie trying to DoS you with an UDP flood.
    I wonder why the target port changes???
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  3. #3
    O.k. just shut off my modem and im still getting alert???
    details

    Program: svchost.exe
    Path: \windows\system32\
    Protocol: UDP(outbound)
    remot address: 68.42.244.:53
    local address: all local network adapters: 1029
    location: home

    details
    Program: iexplore.exe
    same as above....

    Im guessing its my settings, but where?

  4. #4
    Member
    Join Date
    Feb 2004
    Posts
    53
    Try contacting Symantec customer support. I'm sure that they could help you.

    I, however, am not so sure about this. If the protocol is outbound, then it is coming from you.

    Perhaps ie is just wanting to access a website??

    And if you shut off your modem and still get alerts, then this would mean that you are possibly infected??
    MySig != Worth your time

  5. #5
    yea thats what im thinking.
    I got svchost.exe and iexplor.exe both trying over and over and I didnt make anychanges
    although Im not the only person who uses this comp. thanks I'll keep on it..

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    is it iexplor.exe or iexplore.exe ?

    do you have an AV and a trojan scanner ?

    could be Trojan.Sidea
    http://securityresponse.symantec.com...jan.sidea.html

    there are also a few trojans that mask as a vaild system file such as svchost.exe

    you might want to search google a bit (and these forums) and look at what the file sizes are compared to the valid windows file sizes.. but I'd be running tauscan and pestpatrol and a few other scanners on them if I were you.

  7. #7
    yea scanned with norton and found 3 files

    gator.exe
    gmt.exe
    gmt.dll
    and I deleted them successfully

    but its still doing it , I havent restarted yet but I think maybe i'll try uninstalling it and reinstalling,

    well now it's not explore.exe or svchost.exe those have stopped

    now its ccproxy.EXE and Lucomserver.EXE
    path: \program files\symantec\liveupdate\
    and I have updated everything(wierd)

    it keeps showing the alert but I have gone thru all the settings and it says "permit all"
    for those items - I have looked all over for the alert settings and I have set it to not alert me on those connections but it still does? So I'll try the reinstall thing then I"ll get back....

  8. #8
    Senior Member
    Join Date
    May 2002
    Posts
    143
    Just a suggestion . . . it's not really a good idea to uninstall and reinstall your firewall or AV before thoroughly cleaning up whatever it is that's infected your system - IMHO. There's a good possibility that your reinstalled program has now been compromised. At this point I'd zero out my hard drive and reinstall the Master Boot Record and operating system - start over from scratch. That's just me though - a bit paranoid when dealing with viri, trojans and the like . . . I had a bad experience, which kept getting worse using Norton AV - so I never went back to them. Are you running anything for trojans? If not, you might want to try SwatIt. You can set the program to scan individual files or complete drives, make additions to the standard scanned extensions file and there is a free version. I wish you the best of luck . . . trojans are a royal pain!!

    V.
    All truths are easy to understand once they are discovered; the point is to discover them. What lies behind us and what lies before us are tiny matters compared to what lies within us.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •