A worm or trojan horse attack detected
Posted on 2006-03-21
In my norton anti-virus log I see:
Details: Rule "Default Block Dmsetup Trojan horse" blocked (184.108.40.206,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (220.127.116.11,2079).
Process name is "N/A".
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=1056)
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped
The second one gets blocked around 30 to 40 times a day.
Any idea what is going on?