shows my norton anti-virus as possible trojan

Hello-
I am using trial verson of port explorer.(plan on
upgrade when I have cash ).
My problem is this. My Norton Anti-virus 2002
is shown in red as a possible trojan.
Without the full version what can I do to check this
out farther?

 

This is just my personal opinion of course, but I consider that anything from Symantec IS a trojan.

Items showing in red in PE does not mean it is a trojan. It simply means it is running as a hidden process. Now, had you not *known* what it was, PE would be alerting you of the fact something *is* running as a hidden process and you need to investigate. It's all about what is running on your machine, hidden or not, and Port Explorer is an excellent tool towards that end.

HTH
Phil

 

Hello-
Thank you Phil, I understand that PE shows hidden
processes,and that it might not be a trojan.
How would I confirm this?(trojan or not?).

I used my evaluation version of TDS-3 and it showed
no trojan mixtures.

I am a littel confused about TDS-3 however.
When I start up TDS-3 it says my radius
definitions need updated.
I have updated them off the Diamond website.

Thanks for any info.

 

OK, just like in your example, you *know* your Norton av is not a trojan so that identification comes from the personal knowledge of your machine and what is running. Now, if you didn't know what it was, you can right click on the process and select "What is ...." and it will ID the exe and the path to it. Try that on any process shown on your system for an example. If from that information you had no clue what it was, then that would start you on a trail of discovery to find out what it is by any of several means. Using PE you can sniff any traffiic from and to the process. PE gives you the path to the exe so you can find the file to rt-clk and get the properties. You can use PE to close the sockets used while you search the 'net for info on the exe. Again, the trick is to know what should be running on your system and verify with PE. Then if something *new* shows up and you know you have not installed anything, PE will let you know the instant it appears and you start the trail of discovery mentioned above.

Try the right click on a process and see what it shows you. If you find a hidden process you know is not associated with any known software on your system, that should raise the hair on the back of your neck.

Phil

 

Good advice Phil, I have nothing further to add!
-Jason-

 

I'll send you my bill in the morning.

Phil (thanks for the compliment!)

 

That's normal

That's just the auto-updater (navapw32) listening on Port 1025. When there's a new virus definitions update, it will "hear" about it and know to download it.

I'm not sure why it's called a "hidden" thread, since Netstat and ZoneAlarm both can see it.

--BeachComer

 

Hi Beachcomer,

As far as I understand it its because this appication has no visible on screen entity and is therefore 'hidden' from view and this is why Port Explorer is showing the process in red as a 'possible' trojan (as that is a common feature of a trojan).

When I use Messenger and minimise the application window it displays in the Port Explorer list as red, and I know the application is ok so I ignore the instance.

Wink.

 

Wink is correct . Norton's must create a whole new process just to check for an update possibly. Otherwise Port Explorer would know that the socket has a window from Nortons, unless its hidden of course on the systray .
-Jason-