haneedes
asked on
A worm or trojan horse attack detected
In my norton anti-virus log I see:
Details: Rule "Default Block Dmsetup Trojan horse" blocked (222.122.60.98,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (222.122.60.98,2079).
Process name is "N/A".
and
Event Details:
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlog on.exe (PID=1056)
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
Action: Unauthorized access
Reaction: Unauthorized access stopped
The second one gets blocked around 30 to 40 times a day.
Any idea what is going on?
Details: Rule "Default Block Dmsetup Trojan horse" blocked (222.122.60.98,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (222.122.60.98,2079).
Process name is "N/A".
and
Event Details:
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlog
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Action: Unauthorized access
Reaction: Unauthorized access stopped
The second one gets blocked around 30 to 40 times a day.
Any idea what is going on?
Do you have a firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.