Re: 127.0.0.1 - Trojan Hacks?

From: Si. (spammers_at_get.stuffed)
Date: 03/22/04

• Next message: Zain Ali: "Virus"
• Previous message: anonymous_at_discussions.microsoft.com: "Re: computer types on its own in Word or MSN"
• In reply to: Si.: "Re: 127.0.0.1 - Trojan Hacks?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 22 Mar 2004 00:03:04 -0000

This is the information that goes into the NIS log file:

      Details: Rule "Default Block Netspy Trojan horse" stealthed
(localhost,1024)
      Inbound TCP connection
      Local address,service is (0.0.0.0,1024)
      Remote address,service is (localhost,3022)
      Process name is "E:\WINDOWS\Explorer.EXE"

NAV (up to date) reports no issues following manual scan.

Ad-aware (up to date) found no spy-ware.

Any ideas?

Si.

"Si." <spammers@get.stuffed> wrote in message
news:%23O9%23pj5DEHA.240@tk2msftngp13.phx.gbl...
> I get this message every time I reboot the PC.
>
> Virus scan still running (up to date) without any reported virus.
>
> Should I be concerned?
>
> Si.
>
> "Si." <spammers@get.stuffed> wrote in message
> news:%23y7oQxbDEHA.3664@TK2MSFTNGP10.phx.gbl...
> > I keep getting the following message using Norton Internet Security
(NIS):
> >
> > A computer with the IP address 127.0.0.1 attempted to connect to your
> > computer using Default Block Netspy Trojan horse.
> >
> > The IP address 127.0.0.1 belongs to a computer on your local network,
> > therefore there is no public network or domain information.
> >
> > My Norton Anti Virus definitions are (always) upto date and I run a
daily
> > scan - which shows no errors.
> >
> > What could be causing this problem?
> >
> > I use Win XP and have ADSL - which is Firewalled using XP and also
> protected
> > by NIS.
> >
> > Si.
> >
> >
>
>

---

• Next message: Zain Ali: "Virus"
• Previous message: anonymous_at_discussions.microsoft.com: "Re: computer types on its own in Word or MSN"
• In reply to: Si.: "Re: 127.0.0.1 - Trojan Hacks?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: WinXP sp 3 contains keylogger? ... It's difficult to believe anything it reports. ... IF ctfmon.exe was infected prior to the application of SP3, then NIS *should have been reporting* it as infected then. ... (microsoft.public.windowsxp.general) Re: NIS Strange Behavior ... is your computer trying to make the connection. ... You don't tell us what NIS reports ... logs at that time. ... (alt.computer.security) NIS+ Servers not responding ... Anyone know if you don't checkpoint NIS+ would it eventually end up ... reporting NIS+ Servers not responding? ... messages file we had reports of checkpoint required. ... (SunManagers) Re: 0x80072EFD error? ... Simple - from posts here and reports elsewhere there are obviously plenty of ... problems with SP2 unconnected with NIS that will keep Micra-slops busy over ... (microsoft.public.windowsupdate) Problem with IE6 - probably a relic of LOP Spyware ... I use upto date version of ad-aware and NIS 2004, ... If I rename the \temp\ folder to an alternative IE6 works properly. ... I cannot find the two files referenced above in the folder. ... (microsoft.public.windowsxp.help_and_support)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)