NetSpy Trojan

S

Sineis

Hi,
When I first boot up and the desktop is "settling down" I
get a message from Norton Internet Security telling me
that it has blocked an intrusion attempt that has the
signature of the NetSpy trojan. It gives the following
details.

Rule "Default Block Netspy Trojan horse" stealthed
(localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,1036)
Process name is "C:\WINDOWS\Explorer.EXE"

I just installed Norton Internet Security 2003. Never
used to get this message from 2002. I have scanned my
whole system with Norton AV on this machine, the online
version on the symantec website, Mcafee online from their
website, and The Cleaner from Moosoft. No infection.
Anywhere.

But the question remains, why does explorer have a
connection with port 1024, which is apparently known to be
where NetSpy listens?
I am running Windows XP Home.
Anyone who could shed some light on this would get lots of
gratitude.
Hope somebody knows about this...
Thanks in advance,

Information: I already checked my Windows Folder and I
did not find any folder with name explorer.
 
G

GTS

There is a bug in Norton Internet Security which erroneously causes this
message on Win XP under certain circumstances. There is info. on this and
a solution at the Symantec website
See http://tinyurl.com/kifd for some information and the recommended
solution.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

netspy trojan and explorer.exe 3
netspy trojan horse 5
Virus Warning When Faxing From MSWord 2
Microsoft Fax Services has a Trojan Horse? 2
Netspy trojan horse? 3
HELP: XP Fax. Sending faxes problem. 8
Incoming Worm when starting Fax Console 7
Trojan Threat? 13

Top