Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sokets de Trois Trojan horse 1

Status
Not open for further replies.
JohnBates

JohnBates

MIS
Feb 27, 2000
1,995
0
0
US
Hi,

My Norton Personal Firewall is intercepting this several times a day:

"Norton Firewall - Attempt to connect to local computer using Sokets de Trois v1. Trojan horse has been blocked."

How can I permanently keep this trojan horse from trying to access my computer? It is very annoying to have to respond every 2 hours or so ?

But I'm happy that Norton is doing its job and blocking it.

Thanks, John
 
Sort by date Sort by votes
Hi John,
Here's what I've come up with so far, although I'm not sure how much help it will be. From what I have read about the "sockets de trois v1. trojan horse", it uses ports 5000 and 5001. My thinking was first to just close that port, but I guess it's not good after what I researched about it. Windows XP also uses port 5000 for plug and play devices. So, if you then close port 5000 you can't use plug and play. I'm not sure what OS you are running so I'm guessing it's XP. I am glad though, like you said, that my firewall is doing its job to block the trojan.

Buzz123
 
Upvote 0 Downvote
Hi,

I have the same problem.
Im running windows 98 and i keep getting 'sokets de trois v1' trojan being bloacked by norton. This is happening every 10 seconds. Im glad Norton has blocked it but it keeps happening every few seconds.

Any ideas..?

Thank you.
 
Upvote 0 Downvote
Hi buzz123 and rkhuttan,

I have Windows 2000.Have not found a solution yet. Maybe Buzz123 has the right idea - to disable plug and play capability. But if I did that, I would forget 6 months from now when I try to install a new device and the OS didn't recognize it.....

John
 
Upvote 0 Downvote

ok so i closed the 5000 port, but the trojan is still going off at every 3 minutes? @_@ any other way to stop this? ^^;
 
Upvote 0 Downvote

I would also like info on how to stop it. When I travel (a lot) and have to use dial up from hotels, I cannot do much any more because I am getting 90+ attacks an hour. NT5 SP4
 
Upvote 0 Downvote
I found this webpage on Google and I had it translated.

I downloaded the program 'the cleaner' and I did a scan on my computer. Im not getting trojan attacks, Im not sure how this worked cos it did not find anything but im not getting any attacks(so far).
Hope this helps.
 
Upvote 0 Downvote
I'm happy that it worked on your Win 98 system rkhuttan.

I may use it myself - I'm very cautious though. John
 
Upvote 0 Downvote
I have had numerous hits, every minute or so. This started while I was updating my norton firewall security definitions. None of the hits were on ports 5000 or 5001. mine were on 3956,1285,2900,3248,....4108, etc with never the same port. all my hits were yesterday and none so far today.
 
Upvote 0 Downvote
I used the program 'The cleaner' but it did not really work, im getting hits every few seconds/minutes.

Its getting kinda annoying, does anybody know how I can trace where the trojan is actually coming from..?
 
Upvote 0 Downvote
It's coming from aol users and other users on gaming networks etc. that have the trojan and are too careless to clean their own system. I believe it also is being allowed through on some phony mstask.exe routines.
The problem is just other internet users and the fact that with a huge increase in the past 4 years of people using the internet on a broadband and even dial-up base. Most of these newcomers are very unfamiliar with internet security and most also buy their equipment from vendors such as wal-mart etc. implying that they aren't even setting up their security measures. It's good to know that companies such as mcaffee and etc are available on a broader basis, but most real security programs cost a good deal of money that the casual user is unwilling to spend. Until everyone is secure these trojans and worms will continue to plague your firewall blockers.
 
Upvote 0 Downvote
hmmm.... interestingly, 2 weeks ago I switched from a dial-up acount to a fulltime DSL broadband account, but with the same ISP as the dialup was. Haven't had any Sokets de Trois attacks lately.

I'll bet they come back though.

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TierOneTech
  • Locked
  • Question
TZ105 - can I define a second WAN interface for failover?
Replies
1
Views
41
jcarmichael1203
jcarmichael1203
rod602
  • Locked
  • Question
Cisco ASA 5512 on demand apple ios setup
Replies
0
Views
35
rod602
rod602
galvanize
  • Locked
  • Question
FTP Deployment (DMZ)
Replies
1
Views
35
galvanize
galvanize
voxvar
  • Locked
  • Question
TZ100 Deleting Previous Port forwardings
Replies
0
Views
21
voxvar
voxvar
snootalope
  • Locked
  • Question
Help with connection details..
Replies
1
Views
12
snootalope
snootalope

Part and Inventory Search

Sponsor

Back
Top