Sokets De Trois v1 trojan?

Discussion in 'malware problems & news' started by Mikey751, Aug 10, 2002.

Thread Status:
Not open for further replies.
  1. Mikey751

    Mikey751 Guest

    I installed cute ftp 4.7 on my computer after reformatting and after setting it up to connect to my work webspace, my Norton internet security showed an inbound connection to port 5001 on my computer from port 20 at my work's ip address.

    It mentioned that port was one used by the Sokets De Trois v1 trojan.

    I scanned my computer with the housecall applet but found nothing.

    Any ideas?
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Mikey,

    Cute FTP has been known for inbedded spyware. Run an (updated) Spybot Search & Destroy.

    Other than that, the info you provided (incoming data traffic) does not imply your system being infected in any way - probably a harmless port scan.

    Nevertheless: housecall isn't far from reliable when it comes down to trojan/backdoor detection. Grab a (trial) copy from a good anti-trojan, install, update and run a full system scan, all files included. If something comes up, feel free to post over here.

    regards.

    paul
     
  3. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi PS,

    Apologies for disagreeing: The Cleaner cannot cope with polymorphic trojans/backdoors (yet?..)

    regards.

    paul
     
  5. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Hi Paul! It's okay. I forgot about that bit of info. Well, get TDS-3, also a trial version at

    http://www.diamondcs.com.au/

    It's very efficient! :D
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    PS,

    SdeT is actually quite an oldie - and not polymorphic at all. Merely the principle made me post ;)

    regards.

    paul
     
  7. ljc1174

    ljc1174 Registered Member

    Joined:
    Aug 15, 2002
    Posts:
    276
    Location:
    Cleveland, Ohio USA
    :eek:

    Two questions
    I read this trojan is mainly inactive and was made years ago and is very weak, but it's making a come back! I found it today on my pc. How long it's been here, possibly 3 months. I had to write zero's back in March. But then again, I'm not sure if that would wipe it out or not. None the less. The trojan is still here. I'm not sure what to download off of the wilder site to clean it. Which cleaner via freeware is easiest (not a complete pc techie)?

    And I have one more question. I also downloaded Ad-Aware due to www.downloadalot.com coming up as my homepage and Zone Alarm due to the Sdet trojan. (question) Has anyone purchaced Zone Alarm Pro? Is it worth it to find out who and where the trojan is coming from?
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Any good and updated anti-trojan will be able to cope with this oldie. TDS (plus the manual database update), TrojanHunter, etc are examples of these. Trial versions will help you out.

    Would you mind posting the Adaware question on the spyware software forum, and teh ZA question over on the firewalls forum? Thanks in advance ;)

    regards.

    paul
     
  9. Re:?

    Sokets De Trois v1 trojan is definitely NOT out there in the wild again..and the rumor persisits because some of the silly firewalls and nestat/port proggies have a canned progam installed within them "giving the user an idea of what kind of bad things might be using " different ports.

    Those "ideas" have turned into claims by people that they are infected with this trojan.

    It is not the case...but the rumors go on. Mostly because of the Microsoft OS using that port and people not understanding why or how to control it..


    This link will give you some info........


    http://www.mischel.dhs.org/trojanfaq.jsp
     
Loading...
Thread Status:
Not open for further replies.