Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Does this Trojan really exist..?

Status
Not open for further replies.
AntonioAnsell

AntonioAnsell

Technical User
Mar 7, 2004
70
0
0
GB
Hey...

Accoring to my newly expired subscriptions to Norton Internet Security 2006, it's 'alarms' on both my desktop PC and laptop flash saying I have the Torjan.Peacomm infection - but I am puzzzed.

Thing is I have updated my virus scanner (as much as Norton will allow now it has expired) and run Norton Anti-Virus, and again in Safe Mode - it's shown no infections. I've run online virus checkers with around 4 separate virus checkers - no infections. I've checked on line how to remove the Trojan manually, but the folder and files in my registry that are meant to exist don't. I've even run a search on the whole PC and laptop for them and nothing!

Is this Norton's way to kid me into thinking I have the infection - as the symptoms and what Peacomm does hasn't happened to me.

Thank you in advvance for your help...
philip

 
Sort by date Sort by votes
Could be a false positive, but maube it works having a look at this

“It is now capable of hiding several files and registry keys by hooking several kernel functions and patching the tcpip.sys system driver to hide its ports from commands, such as netstat -o or netstat -b. However, due to some mistakes in the rootkit code, running netstat -an lets you see ports 7871 or 4000 open and waiting for connections. It is also important to note that a personal firewall will also notify you of the process services.exe trying to make connections on these ports. Furthermore, the rootkit service can be stopped by running a simple command: net stop wincom32. All files, registry keys, and ports will appear again.”
Symantec
Click to expand...

More info here:
Cheers,
Dian
 
Upvote 0 Downvote
This came up on my internet connection desktop as an 'Outbreak Alert' the other night ([red]You are not protected against the rapidly spreading threat[/red])(and my subscription for Norton 2005 still has a long way to go).
When I tried to update, it wouldn't work and came up with an error. Symantec solution to this error was to uninstall and re-install Norton 2005, and update. As my personal desktop (running N2006) didn't display the same error, I decided to leave it for the night (as I was shutting it down anyway).
The next day, after boot up, having left it for ½ Hour, I checked the status of the Threat, and I was now proetected. So obviously, the Symantec Server was down or unavailable, and nothing wrong with my installation. My personal desktop and laptop also both show proetected as well.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
331
pmonett
pmonett
bfordz
  • Locked
  • Question
You don't have permission to save to this location. 3
Replies
10
Views
70
bfordz
bfordz
goombawaho
  • Locked
  • Question
Windows 10 support on this computer
Replies
6
Views
47
goombawaho
goombawaho
Ken01
  • Locked
  • Question
This relates to a Windows ME issue
Replies
1
Views
23
rclarke250
rclarke250
rj771972
  • Locked
  • Question
does moving files change sime BuiltinDocumentProperties?
Replies
3
Views
42
macropod
macropod

Part and Inventory Search

Sponsor

Back
Top