norton AV is detecting a trojan attempt in alerts log for auto worm protection

i have norton 2005 and in my alerts log i have a couple logged attempts and an ip.what is it that this means ?keeps saying (Rule "Default Block DeepThroat Trojan horse" blocked (81.83.33.31,6670).
Inbound TCP connection.)help pls!!!!!!!!

 

It sounds to me like your firewall is blocking an incoming connection to a port that is known to be open when you have a trojan. This is normal and what appears to be happening is that someone on the internet is trying to do a random scan of IP addresses to check and see if anyone has this port open on their computer. Since your firewall blocked this attempt, you are in no danger. This type of traffic is actually quite common - there are plenty of hackers running port scans to check computers for open ports. I wouldn't worry about it.

 

An inbound TCP connection from IP address 81.83.33.31 on Port 6670 was attempted. DeepThroat Trojan horse is a backdoor. The good news is it was blocked.

Just to be safe Follow this tutorial DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal.

Then post back the results in this Spyware Specific. Only if your system is infected.

The guys over there are really good with that sort of problem.

 

Might be a false alarm since you are using Norton's, http://eqlive.station.sony.com/support/tech_support/ts_network_support_security.jsp

Steve

 

I'm not all that familiar with Norton Firewall... but the post mentions an inbound attempt - not an outbound attempt. Does anyone else think this is probably some random port scan?

 

Most of the firewalls I have dealt with by default don't warn of random scans, otherwise you constantly get Alerts. Unless he lowered the Alert threshold, that was a definite attempt to contact his system.

 

I guess I'm more familiar with zone alarm pro which logs all inbound and outbound traffic. I get hundreds of hits per day, a half dozen of so of "high" importance where someone randomly scanned a known trojan port. I turn off all of the alerts so I don't have to see a message flash every 10 seconds.

 

I think it has to do with how your firewall deals with streaming protocols.

Steve

 

I used ZoneAlarm for several years, before that I used Black Ice. Flirted with Norton and McAfee firewalls didn't like them. ZoneAlarm logs all inbound activity makes for exhaustive reading at times. I use Kerio Personal Firewall now, the log tells me exactly the type of attack , the source of the attack and the action taken.