Possible Back Orifice & Portal of Doom infestations

Discussion in 'malware problems & news' started by 2dox, Oct 16, 2005.

Thread Status:
Not open for further replies.
  1. 2dox

    2dox Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    3
    I have a question that I hope I can get some help with, as it is driving me crazy...

    Recently, my H/w Firewall appliance from Symantec has started reporting the following:

    10/16/2005 17:30:42.52 Blocked - *Back Orifice Attack Source -My FTP Server, Destination 67.176.195.13:31337 UDP

    Also get this one:

    10/16/2005 17:30:42.52 Blocked - *Portal of Doom Attack Source -My FTP Server, Destination 67.176.195.13:31337 UDP

    The Destination is always different each time these come up...

    I have 3 Spyware detection programs running (Counter Spy, Spyware Doctor & Pest Patrol) and Norton AV 10.. I have scanned all the system, checked the registry for common files concerning the 2 issues and have found nothing...

    Thoughts or suggestions??
     
  2. Try dissabling one security software at a time NOT the firewall, untill it stops to see if this is it.
     
  3. 2dox

    2dox Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    3
    I installed new AV (was using ver. 9 before), Spyware Doctor and Pest Patrol after I saw the problem.. Will try disabling Counterspy and see what happens...

    Currently running Trojan Remover to see if it finds anything...
     
Loading...
Thread Status:
Not open for further replies.