Printable View
I'm living in Greece , and every few days Norton alerts me of a blocked attempt to install a trojan horse on my system. Upon pinging the I.P. immediately after the attack , I get a message saying "Destinaton host unreachable". Can I close my ports to a certain I.P. or anything like that ? The ISP wouldn't give a s*** if alerted.
Which trojan is it?
A lot of this stuff uses spoofed addresses and runs automatically scanning networks/subnets.
:)
yah it blocks it you had mentioned...
Have you ran a full system scan? To see if it detects anything...
Or have you port scanned yourself...this is a very good secureing ports method.
Closing ports to an IP i am almost possitive you cannot do that. But you should be able to block the IP from anything... along the lines of connection to your PC.
if you are using norton internet security 2004 then u may add that IP in the blocked list. This will ensure higher layer of protection from that ip.
Most likely it's not trying to install a trojan, but trying to connect to one. Client-ends to trojans usually offer scanning capability, so don't worry about it. Your firewall is doing its job. If you are really worried about it, block the IP in the firewall.
Scans are extremely common.
As Soda stated, the person probably is on the trojan client and is running a scanner of sort's probing IP's seeing if they have the server of that particular trojan installed. Nothing to be worried about and again as Soda stated, the scans are extremely common. My suggestion: Block the IP and scan your system for trojan's just to be safe. I recommend SwatIt which can be downloaded at http://swatit.org :)
It's Trois v1 . Someone was trying to connect to it , obviously after being informed i was online . I was looking for instructions on how to find or remove it , but there were none. But i stumbled upon this IP tracer and got the user name: http://security.symantec.com/ssc/vr_...ODEQOHBDJQEEFG . (So useful i'll have to post it in Forensics so less people miss it ) Im downloading the trojan scanner now.
Have you tried any anti-spyware programs like <insert uniform AO response:> Sypbot S&D and Adaware? And run them in safe mode?
Yeah, and I'd run the SwatIt in safe mode as well. It usually is a very long but thorough scan so scanning in safe mode is really recommended.
Nhk you can even give more details about the attack by clicking on aller assistant in the norton alert windows. it gives you details about the port and the type of connection the IP is trying to establish. If you provide that your problem might be more clear because certain rules in the norton firewall do generate wrong alerts.