Default Block Bla Trojan?

Discussion in 'malware problems & news' started by ncsteve, Sep 30, 2005.

Thread Status:
Not open for further replies.
  1. ncsteve

    ncsteve Registered Member

    Sep 30, 2005
    Hi, I'm new to the forum. I get repeated warnings from Norton Internet Security that the program has blocked a Default Block Bla Trojan always from the same address.
    Rule "Default Block Bla Trojan horse" blocked (,1042).
    Inbound UDP packet.
    Local address,service is (localhost,1042).
    Remote address,service is (,1042).
    Process name is "N/A".
    I've tried Norton's AV, A-squared (free ed), Bit-Defenders (free ed),spybot, ad-aware, The Cleaner, Unhack me, Blacklite Beta, and Ewido. None of these programs can find a trojan. Am I missing something? Does the warning from Norton not indicate there there's a trojan on my computer? If so any advice for how to find the thing?
    Thanks for any help you can offer.
  2. TopperID

    TopperID Registered Member

    Oct 1, 2004
    That's probably because you don't have a trojan to find!
    Almost certainly - did these Norton messages state that no other action was required on your behalf? (you may need to click for more info to find this out).
    It looks like a FW warning of traffic probing your system from the outside, rather than a trojan already on your computer trying to send info out.
    You can't find what is not there to be found, but you can switch off your FW informational alerts so you no longer receive these unnecessary warnings.

    You must distinguish between FW warnings of blocked events and AV warnings of actual infection. FWs are supposed to block things - that is their job! If you had a trojan on your system trying to 'phone home', you would be asked if you wanted to block it - but that would be outgoing traffic rather than incoming (i.e. it would be a program alert rather than an informational alert).

    I think part of the problem here is you are using a 'suite' to cover both FW and AV functions and you are confusing the two. I much prefer to have a seperate AV and FW; that way I know where I stand.
    Last edited: Oct 1, 2005
  3. FanJ

    FanJ Guest

  4. botch

    botch Guest

    I got this message too. It came from running a VPN that uses port 1042. Just create a rule in the Norton Spyware to allow this name - "Default Block Bla Trojan horse" inbound. It worked for me. The VPN now runs fine.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.