Used TCP Connect to connect to 4.65.18.119:27374, and got the reply " envy 1.2 antisub7". Is this a trojan?

Thanks, Jade.

BTW, got this address from an alert from my " Block All IN " rule in Kerio, and thought that the port used was suspect. So I decided to check it out

Hi Jade, IP: 4.65.18.119resolves:
http://www.markmonitor.com Looking at the site, it could be something to do with market tracking cookies etc, Possibly from a site you have recently visited (not the above) and the tracker was trying to re-establish contact with your browser. This can sometimes happen if you break a contact & the server still thinks you should be there.

I guess that that is some security "Anti-sub7"
Sorry, I deleted my link about Anti-sub7 as I am not sure about the site.

If you have scanned your PC with all options & TDS has found nothing I would not worry about it, especially sub7, as TDS has that Trojan well covered!

Think it has to do with the port used, 27374 is a trojan port among others default for sub7 , so maybe they got some extra protection to that port.

There is an anti-subseven server which can be used as an emulator. But i don't know who built it. What i read about it, it seems an emulator with some extra functionallity.
You do have TDS which ypu can have acting like a server and thus preventing real accidents, with the sockets listening on trojan ports, with the TCP connect and port listen, etc.
In your scripts folder you find Screx, which should be unzipped to it's own folder Screx to function, and read all readme txt files first. This is a very nice emulator too for different nasties.

Pilli & Jooske. Thanks for the info.

Regards, Jade.