PC Review


Reply
Thread Tools Rate Thread

alert from firewall

 
 
=?Utf-8?B?bW9udGVpcm8=?=
Guest
Posts: n/a
 
      12th Jul 2007
This morning when start my computer and after the anti-virus (avg) finish he
found "trojan horse downloader.generic5.ao" as been bloqued and deleted. Now
my firewall (Zonealarm) alerts me "application layer gateway service wantes
to connect to IP 192.168.2ort 4095" this can be a fake program as well but
windows defender, spyboot,avg and aol spyware protection don't found nathing.
Is this a fake or real and i shud let act as server? Any help thanks
 
Reply With Quote
 
 
 
 
Bill Sanderson MVP
Guest
Posts: n/a
 
      13th Jul 2007
Are you running more than one firewall? The application layer gateway
service is normally related to the Windows firewall. If you are running
both the Windows firewall and Zone Alarm, you might see such an alert.

The address it is connecting to is on your network--not across the Internet.

OTOH, this worm:

http://www.anti-virus-anti-spam.com/...s/rinbotan.htm

opens port 4095--and port 4095 has a variety of legitimate uses, as well.

I tried to spot this critter at Microsoft's new Security portal, and can't
be certain I've got the right match--virus names are not standardized, and
this is a significant issue with families with lots of members, as this one
seems to be--but here's what may be related that I found:

http://www.microsoft.com/security/po...Id=-2147415008

Many variants of this family are removed by the Malicious Software Removal
tool, which I suspect you have been running as part of the monthly security
updates from Microsoft.

So--I can't be sure. This may be normal traffic. I think to be sure, I'd
run some other antivirus app besides those you have already run. An online
scan from any of the antivirus vendors, or http://safety.live.com would be
a good thing to do just for peace of mind.



--

"monteiro" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This morning when start my computer and after the anti-virus (avg) finish
> he
> found "trojan horse downloader.generic5.ao" as been bloqued and deleted.
> Now
> my firewall (Zonealarm) alerts me "application layer gateway service
> wantes
> to connect to IP 192.168.2ort 4095" this can be a fake program as well
> but
> windows defender, spyboot,avg and aol spyware protection don't found
> nathing.
> Is this a fake or real and i shud let act as server? Any help thanks



 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Use this important VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft VC .NET 0 3rd Nov 2003 09:34 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft Dot NET Framework 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft Outlook Contacts 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Windows XP Print / Fax 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Windows XP Photos 0 12th Oct 2003 01:29 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 05:07 PM.