Dealing With Trojan Horses on My Home Computer

  • Thread starter Thread starter enigma
  • Start date Start date
  • Tags Tags
    Computer Home
Click For Summary

Discussion Overview

The discussion revolves around concerns regarding Trojan Horses detected by firewall software on a new computer. Participants explore the implications of these warnings, the reliability of the firewall and antivirus software, and the potential for actual threats versus benign alerts. The conversation includes technical troubleshooting and personal experiences related to computer security.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Mathematical reasoning

Main Points Raised

  • One participant questions whether the firewall is detecting genuine threats or if it is sensationalizing benign activity, noting their lack of previous issues before installing the firewall.
  • Another suggests downloading an antivirus program for further assurance, while a different participant emphasizes that the firewall's specific mention of "trojan horse" indicates a potential threat.
  • Concerns are raised about the reliability of the firewall software, with one participant suggesting it may be a ploy to encourage subscriptions.
  • Technical advice is offered to check active connections using the command prompt, with participants sharing their experiences and results from running the command.
  • One participant expresses skepticism about the likelihood of being targeted by hackers, suggesting that viruses are more common than Trojans and that personal connections are often involved in such attacks.
  • Another participant shares their experience of receiving repeated warnings about a specific Trojan, indicating a blocked attempt to connect to their computer, and expresses concern about potential threats from the moment of purchase.
  • Clarifications are made regarding the nature of the connections reported by the firewall, with some participants suggesting that blocked attempts do not necessarily mean the Trojan is present on the system.

Areas of Agreement / Disagreement

Participants express a mix of opinions regarding the nature of the threats and the effectiveness of the firewall. While some believe the warnings indicate a real risk, others argue that the firewall may be overly cautious or that the likelihood of being targeted is low. The discussion remains unresolved with competing views on the seriousness of the situation.

Contextual Notes

Participants mention various software and configurations, including Norton antivirus and firewall settings, but there are no definitive conclusions about the effectiveness or reliability of these tools. The discussion includes personal anecdotes and technical troubleshooting without resolving the underlying concerns about security.

enigma
Staff Emeritus
Science Advisor
Gold Member
Messages
1,739
Reaction score
20
"Trojan Horses"

I recently bought a new computer which came with firewall software pre-installed (first time I've ever had one).

About two or three times in the last two weeks, I've received warnings saying that Trojan Horses were blocked. The help file is not very helpful in describing what is really going on here.

Is someone somewhere actually trying to hack into my computer, or is the software catching something more benign and sensationalizing? I'm thinking it's probably more of the latter, since (to my knowledge) I've never had anything dangerous to my computer sent to me before I had the firewall, and I've never even gotten a virus except onto floppys which were cought from school lab computers (caught when I tried loading them on my home computer).

Anyone have any insight what's probably going on here?

Thanks!

vv techno weenie vv
 
Computer science news on Phys.org
If the firewall is specifically stating that it is blocking a trojan horse then download an anti-virus to make sure you don't have one. Other than that, I would just ingore the firewall.
 
Most firewalls will only report an "unauthorized access request" or something like that unless it is a known trojan horse. If it is actually using the phrase "trojan horse", you probably have one.

Njorl
 
Which software is that? If it is some shady bussiness they might be trying to hook you up on a subscription, by letting you think you are at danger :)
 
The software is Norton anti-virus and Norton Internet Security.

I have the latest definitions with LiveUpdate active for both.

The warnings are stating that they are blocking incoming files, not outgoing requests (IIRC). I'll post the exact wording next time I receive a warning...
 
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
 
When you get a chance, close all internet connections, open a command prompt and type "netstat" and post the results.
 
Oh man... how the hell do you open up a dos prompt in XP?

running netstat from the run... prompt has it close down before I can read what it says.
 
Originally posted by enigma
Oh man... how the hell do you open up a dos prompt in XP?
Start > All Programs > Accessories > Command Prompt
 
  • #10
Splain me Lucy why they hid it there?

Thanks Boulder,

Russ,

Code: 
Active Connections

  Proto  Local Address    Foreign Address      State
  TCP    Hal:1114         localhost:1027       CLOSE_WAIT

Same result whether or not I've got a window open or if I'm disconnected from the internet.
 
  • #11
Originally posted by dduardo
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
Thanks dduardo, I was starting to feel jealous with all the attention she was getting but yeah, I got the idea from her.


Enigma, I have got the same software (also recently bought computer) and I have never gotten a warning about trojen horses.. the only thing that annoys me that it keeps warning me about files on my computer trying to access the internet.

It asks me whether I want to allow them, but it doesn't give any information on which program it actually is. It just says this huppeldepup.exe file (huppeldepup meaning blabla).

Now I recently saw that I can track the IP address to which it is going, so I click that button, but all that shows up is a new window with a grey screen..

ever ran into that?
 
  • #12
I think you guys and gal are being a bit paranoid. Hackers don't care about your computer unless they personally know you or your a big target. I would know, because I had friends who did this type of stuff.

