Is This A Trojan?

Discussion in 'Windows Desktop Systems' started by Kuade, Apr 25, 2002.

  1. Kuade

    Kuade Guest

    Norton Internet Security was annoying the heck out of me so I got Zone Alarm. Its picked up an endless number of the following -

    The firewall has blocked Internet access to irc.dalnet.com (209.116.7.23) (TCP Port 6667) from your computer [TCP Flags: S].

    Time: 25/04/2002 9:15:28 PM

    The firewall has blocked Internet access to your computer (Telnet) from 209.171.61.138 (TCP Port 45786) [TCP Flags: S].

    Time: 25/04/2002 8:51:04 PM

    c:\nslookup 209.171.61.138

    Server: dns1.tpgi.com.au
    Address: 203.12.160.35

    Name: proxy2.monitor.dal.net
    Address: 209.171.61.138
     
  2. Kuade

    Kuade Guest

    I might also add that Norton Internet Security never picked this up.

    I also noticed when I loaded Zone Alarm and connected to the internet that a warning came up saying "Do you want to allow to do blah blah blah" There wasnt a specific file or program indicated after the word allow. Could this be a hidden program (Trojan) or is this my windows XP internet sharing?
     
  3. Static 99

    Static 99 Guest

    Do you use mIRC?

    I'm not a security expert, but i think mIRC uses TCP Port 6667 to connect to the server
    - (m)irc.dalnet.com -.
    So, it's probably just annoying.


    And for the other one(s), i guess that's "normal".

    This is what i get after a few hour's surfing :( (just a tiny bit of the full log file)

    FWIN,2002/04/05,10:42:20 +2:00 GMT,210.135.92.189:1749,24.132.90.xxx:21,TCP (flags:S)
    FWIN,2002/04/05,10:47:02 +2:00 GMT,24.214.174.253:1102,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,11:18:17 +2:00 GMT,24.83.196.209:4046,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,11:49:31 +2:00 GMT,168.243.3.6:21,24.132.90.xxx:21,TCP (flags:S)
    FWIN,2002/04/05,12:27:45 +2:00 GMT,24.220.64.134:3997,24.132.90.xxx:27374,TCP (flags:S)
    FWIN,2002/04/05,13:35:41 +2:00 GMT,24.242.112.150:1497,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,13:45:53 +2:00 GMT,24.206.81.149:3592,24.132.90.xxx:1080,TCP (flags:S)
    FWIN,2002/04/05,14:20:20 +2:00 GMT,24.234.170.222:3438,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,15:18:10 +2:00 GMT,24.200.162.117:2486,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,15:34:24 +2:00 GMT,24.57.44.81:2150,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,16:26:57 +2:00 GMT,24.156.22.17:4453,24.132.90.xxx:27374,TCP (flags:S)
    FWIN,2002/04/05,16:30:52 +2:00 GMT,24.202.122.26:1654,24.132.90.xxx:80,TCP (flags:S)
    FWIN,2002/04/05,16:39:06 +2:00 GMT,68.0.81.110:4844,24.132.90.xxx:27374,TCP (flags:S)
    FWIN,2002/04/05,16:55:17 +2:00 GMT,62.150.48.250:56308,24.132.90.xxx:515,TCP (flags:S)
    FWIN,2002/04/05,17:14:23 +2:00 GMT,62.194.201.14:2546,24.132.90.xxx:27374,TCP (flags:S)

    But, like i said: i'm not a security expert, i could be wrong!
     
  4. Twink

    Twink Guest

    if you're not running any iRC program then chances are yes, you have a trojan/zombie. Some trojans connect to IRC to inform people when you are online so they can have there fun. Others can be used in DDoS Attacks, where your computer is used as a base to launch a hack attack against someone else (usually involves alot of computers)
     
  5. Kuade

    Kuade Guest

    What has brought my concern to light is the fact that my isp emailed me, threatening to disconnect me if I continued trying to port scan a server at the University of California. I was sent a log file as well. The thing is, I wouldnt have a clue where to start with that. My guess is someone got into my machine through an open port and did it.

    My problem is I had Norton Internet Security running at the time. I also downloaded and installed Swat It, a trojan scanner, but it didnt find anything.

    Ive attached one of the warnings that Zone Alarm Picked up.

    I have to accept some of them for my IE to work. So Im not sure where the problem is or if what Ive found is a trojan. Whatever " " is its not running as a process.
     
  6. Static 99

    Static 99 Guest

    Sadly, i can't help you on how to get rid of it, but you could try the (free) online Trojan Scan at: http://scan.sygatetech.com/

    Good luck!
     
  7. dijital

    dijital Guest

    when all else fails, reformat