alert from firewall

Discussion in 'Security and Anti-Spyware Community' started by Guest, Jul 12, 2007.

  1. Guest

    Guest Guest

    This morning when start my computer and after the anti-virus (avg) finish he
    found "trojan horse downloader.generic5.ao" as been bloqued and deleted. Now
    my firewall (Zonealarm) alerts me "application layer gateway service wantes
    to connect to IP 192.168.2:port 4095" this can be a fake program as well but
    windows defender, spyboot,avg and aol spyware protection don't found nathing.
    Is this a fake or real and i shud let act as server? Any help thanks
     
    Guest, Jul 12, 2007
    #1
    1. Advertisements

  2. Are you running more than one firewall? The application layer gateway
    service is normally related to the Windows firewall. If you are running
    both the Windows firewall and Zone Alarm, you might see such an alert.

    The address it is connecting to is on your network--not across the Internet.

    OTOH, this worm:

    http://www.anti-virus-anti-spam.com/anti-virus/virus_info/worms/rinbotan.htm

    opens port 4095--and port 4095 has a variety of legitimate uses, as well.

    I tried to spot this critter at Microsoft's new Security portal, and can't
    be certain I've got the right match--virus names are not standardized, and
    this is a significant issue with families with lots of members, as this one
    seems to be--but here's what may be related that I found:

    http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147415008

    Many variants of this family are removed by the Malicious Software Removal
    tool, which I suspect you have been running as part of the monthly security
    updates from Microsoft.

    So--I can't be sure. This may be normal traffic. I think to be sure, I'd
    run some other antivirus app besides those you have already run. An online
    scan from any of the antivirus vendors, or http://safety.live.com would be
    a good thing to do just for peace of mind.



    --

    "monteiro" <> wrote in message
    news:...
    > This morning when start my computer and after the anti-virus (avg) finish
    > he
    > found "trojan horse downloader.generic5.ao" as been bloqued and deleted.
    > Now
    > my firewall (Zonealarm) alerts me "application layer gateway service
    > wantes
    > to connect to IP 192.168.2:port 4095" this can be a fake program as well
    > but
    > windows defender, spyboot,avg and aol spyware protection don't found
    > nathing.
    > Is this a fake or real and i shud let act as server? Any help thanks
     
    Bill Sanderson MVP, Jul 13, 2007
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Radhakrishnan

    Antispyware- Alert Message

    Radhakrishnan, Jan 17, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    3
    Views:
    528
    Bill Sanderson
    Jan 18, 2005
  2. Bolo

    AntiSpyware - Alert Settings

    Bolo, Feb 1, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    1
    Views:
    561
    Spider
    Feb 1, 2005
  3. Dave

    Alert Bug

    Dave, Feb 20, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    1
    Views:
    452
  4. Brandon E.

    Bug Alert

    Brandon E., Feb 20, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    1
    Views:
    466
    Winston Smith
    Feb 21, 2005
  5. Wahid Hammami

    Spyware Alert Focus Window

    Wahid Hammami, Feb 26, 2005, in forum: Security and Anti-Spyware Community
    Replies:
    0
    Views:
    499
    Wahid Hammami
    Feb 26, 2005
Loading...

Share This Page