Trojan? Trojan?!?!? Help save my euros.

While connecting to my internet bank service, I got the message from Norton Internet Security Firewall "Default Block Back Orifice 2000 Trojan". And in the Firewall log I found "intrusion attempt detected from address 24.29.65.143 by Rule "Default Block Back Orifice 2000 Trojan Horse".

This, I understand, is good. Then I searched my system with Norton AV 2002 and found nothing. The virus definitions are up to date. Then I downloaded Anti-Trojan 5.5something from here on majorgeeks. Did a search with that... Came up with 7 open ports, one open trojan port. Nr. 5000, Sockets de Troie Blazer 5, was what it found... No trojan files on the computer according to Anti-Trojan. I closed that port with Anti-Trojan. Ran the program again and it found the port again.

Now was this that sort of outside attack, like a port-scan, that you get every time you're on mIRC, or is there a trojan file on my computer? If there is one, how do I find it and how do I get rid of it?

Should I start freaking out and ripping network cables from the walls and never turn on my computer again? Or is this a false alarm. Norton Firewall said it was "High Risk" with scary red colours.

Oh. And I'm running Windows XP Professional, if that makes a difference...

Please help me ease my mind about what little money I have on my account. This forum is great. I always mess things up and always get help from you guys... Maybe, in the distant future, I'll have something to say about other people's problems.

 

does this happen every time you open your bank site?

the log says "intrusion attempt" on port 5000 .. your banks site should be using 443. hmmm...

 

sounds to me like it as a port scan. If the anti trojan found no files and neither did norton then I'd say you don't have it installed. THe firewall could just see any attempt on that port as a back orifice attempt.

 

Trojan

This is the information I could locate on Mcaffee's website regarding the trojan in question. This is a very low risk trojan, you could be infected but considering its been around for a long time any modern anti-virus software would be capable of finding the offender. What most likely happened as others have said is nothing more than a port-scan. If you look at my logs from the days when I didn't have a NAT firewall I had probably about 500-1000 port scans a day all of which would have failed totaly due to my firewall software and lack of trojans present on my machine.

[Edit I had the old back orifice description instead of back orifice 2000 but the general nature of both and the risk involved is much the same, I've included this link to Mcafee's website to provide you with any information you may want: Back Orifice 2000]

Anyhow hope this helps,

Njal

 

Well thanks... Good thing it was nothing...

Got scared there for a moment.

 

i dont know if this is related to your case but i'm running win me and had the same port 5000 open. if i'm not mistaken its open because of some thing that got to do wiht the universal plug n play service (or something like that... not sure exactly what's its called). disabling that in my system ultimately removed that port from being open.

i might be wrong anyway since that you are running winxp

 

hEre is a program to disable UpnP:

http://grc.com/UnPnP/UnPnP.htm

It will disable it if thats what it is