• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

A worm or trojan horse attack detected

In my norton anti-virus log I see:

Details: Rule "Default Block Dmsetup Trojan horse" blocked (,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (,2079).
Process name is "N/A".


Event Details:
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=1056)
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

The second one gets blocked around 30 to 40 times a day.

Any idea what is going on?

1 Solution
Do you have a firewall?
That's the problem with reviewing AV logs.  It's like looking in the garbage, there will be a lot of garbage in there.

These entries show that Norton is doing what it's supposed to be doing, stopping these incoming threats.  It's the ones that _aren't_ logged (i.e. are not caught) that you need to worry about.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now