Hi,

My Norton Personal Firewall is intercepting this several times a day:

"Norton Firewall - Attempt to connect to local computer using Sokets de Trois v1. Trojan horse has been blocked."

How can I permanently keep this trojan horse from trying to access my computer? It is very annoying to have to respond every 2 hours or so ?

But I'm happy that Norton is doing its job and blocking it.

Thanks, John

Hi John,
          Here's what I've come up with so far, although I'm not sure how much help it will be.  From what I have read about the "sockets de trois v1. trojan horse", it uses ports 5000 and 5001.  My thinking was first to just close that port, but I guess it's not good after what I researched about it.  Windows XP also uses port 5000 for plug and play devices.  So, if you then close port 5000 you can't use plug and play.  I'm not sure what OS you are running so I'm guessing it's XP.  I am glad though, like you said, that my firewall is doing its job to block the trojan.

Buzz123

Hi,

I have the same problem.
Im running windows 98 and i keep getting 'sokets de trois v1' trojan being bloacked by norton. This is happening every 10 seconds. Im glad Norton has blocked it but it keeps happening every few seconds.

Any ideas..?

Thank you.

Hi buzz123 and rkhuttan,

I have Windows 2000.Have not found a solution yet. Maybe Buzz123 has the right idea - to disable plug and play capability. But if I did that, I would forget 6 months from now when I try to install a new device and the OS didn't recognize it.....

John

ok so i closed the 5000 port, but the trojan is still going off at every 3 minutes? @_@ any other way to stop this? ^^;

I would also like info on how to stop it. When I travel (a lot) and have to use dial up from hotels, I cannot do much any more because I am getting 90+ attacks an hour. NT5 SP4

I found this webpage on Google and I had it translated.
http://216.239.37.104/translate_c?hl=en&sl=fr&u=http://membres.lycos.fr/jord/socket.htm&prev=/search%3Fq%3Dsocket%2Bde%2Btrois%2Bv1%2Btrojan%26hl%3Den%26lr%3D%26ie%3DUTF-8

I downloaded the program 'the cleaner' and I did a scan on my computer. Im not getting trojan attacks, Im not sure how this worked cos it did not find anything but im not getting any attacks(so far).
Hope this helps.

I'm happy that it worked on your Win 98 system rkhuttan.

I may use it myself - I'm very cautious though. John

I have had numerous hits, every minute or so. This started while I was updating my norton firewall security definitions. None of the hits were on ports 5000 or 5001. mine were on 3956,1285,2900,3248,....4108, etc with never the same port. all my hits were yesterday and none so far today.

I used the program 'The cleaner' but it did not really work, im getting hits every few seconds/minutes.

Its getting kinda annoying, does anybody know how I can trace where the trojan is actually coming from..?

It's coming from aol users and other users on gaming networks etc. that have the trojan and are too careless to clean their own system.   I believe it also is being allowed through on some phony mstask.exe routines.
The problem is just other internet users and the fact that with a huge increase in the past 4 years of people using the internet on a broadband and even dial-up base.  Most of these newcomers are very unfamiliar with internet security and most also buy their equipment from vendors such as wal-mart etc. implying that they aren't even setting up their security measures.  It's good to know that companies such as mcaffee and etc are available on a broader basis, but most real security programs cost a good deal of money that the casual user is unwilling to spend. Until everyone is secure these trojans and worms will continue to plague your firewall blockers.

hmmm.... interestingly, 2 weeks ago I switched from a dial-up acount to a fulltime DSL broadband account, but with the same ISP as the dialup was. Haven't had any Sokets de Trois attacks lately.

I'll bet they come back though.

John

This link from Symantec will take you directly to the page for tracing an attacker.

http://security.symantec.com/SSC/jsdetect.asp?langid=ie&venid=symnis&plfid=23&from=/ssc/vr_main.asp&pkj=SCPXOLROCYAREWTXLGI