# Trojan Horses

#### enigma

Staff Emeritus
Gold Member
"Trojan Horses"

I recently bought a new computer which came with firewall software pre-installed (first time I've ever had one).

About two or three times in the last two weeks, I've received warnings saying that Trojan Horses were blocked. The help file is not very helpful in describing what is really going on here.

Is someone somewhere actually trying to hack into my computer, or is the software catching something more benign and sensationalizing? I'm thinking it's probably more of the latter, since (to my knowledge) I've never had anything dangerous to my computer sent to me before I had the firewall, and I've never even gotten a virus except onto floppys which were cought from school lab computers (caught when I tried loading them on my home computer).

Anyone have any insight what's probably going on here?

Thanks!

vv techno weenie vv

Related Computing and Technology News on Phys.org

#### dduardo

Staff Emeritus
If the firewall is specifically stating that it is blocking a trojan horse then download an anti-virus to make sure you don't have one. Other than that, I would just ingore the firewall.

#### Njorl

Most firewalls will only report an "unauthorized access request" or something like that unless it is a known trojan horse. If it is actually using the phrase "trojan horse", you probably have one.

Njorl

#### Monique

Staff Emeritus
Gold Member
Which software is that? If it is some shady bussiness they might be trying to hook you up on a subscription, by letting you think you are at danger :)

#### enigma

Staff Emeritus
Gold Member
The software is Norton anti-virus and Norton Internet Security.

I have the latest definitions with LiveUpdate active for both.

The warnings are stating that they are blocking incoming files, not outgoing requests (IIRC). I'll post the exact wording next time I receive a warning...

#### dduardo

Staff Emeritus
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?

#### russ_watters

Mentor
When you get a chance, close all internet connections, open a command prompt and type "netstat" and post the results.

#### enigma

Staff Emeritus
Gold Member
Oh man... how the hell do you open up a dos prompt in XP?

running netstat from the run... prompt has it close down before I can read what it says.

Originally posted by enigma
Oh man... how the hell do you open up a dos prompt in XP?
Start > All Programs > Accessories > Command Prompt

#### enigma

Staff Emeritus
Gold Member
Splain me Lucy why they hid it there?

Thanks Boulder,

Russ,

Code:
Active Connections

TCP    Hal:1114         localhost:1027       CLOSE_WAIT
Same result whether or not I've got a window open or if I'm disconnected from the internet.

#### Monique

Staff Emeritus
Gold Member
Originally posted by dduardo
Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
Thanks dduardo, I was starting to feel jealous with all the attention she was getting but yeah, I got the idea from her.

Enigma, I have got the same software (also recently bought computer) and I have never gotten a warning about trojen horses.. the only thing that annoys me that it keeps warning me about files on my computer trying to access the internet.

It asks me whether I want to allow them, but it doesn't give any information on which program it actually is. It just says this huppeldepup.exe file (huppeldepup meaning blabla).

Now I recently saw that I can track the IP address to which it is going, so I click that button, but all that shows up is a new window with a grey screen..

ever ran into that?

#### dduardo

Staff Emeritus
I think you guys and gal are being a bit paranoid. Hackers don't care about your computer unless they personally know you or your a big target. I would know, because I had friends who did this type of stuff.

Your more likely to get a virus then a trojan. If you do have a trojan on your computer, i would suspect one of your friends putting it on your system. (I have done this to a couple of my friends for a good laugh. The random opening of the cd tray is classic.) The other possibility is a virus. The only reason a virus would try to connect to the internet is because it is launching a denial of service attack (DOS) against some website. But if your anti-virus isn't detecting it, then you don't have a virus. The likelyhood of you having a just released virus is very slim, unless you are directly downloading from IRC.

I would say, if you have broadband and have your computer hooked up to a router with Network address Translation (NAT), then turn off the software firewall. If you have your computer hooked up to the broadband modem directly, then keep the software firewall, but turn off logging, so it doesn't bug you with stupid messages about applications trying to gain access to the internet. If your on dialup, then you don't need a firewall.

#### Monique

Staff Emeritus
Gold Member
You don't know some of my friends, they would very well be able to play a trick on me like that

You know how BlueMountain works? You send a card to an email address and you mention your own email address and ask for confirmation of receipt. I remember once sending a BlueMountain card in name of a guy to a girl, ofcourse I am good enough to warn the girl that the card was not real, but the guy was very surprised, opening the link in his email that the card was opened by the receiver.. and then seeing the card..

He never quite got back to me so..

#### russ_watters

Mentor
Originally posted by enigma
Russ,

Code:
Active Connections

TCP    Hal:1114         localhost:1027       CLOSE_WAIT
Same result whether or not I've got a window open or if I'm disconnected from the internet.
Netstat is a report of all active network connections. "Hal" would be the name of your computer I presume. "localhost" is a local connection, probably a monitoring thing like your firewall. If you had a trojan, you'd likely have an open connection and it would show the ip address or domain under "Foreign Address." Mine for example has "mail.comcast.net:pop3" indicating my mail application has an open connection to my mail server.

In any case, dduardo is right - its probably nothing. The biggest spreader of trojans though is file sharing services like Kazaa.

#### Sourire

I work for Symantec (Norton) and I do there Viurs,Trojan, and Worm removal. As stated earlier, unless you have personally made someone angry a hacker could careless who you are. They just throw them out there and see where they stick. If it said that it blocked it, then you don't have one. You should do a full system scan after updating your viurs defs.

With NIS you can find out where the person lives but it is really pretty worthless information.

#### enigma

Staff Emeritus
Gold Member
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.

#### dduardo

Staff Emeritus
Last edited by a moderator:

#### Sourire

Originally posted by enigma
Happened again:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

Protocol: TCP (Inbound)

I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.

This does not mean you have the subSeven Trojan. All it means is that IT tried to get on to your computer and the firewall blocked it. As long as your viurs defs are upto date and you do a FULL SYSTEM scan and it comes up clean then you are fine!

#### hypnagogue

Staff Emeritus
Gold Member
You know, enigma, it's odd... I'm also running Norton Internet Security, and I get that exact same Backdoor/Subseven Trojan Horse message quite often (at least a couple of times every day, or so it seems). I've never detected any viruses after running scans of my HD tho... It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it. In fact, the computer I used at college actually did get infected with a trojan. Didn't have Norton on that one..

#### enigma

Staff Emeritus
Gold Member
Originally posted by hypnagogue
It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it.
Yeah, no kidding. Never again, I tells ya!

I got yet another one just about 20 minutes ago. I don't know if it's comforting or worrying that it came from a different IP address.

Thank you all for your help with this. Put my ignorant mind at ease.

#### The_Professional

Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.

Last edited:

#### russ_watters

Mentor
Originally posted by The_Professional
Don't firewalls also report regular internet activity as someone hacking through your computer.

When I use Norton I constantly got annoying hack alerts so I got a free one that silently runs in the background which uses less memory
and another one that uses NAT.
That depends on the level of security you set. At the highest level, it asks your permission before allowing ANY app to use the internet.

#### Tinkerer

When I do the netstat command prompt I get a reply that shows my computer connected to a 1028 computer. I have nothing on but the desktop screen. The cable modem is on and the activity light is on most of the time.
About a month age I noticed that the activity light on the modem is on most of the time and the computer is taking longer turning on and off.
I have Norton anti virus and firewall.
i also have various bug removal programs ( spyremover , pestpatrol, ad aware )
all I ever get is spyware cookies and they get deleted.

#### vincent81

yes.i get the subseven trojan horse trying to hit on my pc frequently. Could it be someone trying to hack my pc?

### Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving