QaZ Trojan,Indoctrination Trojan horse

Discussion in 'other firewalls' started by Gio7707, Oct 17, 2005.

Thread Status:
Not open for further replies.
  1. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    My appl. blocked communication and it's l;ocated within MSN messenger , anybody has some more info on thos two Trojan's ??

    Thanks

    Gioo_O
     
  2. FanJ

    FanJ Guest

  3. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    My Av (Symantec) blocked it :

    Details: Rule "Default Block Indoctrination Trojan horse" blocked communication. Local address: 141.151.xx.xxx(6939).
    Process name is "C:\Program Files\Messenger\msmsgs.exe".

    Details: Rule "Default Block QaZ Trojan horse" blocked communication. Local address: 141.151.x.xxx(7597).
    Process name is "C:\Program Files\Messenger\msmsgs.exe".

    I have checked the registry , did not find any of them.
     
    Last edited by a moderator: Oct 17, 2005
  4. FanJ

    FanJ Guest

    Hi,

    Are you sure it was your NAV and not the firewall NIS/NPF that blocked it?
    Because that is what it looks to me, but I'm not too familiar with the latest NAV-versions.

    Those ports are indeed related to those nasties:
    From the Port-reference-list in my TDS-3:
    [PortRef] 6939: RAT: Indoctrination
    [PortRef] 7597: RAT: QAZ


    You could do a full system scan with your (updated) NAV, and an online scan for example at the KAV online scanner.
    But I think it is more a firewall "issue", and not an infection on your system.

    I would suggest to move this thread to the firewall-section where you could get more attention; but I leave that of course to the mods ;)
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Those are alerts/log entries for the default trojan rules in NIS/NPF.
    This does not mean you have the trojans in question, just that someone scanned those ports. NIS/NPF has numerous default trojan rules that are associated to known ports used by trojans. Unfortunately these alerts are misinterpreted by many. I am not fond of these rules and see no real need for them and usually suggest users replace them all with a single rule to block and log unsolicited inbound traffic.

    Regards,

    CrazyM
     
  6. Gio7707

    Gio7707 Registered Member

    Joined:
    Mar 26, 2004
    Posts:
    16
    Thanks so much, always good to be back with you guys. Will make time again to study and research !!

    Thanks Gio
     
  7. FanJ

    FanJ Guest

Thread Status:
Not open for further replies.