A worm or trojan horse attack detected

Posted on 2006-03-21
Last Modified: 2013-11-16
In my norton anti-virus log I see:

Details: Rule "Default Block Dmsetup Trojan horse" blocked (,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (,2079).
Process name is "N/A".


Event Details:
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=1056)
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

The second one gets blocked around 30 to 40 times a day.

Any idea what is going on?

Question by:haneedes
    LVL 3

    Expert Comment

    Do you have a firewall?
    LVL 32

    Accepted Solution

    That's the problem with reviewing AV logs.  It's like looking in the garbage, there will be a lot of garbage in there.

    These entries show that Norton is doing what it's supposed to be doing, stopping these incoming threats.  It's the ones that _aren't_ logged (i.e. are not caught) that you need to worry about.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now