Your more likely to get a virus then a trojan. If you do have a trojan on your computer, i would suspect one of your friends putting it on your system. (I have done this to a couple of my friends for a good laugh. The random opening of the cd tray is classic.) The other possibility is a virus. The only reason a virus would try to connect to the internet is because it is launching a denial of service attack (DOS) against some website. But if your anti-virus isn't detecting it, then you don't have a virus. The likelyhood of you having a just released virus is very slim, unless you are directly downloading from IRC.

I would say, if you have broadband and have your computer hooked up to a router with Network address Translation (NAT), then turn off the software firewall. If you have your computer hooked up to the broadband modem directly, then keep the software firewall, but turn off logging, so it doesn't bug you with stupid messages about applications trying to gain access to the internet. If your on dialup, then you don't need a firewall.
 
  • #13
You don't know some of my friends, they would very well be able to play a trick on me like that

You know how BlueMountain works? You send a card to an email address and you mention your own email address and ask for confirmation of receipt. I remember once sending a BlueMountain card in name of a guy to a girl, ofcourse I am good enough to warn the girl that the card was not real, but the guy was very surprised, opening the link in his email that the card was opened by the receiver.. and then seeing the card..



He never quite got back to me so..
 
  • #14
Originally posted by enigma
Russ,

Code: 
Active Connections

  Proto  Local Address    Foreign Address      State
  TCP    Hal:1114         localhost:1027       CLOSE_WAIT

Same result whether or not I've got a window open or if I'm disconnected from the internet.
Netstat is a report of all active network connections. "Hal" would be the name of your computer I presume. "localhost" is a local connection, probably a monitoring thing like your firewall. If you had a trojan, you'd likely have an open connection and it would show the ip address or domain under "Foreign Address." Mine for example has "mail.comcast.net:pop3" indicating my mail application has an open connection to my mail server.

In any case, dduardo is right - its probably nothing. The biggest spreader of trojans though is file sharing services like Kazaa.
 
  • #15
I work for Symantec (Norton) and I do there Viurs,Trojan, and Worm removal. As stated earlier, unless you have personally made someone angry a hacker could careless who you are. They just throw them out there and see where they stick. If it said that it blocked it, then you don't have one. You should do a full system scan after updating your viurs defs.

With NIS you can find out where the person lives but it is really pretty worthless information.
 
  • #16
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)
Remote Address: 68.36.14.157:4198

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.
 
  • #18
Originally posted by enigma
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)
Remote Address: 68.36.14.157:4198

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.


This does not mean you have the subSeven Trojan. All it means is that IT tried to get on to your computer and the firewall blocked it. As long as your viurs defs are upto date and you do a FULL SYSTEM scan and it comes up clean then you are fine!
 
  • #19
You know, enigma, it's odd... I'm also running Norton Internet Security, and I get that exact same Backdoor/Subseven Trojan Horse message quite often (at least a couple of times every day, or so it seems). I've never detected any viruses after running scans of my HD tho... It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it. In fact, the computer I used at college actually did get infected with a trojan. Didn't have Norton on that one..
 
  • #20
Originally posted by hypnagogue
It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it.

Yeah, no kidding. Never again, I tells ya!

I got yet another one just about 20 minutes ago. I don't know if it's comforting or worrying that it came from a different IP address.

Thank you all for your help with this. Put my ignorant mind at ease.
 
  • #21
Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.
 
Last edited:
  • #22
Originally posted by The_Professional
Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.
That depends on the level of security you set. At the highest level, it asks your permission before allowing ANY app to use the internet.
 
  • #23
When I do the netstat command prompt I get a reply that shows my computer connected to a 1028 computer. I have nothing on but the desktop screen. The cable modem is on and the activity light is on most of the time.
About a month age I noticed that the activity light on the modem is on most of the time and the computer is taking longer turning on and off.
I have Norton anti virus and firewall.
i also have various bug removal programs ( spyremover , pestpatrol, ad aware )
all I ever get is spyware cookies and they get deleted.
 
  • #24
yes.i get the subseven trojan horse trying to hit on my pc frequently. Could it be someone trying to hack my pc?
 

Similar threads

Dell Tries to Scam Me: Horrible Tech Support & Unwarranted Warranties
  • · Replies 16 ·
Replies
16
Views
3K
Will AI Destroy Humanity: The Future of Home Computing?
  • · Replies 1 ·
Replies
1
Views
3K
Trojan Removal Help: Get Rid of Vundo, Metajuan & More on XP
  • · Replies 8 ·
Replies
8
Views
6K
Is Your Webcam Safe? Spanish Police Arrest Suspected Trojan Horse Creator
  • · Replies 16 ·
Replies
16
Views
5K
Cold-call scammers, "Your Windows computer is infected"
  • · Replies 23 ·
Replies
23
Views
3K
Could a Mac be useful for a physics student?
  • · Replies 2 ·
Replies
2
Views
3K
Calculators Computer infected by an anti-virus conpany's virus
  • · Replies 21 ·
Replies
21
Views
7K
Is Adware Becoming More Sophisticated and Virus-Like?
  • · Replies 4 ·
Replies
4
Views
3K
Troubleshooting Printer Issue on HP s3120 with Vista Home Premium
  • · Replies 13 ·
Replies
13
Views
9K
Confess Your Stupidity: Tales of Mishandled Tech & Awkward Experiments
  • · Replies 43 ·
2
Replies
43
Views
8K