Weird Kerio firewall results...

[Entity]

I was just scanning through my logs in Kerio, and noticed something under Logs->Intrusions. There are several counts of "BACKDOOR trojan active millenium" listed. The "source of attack," however, is an IP that I'm familiar with -- one of my external linux servers hosted at a GNAX datacenter, so I'm reasonably sure that machine (which is a new machine) isn't infected with anything or attempting to attack me.

All that said, I'm still reasonably paranoid about trojans and security ever since being rootkit'd a while ago on one of my linux servers (long story). I'm wondering if there is anything I should do to check out my current machine, or if this is most likely just a false positive.

Anyone know?

Rob

 

[Entity]

Bump. Just got a bunch more saying "BACKDOOR trojan active deltasource" and "... devil103." Anyone know what might be going on here?

Rob

 

[mechBgon]

You might try the Kaspersky, Panda and TrendMicro online antivirus scanners to start with: links for them and others. Any plausible reason to suspect a Trojan infection? New software, or someone borrowed your computer, or ???

 

[Entity]

I downloaded Kaspersky and am trying it right now (ran Norton earlier). I don't have any big reasons to expect a Trojan, but I work in a high-risk field (poker, gaming, and gambling), and obviously the risks of visiting lots of gaming-related sites (and using related software) put me at a higher risk for infection.

I'm behind a Netgear router/firewall that seems to block some traffic as well, but I'm not sure that it blocks enough for me to really feel secure.

Rob

Edit: I should add that I have run Norton, Panda, and TrendMicro and not come up with anything.

 

[mechBgon]

1) if you use a Limited-class account for that stuff, it will help deter exploits from gaining the power needed to do bad stuff via your browser

2) you can lock down your router to help limit the options available to the malware for phoning home from the inside out: example showing a Netgear RP614

 

[Entity]

That's my router. I'll check out the site you linked.

 

[Gurck]

I get a lot of this in my KPF logs when using bittorrent. Some googling led me to believe they're false positives.