Hi guys, (girls) i wonder if any one can help. I often get an alert using Nortons firewall for the Backdoor/SubSeven Trojan. I am assuming this file is on my computer even though nortons says its inbound. I have downloaded and updated the cleaner and when i scan for trojans it finds nothing.
Is there a file I have downloaded that is infected? What are your thoughts? Thanks, Rob


IP numbers have been edited.
Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (172.175.182.24,). Details:
Inbound TCP connection
Local address,service is (172.175.182.24,)
Remote address,service is (172.184.66.233,)
Process name is "N/A"

Hi (again),

Relax: you're not infected.

This from Symantec:

Symantec desktop Internet security or firewall product reports that it blocked a Trojan from accessing your computer.

Situation:
Your Symantec desktop Internet security or firewall product alerts you that it blocked a Trojan from accessing your computer. You are worried that you have a Trojan running on your computer.

Solution:
Your Symantec desktop Internet security or firewall product did not detect a Trojan running on your computer. You need an antivirus program, such as Norton AntiVirus (NAV), to detect a Trojan on your computer. Norton Internet Security includes a copy of NAV on the CD. Norton Personal Firewall and Symantec Desktop Firewall do not include NAV.

Your Symantec desktop Internet security or firewall product displays alerts whenever there is an access to a port that is known to be a Trojan port. The attempted access may be a valid attempt to find and connect to a Trojan, but it may also be a random access of no particular threat. Both possiblities are equally valid.

The security alert and the event log entry will show you the IP address of the sender. You can use the following Web site to determine who the registered owner of that IP address is: www.checkdomain.com. Keep in mind that IP addresses are frequently "spoofed" and that the owner of the address may be totally innocent and unaware that their address has been "borrowed" by another.

What is a Trojan horse?
Trojan Horses are impostors--files that claim to be something desirable but are in fact malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code that, when triggered, causes loss or theft of data. In order for a Trojan Horse to spread, you must invite the program into your computer and open it. An example would be opening an infected email attachment.

Good luck, Tony

ZoneAlarm does the same thing..

What I like about ZoneAlarm is if you have it alert you on each event it pops up a window with same type of warning.

Since I have found out it works very well I just turned off the alert me to every event.

If you have a option to turn it off but still block the stuff... it makes it nicer to surf...

Thanks
Mac!!!

This Is just my opinion
So if it stinks wait for another one
Cause I'm no expert

This is very common. It’s the result of someone running a Network Scanner - probably the Sub Seven built-in scanner – trying to find people with the Trojan horse installed on their computer.
Network Scanners scan given IP ranges, checking each computer to see what ports are open. They do this by sending an echo request to each one of those computers, the ones that are online and don’t have a firewall installed will then send back what’s called an “acknowledgement packets” to let the sending computer know that his echo has been received and weather the port is open or not.

As you can see, sending those “acknowledgement packets” is asking for trouble!! That’s were firewalls come-in, they intercept echo requests before any other program on your computer and simply ignore them, in other words they don’t reply and so the hacker wouldn’t know anything about your computer, not even weather it exist or not.
Simple, if he can’t see it, he can’t hack it!

When Nortons firewall intercept those echo requests it alerts you. It also alerts you when it intercepts any unsolicited connection requests.
For further info go to:

http://grc.com/su-firewalls.htm

Go to Gibson Research Corporation’s web page, there you can scan your computer and see what information is your computer giving away to hackers and what ports are open on your machine.

https://grc.com/x/ne.dll?bh0bkyd2

If you are responsible for a computer network, weather at home or work, I strongly recommend that you download LANguard Network & Port Scanner from:

http://www.gfi.com/languard/lanscan.htm

It’s a freeware security & port scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more

Please don’t misuse it!


Yours

Jama

Thanks everyone for the information, sorry it took so long i have been away for the last several days, Rob