Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Trojan Horses

  1. Oct 14, 2003 #1

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    "Trojan Horses"

    I recently bought a new computer which came with firewall software pre-installed (first time I've ever had one).

    About two or three times in the last two weeks, I've received warnings saying that Trojan Horses were blocked. The help file is not very helpful in describing what is really going on here.

    Is someone somewhere actually trying to hack into my computer, or is the software catching something more benign and sensationalizing? I'm thinking it's probably more of the latter, since (to my knowledge) I've never had anything dangerous to my computer sent to me before I had the firewall, and I've never even gotten a virus except onto floppys which were cought from school lab computers (caught when I tried loading them on my home computer).

    Anyone have any insight what's probably going on here?

    Thanks!

    vv techno weenie vv
     
  2. jcsd
  3. Oct 15, 2003 #2

    dduardo

    User Avatar
    Staff Emeritus

    If the firewall is specifically stating that it is blocking a trojan horse then download an anti-virus to make sure you don't have one. Other than that, I would just ingore the firewall.
     
  4. Oct 15, 2003 #3

    Njorl

    User Avatar
    Science Advisor

    Most firewalls will only report an "unauthorized access request" or something like that unless it is a known trojan horse. If it is actually using the phrase "trojan horse", you probably have one.

    Njorl
     
  5. Oct 15, 2003 #4

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Which software is that? If it is some shady bussiness they might be trying to hook you up on a subscription, by letting you think you are at danger :)
     
  6. Oct 15, 2003 #5

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    The software is Norton anti-virus and Norton Internet Security.

    I have the latest definitions with LiveUpdate active for both.

    The warnings are stating that they are blocking incoming files, not outgoing requests (IIRC). I'll post the exact wording next time I receive a warning...
     
  7. Oct 15, 2003 #6

    dduardo

    User Avatar
    Staff Emeritus

    Sorry to be off topic but... Wow, Monique, nice picture. Following in Gale17 foot steps ic. What are the chances of having two intelligent and attractive women on a physics forum?
     
  8. Oct 15, 2003 #7

    russ_watters

    User Avatar

    Staff: Mentor

    When you get a chance, close all internet connections, open a command prompt and type "netstat" and post the results.
     
  9. Oct 15, 2003 #8

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Oh man... how the hell do you open up a dos prompt in XP?

    running netstat from the run... prompt has it close down before I can read what it says.
     
  10. Oct 15, 2003 #9
    Start > All Programs > Accessories > Command Prompt
     
  11. Oct 16, 2003 #10

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Splain me Lucy why they hid it there?

    Thanks Boulder,

    Russ,

    Code (Text):

    Active Connections

      Proto  Local Address    Foreign Address      State
      TCP    Hal:1114         localhost:1027       CLOSE_WAIT
     
    Same result whether or not I've got a window open or if I'm disconnected from the internet.
     
  12. Oct 16, 2003 #11

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Thanks dduardo, I was starting to feel jealous with all the attention she was getting but yeah, I got the idea from her.


    Enigma, I have got the same software (also recently bought computer) and I have never gotten a warning about trojen horses.. the only thing that annoys me that it keeps warning me about files on my computer trying to access the internet.

    It asks me whether I want to allow them, but it doesn't give any information on which program it actually is. It just says this huppeldepup.exe file (huppeldepup meaning blabla).

    Now I recently saw that I can track the IP address to which it is going, so I click that button, but all that shows up is a new window with a grey screen..

    ever ran into that?
     
  13. Oct 16, 2003 #12

    dduardo

    User Avatar
    Staff Emeritus

    I think you guys and gal are being a bit paranoid. Hackers don't care about your computer unless they personally know you or your a big target. I would know, because I had friends who did this type of stuff.

    Your more likely to get a virus then a trojan. If you do have a trojan on your computer, i would suspect one of your friends putting it on your system. (I have done this to a couple of my friends for a good laugh. The random opening of the cd tray is classic.) The other possibility is a virus. The only reason a virus would try to connect to the internet is because it is launching a denial of service attack (DOS) against some website. But if your anti-virus isn't detecting it, then you don't have a virus. The likelyhood of you having a just released virus is very slim, unless you are directly downloading from IRC.

    I would say, if you have broadband and have your computer hooked up to a router with Network address Translation (NAT), then turn off the software firewall. If you have your computer hooked up to the broadband modem directly, then keep the software firewall, but turn off logging, so it doesn't bug you with stupid messages about applications trying to gain access to the internet. If your on dialup, then you don't need a firewall.
     
  14. Oct 16, 2003 #13

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    You don't know some of my friends, they would very well be able to play a trick on me like that

    You know how BlueMountain works? You send a card to an email address and you mention your own email address and ask for confirmation of receipt. I remember once sending a BlueMountain card in name of a guy to a girl, ofcourse I am good enough to warn the girl that the card was not real, but the guy was very surprised, opening the link in his email that the card was opened by the receiver.. and then seeing the card..



    He never quite got back to me so..
     
  15. Oct 17, 2003 #14

    russ_watters

    User Avatar

    Staff: Mentor

    Netstat is a report of all active network connections. "Hal" would be the name of your computer I presume. "localhost" is a local connection, probably a monitoring thing like your firewall. If you had a trojan, you'd likely have an open connection and it would show the ip address or domain under "Foreign Address." Mine for example has "mail.comcast.net:pop3" indicating my mail application has an open connection to my mail server.

    In any case, dduardo is right - its probably nothing. The biggest spreader of trojans though is file sharing services like Kazaa.
     
  16. Oct 17, 2003 #15
    I work for Symantec (Norton) and I do there Viurs,Trojan, and Worm removal. As stated earlier, unless you have personally made someone angry a hacker could careless who you are. They just throw them out there and see where they stick. If it said that it blocked it, then you don't have one. You should do a full system scan after updating your viurs defs.

    With NIS you can find out where the person lives but it is really pretty worthless information.
     
  17. Oct 18, 2003 #16

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Happened again:

    Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.

    Protocol: TCP (Inbound)
    Remote Address: 68.36.14.157:4198

    I manually updated my virus definitions and ran a virusscan two days ago. I do hope nothing was on my computer straight out of the box.
     
  18. Oct 19, 2003 #17

    dduardo

    User Avatar
    Staff Emeritus

  19. Oct 19, 2003 #18

    This does not mean you have the subSeven Trojan. All it means is that IT tried to get on to your computer and the firewall blocked it. As long as your viurs defs are upto date and you do a FULL SYSTEM scan and it comes up clean then you are fine!
     
  20. Oct 19, 2003 #19

    hypnagogue

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    You know, enigma, it's odd... I'm also running Norton Internet Security, and I get that exact same Backdoor/Subseven Trojan Horse message quite often (at least a couple of times every day, or so it seems). I've never detected any viruses after running scans of my HD tho... It kind of makes me wonder how many times my computers in the past have been attacked without me knowing it. In fact, the computer I used at college actually did get infected with a trojan. Didn't have Norton on that one..
     
  21. Oct 20, 2003 #20

    enigma

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Yeah, no kidding. Never again, I tells ya!

    I got yet another one just about 20 minutes ago. I don't know if it's comforting or worrying that it came from a different IP address.

    Thank you all for your help with this. Put my ignorant mind at ease.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Trojan Horses
  1. Reviving an old horse (Replies: 24)

  2. Trojan removal help (Replies: 8)

Loading...