QaZ Trojan,Indoctrination Trojan horse

Discussion in 'other firewalls' started by Gio7707, Oct 17, 2005.

Thread Status:
Not open for further replies.
  1. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    My appl. blocked communication and it's l;ocated within MSN messenger , anybody has some more info on thos two Trojan's ??

    Thanks

    Gioo_O
     
  2. FanJ

    FanJ Guest

  3. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    My Av (Symantec) blocked it :

    Details: Rule "Default Block Indoctrination Trojan horse" blocked communication. Local address: 141.151.xx.xxx(6939).
    Process name is "C:\Program Files\Messenger\msmsgs.exe".

    Details: Rule "Default Block QaZ Trojan horse" blocked communication. Local address: 141.151.x.xxx(7597).
    Process name is "C:\Program Files\Messenger\msmsgs.exe".

    I have checked the registry , did not find any of them.
     
    Last edited by a moderator: Oct 17, 2005
  4. FanJ

    FanJ Guest

    Hi,

    Are you sure it was your NAV and not the firewall NIS/NPF that blocked it?
    Because that is what it looks to me, but I'm not too familiar with the latest NAV-versions.

    Those ports are indeed related to those nasties:
    From the Port-reference-list in my TDS-3:
    [PortRef] 6939: RAT: Indoctrination
    [PortRef] 7597: RAT: QAZ


    You could do a full system scan with your (updated) NAV, and an online scan for example at the KAV online scanner.
    But I think it is more a firewall "issue", and not an infection on your system.

    I would suggest to move this thread to the firewall-section where you could get more attention; but I leave that of course to the mods ;)
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Those are alerts/log entries for the default trojan rules in NIS/NPF.
    This does not mean you have the trojans in question, just that someone scanned those ports. NIS/NPF has numerous default trojan rules that are associated to known ports used by trojans. Unfortunately these alerts are misinterpreted by many. I am not fond of these rules and see no real need for them and usually suggest users replace them all with a single rule to block and log unsolicited inbound traffic.

    Regards,

    CrazyM
     
  6. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    Thanks so much, always good to be back with you guys. Will make time again to study and research !!

    Thanks Gio
     
  7. FanJ

    FanJ Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.