netspy trojan and explorer.exe

[Graham Love]

All,

The following is from Norton Personal firewall:-

Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,3012)
Process name is "C:\WINDOWS\Explorer.EXE"

but Norton AV does not detect anything int he file 'c:\windows\explorer.exe'

I have tried other anti-trojan software and several report that
'explorer.exe' is listening on port 1024.

My question
Is this a genuine infection or a false-positive?
What are the specific symptoms of the netspy trojan?
If it is genuine, how can I get rid of it?
What should the correct version number be for WinXP sp1?

thanks

Graham

 

[Mike P]

-----Original Message-----
All,

The following is from Norton Personal firewall:-

Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,3012)
Process name is "C:\WINDOWS\Explorer.EXE"

but Norton AV does not detect anything int he file 'c:\windows\explorer.exe'

I have tried other anti-trojan software and several report that
'explorer.exe' is listening on port 1024.

My question
Is this a genuine infection or a false-positive?
What are the specific symptoms of the netspy trojan?
If it is genuine, how can I get rid of it?
What should the correct version number be for WinXP sp1?

thanks

Graham

Your fiewall is doing what it is supposed to do.

Some idiot was trying to access your computer with
Netspy trojan horse and your Norton Firewall detected it
and stopped it, it also created a rule for its own use to
stop it again in the future. Your anti-virus program will
not detect this because the firewall stopped it before it
got on to your computer. To find more about Netspy go to
Norton's website there should be a link to this page in
norton's anti-virus program.

 

[Mike P]

-----Original Message-----
All,

The following is from Norton Personal firewall:-

Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,3012)
Process name is "C:\WINDOWS\Explorer.EXE"

but Norton AV does not detect anything int he file 'c:\windows\explorer.exe'

I have tried other anti-trojan software and several report that
'explorer.exe' is listening on port 1024.

My question
Is this a genuine infection or a false-positive?
What are the specific symptoms of the netspy trojan?
If it is genuine, how can I get rid of it?
What should the correct version number be for WinXP sp1?

thanks

Graham

Hi Graham: one more thing you mentioned that you tried

other anti-trojan software If? you ment other anti-virus
software that is "installed" on your computer the two
programs may "conflict" at system boot each one will try
to take control. Norton's firewall and virus programs are
all you really need. Stealthed means that your firewall
did not send a responce to the idiot who sent the trojan
this is a good thing.
go to www.grc.com and run the shields up test. It will
test your firewall. Steve Gibson is a security expert
Later

 

[Graham Love]

I realise what is happening, but i noticed that the warning appears
before I have connected to the internet and the 'local' and 'remote'
addresses are both from my machine (127.0.0.1).

I am trying to work out whether or not I have an infected copy of
'explorer.exe' - the file listed - which is trying to get out, and if so,
how to get rid of it.

regards

Graham Love