Questions about possible trojan problem

Toggle sidebar Toggle sidebar
Linflas

Linflas

Lifer
Jan 30, 2001
15,395
78
91
My work laptop has Symantec Desktop Firewall installed on it. When I use dialup networking on it through my ISP I get messages from it wanting to make a UDP connection to addresses I obviously don't want to let it talk to. I have run a full system scan using Norton AV with the definitions files current as well as using a trojan finder from MooSoft. In both cases nothing is found on my system yet the alerts continue. Any idea what I should be looking for that is trying to connect to these addresses? Is it just port scanners that are trying to connect through Netbios? I cannot disable netbios on this machine as I also use it on a Windows 2000 LAN. Below is a verbatim message that is up as I am typing this.

Application: System
Local service: Outbound UDP on netbios-ns port(137)
Remote address: 206.26.162.28
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
This is who it belongs to:

Result for 206.26.162.28
Cable & Wireless CW-05BLK NET-206-24-0-0-1
206.24.0.0 - 206.31.255.255
VillageNet, Inc. CW-206-26-160 NET-206-26-160-0-1
206.26.160.0 - 206.26.167.255


If your firewall blocks it, I wouldnt sweat it much. Could it be your isp?
 
Linflas

Linflas

Lifer
Jan 30, 2001
15,395
78
91
It's not my ISP. The addresses have been random and resolved to such places as Poland and Greece in addition to the one I provided in my initial post. I am just curious as to exactly what on my machine is trying to establish these outbound connections. It is annoying as hell to have the messages keep popping up so I would like to figure out exactly what rule I need to set to block them all or if there is a trojan that has somehow managed to get on my machine.
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
Originally posted by: Linflas
It's not my ISP. The addresses have been random and resolved to such places as Poland and Greece in addition to the one I provided in my initial post. I am just curious as to exactly what on my machine is trying to establish these outbound connections. It is annoying as hell to have the messages keep popping up so I would like to figure out exactly what rule I need to set to block them all or if there is a trojan that has somehow managed to get on my machine.
Click to expand...


Look for a proggie called TCP view, it will tell u what is trying to go out on that port.
 
Thor86

Thor86

Diamond Member
May 3, 2001
7,888
7
81
Originally posted by: mboyLook for a proggie called TCP view, it will tell u what is trying to go out on that port.
Click to expand...


Or you can try FPORT and see which ports are used by with process/app.
 
S

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
Check in your registry as well

From the run line
Regedit

Then navigate to HKLM\Software\Microsoft\Windows\Current Version\Run

What is listed in the right hand pane?

Most trojans put a hook in this key.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom