Dealing With Trojan Horses on My Home Computer

In summary: I would say leave the firewall on. If you have never had a trojan horse before and you are getting these warnings, it is probably due to the new software firewall that came with your computer. Disable the software firewall and see if the warnings stop.
  • #1

enigma

Staff Emeritus
Science Advisor
Gold Member
1,758
17
"Trojan Horses"

I recently bought a new computer which came with firewall software pre-installed (first time I've ever had one).

About two or three times in the last two weeks, I've received warnings saying that Trojan Horses were blocked. The help file is not very helpful in describing what is really going on here.

Is someone somewhere actually trying to hack into my computer, or is the software catching something more benign and sensationalizing? I'm thinking it's probably more of the latter, since (to my knowledge) I've never had anything dangerous to my computer sent to me before I had the firewall, and I've never even gotten a virus except onto floppys which were cought from school lab computers (caught when I tried loading them on my home computer).

Anyone have any insight what's probably going on here?

Thanks!

vv techno weenie vv
 
Computer science news on Phys.org
  • #2
If the firewall is specifically stating that it is blocking a trojan horse then download an anti-virus to make sure you don't have one. Other than that, I would just ingore the firewall.
 
  • #3
Most firewalls will only report an "unauthorized access request" or something like that unless it is a known trojan horse. If it is actually using the phrase "trojan horse", you probably have one.

Njorl
 
  • #4
Which software is that? If it is some shady bussiness they might be trying to hook you up on a subscription, by letting you think you are at danger :)
 
  • #5
The software is Norton anti-virus and Norton Internet Security.

I have the latest definitions with LiveUpdate active for both.

The warnings are stating that they are blocking incoming files, not outgoing requests (IIRC). I'll post the exact wording next time I receive a warning...
 
  • #6
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
 
  • #7
When you get a chance, close all internet connections, open a command prompt and type "netstat" and post the results.
 
  • #8
Oh man... how the hell do you open up a dos prompt in XP?

running netstat from the run... prompt has it close down before I can read what it says.
 
  • #9
Originally posted by enigma
Oh man... how the hell do you open up a dos prompt in XP?
Start > All Programs > Accessories > Command Prompt
 
  • #10
Splain me Lucy why they hid it there?

Thanks Boulder,

Russ,

Code:
Active Connections

  Proto  Local Address    Foreign Address      State
  TCP    Hal:1114         localhost:1027       CLOSE_WAIT

Same result whether or not I've got a window open or if I'm disconnected from the internet.
 
  • #11
Originally posted by dduardo
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
Thanks dduardo, I was starting to feel jealous with all the attention she was getting but yeah, I got the idea from her.


Enigma, I have got the same software (also recently bought computer) and I have never gotten a warning about trojen horses.. the only thing that annoys me that it keeps warning me about files on my computer trying to access the internet.

It asks me whether I want to allow them, but it doesn't give any information on which program it actually is. It just says this huppeldepup.exe file (huppeldepup meaning blabla).

Now I recently saw that I can track the IP address to which it is going, so I click that button, but all that shows up is a new window with a grey screen..

ever ran into that?
 
  • #12
I think you guys and gal are being a bit paranoid. Hackers don't care about your computer unless they personally know you or your a big target. I would know, because I had friends who did this type of stuff.

Your more likely to get a virus then a trojan. If you do have a trojan on your computer, i would suspect one of your friends putting it on your system. (I have done this to a couple of my friends for a good laugh. The random opening of the cd tray is classic.) The other possibility is a virus. The only reason a virus would try to connect to the internet is because it is launching a denial of service attack (DOS) against some website. But if your anti-virus isn't detecting it, then you don't have a virus. The likelyhood of you having a just released virus is very slim, unless you are directly downloading from IRC.

I would say, if you have broadband and have your computer hooked up to a router with Network address Translation (NAT), then turn off the software firewall. If you have your computer hooked up to the broadband modem directly, then keep the software firewall, but turn off logging, so it doesn't bug you with stupid messages about applications trying to gain access to the internet. If your on dialup, then you don't need a firewall.
 
  • #13
You don't know some of my friends, they would very well be able to play a trick on me like that

You know how BlueMountain works? You send a card to an email address and you mention your own email address and ask for confirmation of receipt. I remember once sending a BlueMountain card in name of a guy to a girl, ofcourse I am good enough to warn the girl that the card was not real, but the guy was very surprised, opening the link in his email that the card was opened by the receiver.. and then seeing the card..



He never quite got back to me so..
 
  • #14
Originally posted by enigma
Russ,

Code:
Active Connections

  Proto  Local Address    Foreign Address      State
  TCP    Hal:1114         localhost:1027       CLOSE_WAIT

Same result whether or not I've got a window open or if I'm disconnected from the internet.
Netstat is a report of all active network connections. "Hal" would be the name of your computer I presume. "localhost" is a local connection, probably a monitoring thing like your firewall. If you had a trojan, you'd likely have an open connection and it would show the ip address or domain under "Foreign Address." Mine for example has "mail.comcast.net:pop3" indicating my mail application has an open connection to my mail server.

In any case, dduardo is right - its probably nothing. The biggest spreader of trojans though is file sharing services like Kazaa.
 
  • #15
I work for Symantec (Norton) and I do there Viurs,Trojan, and Worm removal. As stated earlier, unless you have personally made someone angry a hacker could careless who you are. They just throw them out there and see where they stick. If it said that it blocked it, then you don't have one. You should do a full system scan after updating your viurs defs.

With NIS you can find out where the person lives but it is really pretty worthless information.
 
  • #16
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)
Remote Address: 68.36.14.157:4198

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.
 
  • #18
Originally posted by enigma
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)
Remote Address: 68.36.14.157:4198

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.


This does not mean you have the subSeven Trojan. All it means is that IT tried to get on to your computer and the firewall blocked it. As long as your viurs defs are upto date and you do a FULL SYSTEM scan and it comes up clean then you are fine!
 
  • #19
You know, enigma, it's odd... I'm also running Norton Internet Security, and I get that exact same Backdoor/Subseven Trojan Horse message quite often (at least a couple of times every day, or so it seems). I've never detected any viruses after running scans of my HD tho... It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it. In fact, the computer I used at college actually did get infected with a trojan. Didn't have Norton on that one..
 
  • #20
Originally posted by hypnagogue
It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it.

Yeah, no kidding. Never again, I tells ya!

I got yet another one just about 20 minutes ago. I don't know if it's comforting or worrying that it came from a different IP address.

Thank you all for your help with this. Put my ignorant mind at ease.
 
  • #21
Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.
 
Last edited:
  • #22
Originally posted by The_Professional
Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.
That depends on the level of security you set. At the highest level, it asks your permission before allowing ANY app to use the internet.
 
  • #23
When I do the netstat command prompt I get a reply that shows my computer connected to a 1028 computer. I have nothing on but the desktop screen. The cable modem is on and the activity light is on most of the time.
About a month age I noticed that the activity light on the modem is on most of the time and the computer is taking longer turning on and off.
I have Norton anti virus and firewall.
i also have various bug removal programs ( spyremover , pestpatrol, ad aware )
all I ever get is spyware cookies and they get deleted.
 
  • #24
yes.i get the subseven trojan horse trying to hit on my pc frequently. Could it be someone trying to hack my pc?
 

1. What is a Trojan Horse?

A Trojan Horse is a type of malicious software that disguises itself as a legitimate program or file in order to gain access to a computer system, often with the intention of damaging or stealing sensitive information.

2. How can I tell if my computer has a Trojan Horse?

There are a few signs that may indicate the presence of a Trojan Horse on your computer, such as unexpected pop-up ads, slow computer performance, and changes to your system settings. You may also receive notifications from your antivirus software about a potential threat.

3. What should I do if I suspect a Trojan Horse on my computer?

If you believe your computer has been infected with a Trojan Horse, the first step is to run a full system scan with your antivirus software. This will help identify and remove any malicious files. It is also important to update your software and operating system regularly to prevent future attacks.

4. Can I remove a Trojan Horse on my own?

In some cases, you may be able to remove a Trojan Horse on your own by using antivirus software. However, if the infection is severe or has caused significant damage to your system, it may be best to seek the assistance of a professional computer technician.

5. How can I prevent Trojan Horses from infecting my computer?

To prevent Trojan Horses from infecting your computer, it is important to practice safe internet habits such as avoiding suspicious websites and not clicking on links or attachments from unknown sources. It is also recommended to regularly back up your important files and keep your antivirus software up to date.

Suggested for: Dealing With Trojan Horses on My Home Computer

Back
Top