• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Questions about possible trojan problem

Linflas

Linflas

Lifer
My work laptop has Symantec Desktop Firewall installed on it. When I use dialup networking on it through my ISP I get messages from it wanting to make a UDP connection to addresses I obviously don't want to let it talk to. I have run a full system scan using Norton AV with the definitions files current as well as using a trojan finder from MooSoft. In both cases nothing is found on my system yet the alerts continue. Any idea what I should be looking for that is trying to connect to these addresses? Is it just port scanners that are trying to connect through Netbios? I cannot disable netbios on this machine as I also use it on a Windows 2000 LAN. Below is a verbatim message that is up as I am typing this.

Application: System
Local service: Outbound UDP on netbios-ns port(137)
Remote address: 206.26.162.28
 
This is who it belongs to:

Result for 206.26.162.28
Cable & Wireless CW-05BLK NET-206-24-0-0-1
206.24.0.0 - 206.31.255.255
VillageNet, Inc. CW-206-26-160 NET-206-26-160-0-1
206.26.160.0 - 206.26.167.255


If your firewall blocks it, I wouldnt sweat it much. Could it be your isp?
 
It's not my ISP. The addresses have been random and resolved to such places as Poland and Greece in addition to the one I provided in my initial post. I am just curious as to exactly what on my machine is trying to establish these outbound connections. It is annoying as hell to have the messages keep popping up so I would like to figure out exactly what rule I need to set to block them all or if there is a trojan that has somehow managed to get on my machine.
 
Originally posted by: Linflas
It's not my ISP. The addresses have been random and resolved to such places as Poland and Greece in addition to the one I provided in my initial post. I am just curious as to exactly what on my machine is trying to establish these outbound connections. It is annoying as hell to have the messages keep popping up so I would like to figure out exactly what rule I need to set to block them all or if there is a trojan that has somehow managed to get on my machine.
Click to expand...


Look for a proggie called TCP view, it will tell u what is trying to go out on that port.
 
Originally posted by: mboyLook for a proggie called TCP view, it will tell u what is trying to go out on that port.
Click to expand...


Or you can try FPORT and see which ports are used by with process/app.
 
Check in your registry as well

From the run line
Regedit

Then navigate to HKLM\Software\Microsoft\Windows\Current Version\Run

What is listed in the right hand pane?

Most trojans put a hook in this key.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top