Back Orifice / Backdoor-g

Discussion in 'malware problems & news' started by SMC1962, Nov 23, 2008.

Thread Status:
Not open for further replies.
  1. SMC1962

    SMC1962 Registered Member

    Nov 23, 2008
    I've recently been looking more closely at my network connections logs and noticed some things that looked off to me. I've an XP machine running norton internet security (2008 ). As far as I know all the patches are up to date (liveupdate etc)

    The norton log viewer for network connections shows much recent activity under the local service port heading including backdoor-g-1(1243), coauthor(1529), ingreslock(1524), knetd(2053), netshow(1755), phone(1167), radius(1812) and many others.

    Similarily under the remote service port heading, all of those show up as well as auth(113), back-orifice-2000-1(54321), doom(666), kerberos(88 ), netbios-ssn(139)... and so on.

    I'm pretty sure none of these are deliberately switched on by me.

    Also my firewall acitivities log shows hundreds of "unused port blocking has blocked communications" messages - between 5 and 30 seconds apart.

    Is Norton doing what it's supposed to do, or have I a problem - and if so how do I go about fixing it?

    (apologies if this is the wrong forum to be posting in).

  2. JRViejo

    JRViejo Super Moderator

    Jul 9, 2008
    SMC1962, first, welcome to Wilders!

    I don't use Norton but if all these communications are inbound and are being blocked by Norton, I would not worry. However, if they are all outbounds, whether they are blocked or not, you might have malware inside your PC.

    For a second opinion, try both Malwarebytes' Anti-Malware and SUPERAntiSpyware. Let us know what happened.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.