alert from firewall

[Guest]

This morning when start my computer and after the anti-virus (avg) finish he
found "trojan horse downloader.generic5.ao" as been bloqued and deleted. Now
my firewall (Zonealarm) alerts me "application layer gateway service wantes
to connect to IP 192.168.2ort 4095" this can be a fake program as well but
windows defender, spyboot,avg and aol spyware protection don't found nathing.
Is this a fake or real and i shud let act as server? Any help thanks

 

[Bill Sanderson MVP]

Are you running more than one firewall? The application layer gateway
service is normally related to the Windows firewall. If you are running
both the Windows firewall and Zone Alarm, you might see such an alert.

The address it is connecting to is on your network--not across the Internet.

OTOH, this worm:

http://www.anti-virus-anti-spam.com/anti-virus/virus_info/worms/rinbotan.htm

opens port 4095--and port 4095 has a variety of legitimate uses, as well.

I tried to spot this critter at Microsoft's new Security portal, and can't
be certain I've got the right match--virus names are not standardized, and
this is a significant issue with families with lots of members, as this one
seems to be--but here's what may be related that I found:

http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147415008

Many variants of this family are removed by the Malicious Software Removal
tool, which I suspect you have been running as part of the monthly security
updates from Microsoft.

So--I can't be sure. This may be normal traffic. I think to be sure, I'd
run some other antivirus app besides those you have already run. An online
scan from any of the antivirus vendors, or http://safety.live.com would be
a good thing to do just for peace of mind.