Possible Back Orifice & Portal of Doom infestations

Discussion in 'malware problems & news' started by 2dox, Oct 16, 2005.

Thread Status:
Not open for further replies.
  1. 2dox

    2dox Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    3
    I have a question that I hope I can get some help with, as it is driving me crazy...

    Recently, my H/w Firewall appliance from Symantec has started reporting the following:

    10/16/2005 17:30:42.52 Blocked - *Back Orifice Attack Source -My FTP Server, Destination 67.176.195.13:31337 UDP

    Also get this one:

    10/16/2005 17:30:42.52 Blocked - *Portal of Doom Attack Source -My FTP Server, Destination 67.176.195.13:31337 UDP

    The Destination is always different each time these come up...

    I have 3 Spyware detection programs running (Counter Spy, Spyware Doctor & Pest Patrol) and Norton AV 10.. I have scanned all the system, checked the registry for common files concerning the 2 issues and have found nothing...

    Thoughts or suggestions??
     
  2. Try dissabling one security software at a time NOT the firewall, untill it stops to see if this is it.
     
  3. 2dox

    2dox Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    3
    I installed new AV (was using ver. 9 before), Spyware Doctor and Pest Patrol after I saw the problem.. Will try disabling Counterspy and see what happens...

    Currently running Trojan Remover to see if it finds anything...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.