Discussion in 'ESET Smart Security' started by osip, Apr 8, 2008.
deny or allow ?
well,well...this was a real surprise!
I thought it could be legit...port 1027...
Wow,I have got further information for you.
The ISP of this IP is china-netcom, and the user is in Heilongjiang province which located in northeast of China.
Well,Is that appears after you opened an applications?
Thx for bothering...No, it sems to appear randomly...noticed it earlier, denied it thinking it has to do with win update or time synchro...Also, I´m running BD IS on another FDISR snapshot and there no alerts of this type...With ESS I have seen it several times...If an app is behind this I have to figure it out, in an instant can´t say...( should´ nt I also have an outbound alert from the fw flagging the app if this is the case ?)
Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed. We'll analyse it and let you know if we find something suspicious.
Tnx Marcos ! Done...(forgot the thread url though, but mentioned wilder´s and you...)
U r welcome,mate.
According to your situation, it is wise to denied it.
It looks like a hacker attack or something malicious.
I suspect a hacker attack to scvchost...Will see after sysinspector.log analyze.
Got answer from ESET support with : not able to find anything suspicious in your log...
The ip adress seems malicious but was stopped in interactive mode. I take for granted that it would have been denied automatically in aut.mode...or ?
After the alert and analyze with 0 result and still suspecting something nasty to svchost I installed Trojan remover and made a scan, came up with this:
If this was the reason for the alert I have to underline that ESS fw was the only one which made me aware of this...(I´m also trying BD IS 2008 on another FDISR snapshot, same picture but no alert)
Separate names with a comma.