Back Orifice / Backdoor-g

Discussion in 'malware problems & news' started by SMC1962, Nov 23, 2008.

Thread Status:
Not open for further replies.
  1. SMC1962

    SMC1962 Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1
    I've recently been looking more closely at my network connections logs and noticed some things that looked off to me. I've an XP machine running norton internet security (2008 ). As far as I know all the patches are up to date (liveupdate etc)

    The norton log viewer for network connections shows much recent activity under the local service port heading including backdoor-g-1(1243), coauthor(1529), ingreslock(1524), knetd(2053), netshow(1755), phone(1167), radius(1812) and many others.

    Similarily under the remote service port heading, all of those show up as well as auth(113), back-orifice-2000-1(54321), doom(666), kerberos(88 ), netbios-ssn(139)... and so on.

    I'm pretty sure none of these are deliberately switched on by me.

    Also my firewall acitivities log shows hundreds of "unused port blocking has blocked communications" messages - between 5 and 30 seconds apart.

    Is Norton doing what it's supposed to do, or have I a problem - and if so how do I go about fixing it?

    (apologies if this is the wrong forum to be posting in).

    SMC
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    SMC1962, first, welcome to Wilders!

    I don't use Norton but if all these communications are inbound and are being blocked by Norton, I would not worry. However, if they are all outbounds, whether they are blocked or not, you might have malware inside your PC.

    For a second opinion, try both Malwarebytes' Anti-Malware and SUPERAntiSpyware. Let us know what happened.
     
Loading...
Thread Status:
Not open for further replies.