is this a trojan !!!

i just enabled the fax on my win xp pro and installed my scanner but i now nortons keeps blocking a trojan here is what it says below. this has only happened since i enable fax and install scanner

Details: Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,1033)
Process name is "C:\WINDOWS\Explorer.EXE"

is this really a trojan or is this nortons being over sensitive

 

Considering Explorer.exe has nothing to do with Scanning or Faxing, I would take it that it is real. But dont rely on me

 

in plain english that report is saying that The program on Local host <your computer> on port 1024 is trying to connect to something on localhost port 1033

 

considering that this trojan only came about when i enabled my FAX have a look at this fron nortons site

http://service1.symantec.com/SUPPOR...88256c77007e526f?OpenDocument&src=bar_sch_nam

Error: "Rule Default Block Netspy Trojan Horse Matched" when you start the computer

Situation:
When you start the computer, you see a notice from the Alert Tracker that says "Rule Default Block Netspy Trojan Horse Matched" or you see a Security Alert that says the following:

"High Risk, Attempt to connect to local computer using the Netspy Trojan horse blocked.
Program: C:\Windows\Explorer.exe
Protocol: TCP (inbound)
Remote Address: 127.0.0.1 : 1035
Local Address: All local network adapters: 1024"

You computer has Norton Internet Security or Norton Personal Firewall installed.

Solution:
This problem typically occurs on computers that run Windows XP when the program Fax Service is enabled.

The Remote Address of 127.0.0.1 indicates that the attempt to access your computer is being made by a program on your computer, and not by a Trojan Horse program. Blocking this communication prevents the local program from functioning correctly.

To resolve the problem, disable the NIS or NPF rule for the Netspy Trojan Horse.

To disable the Netspy Trojan Horse rule:

Open NIS or NPF.
Click Personal Firewall, and then click Configure.
Click the Advanced Tab.
Click Trojan Horse Rules.
Click the entry "Default Block Netspy Trojan horse."
Uncheck the rule.


--------------------------------------------------------------------------------
Note: Unchecking the "Default Block Netspy Trojan horse" rule does not create a security hole. NIS will alert you when a real Trojan tries to access your computer.
--------------------------------------------------------------------------------


Click OK, and then OK again.




Technical Information:
More information
The local program uses the loopback address (127.0.0.1) for communications with itself or with components of the operating system. 127.0.0.1 is a reserved number that indicates the local computer.

 

i also thought that strange as they scan for this trojan , but they now tell you you to disable it and then they say it will continue to check for this trojan

well we will just wait and see what happens

 

How can norton even get to packets on localhost, it doesn't touch an interface (right?) and it doesn't even get anywhere.. Why the hell do they need to sniff localhost traffic