Trojan Blocked on Sonicwall by gateway AV

Posted on 2009-02-10
Last Modified: 2013-11-22
When checking the logs on our Sonicwall, I noticed that we had entries for a blocked Trojan. I have copied the latest log entries (there are also intrusion prevention, but these are OK). I could not copy over the header, therefore, it should be:
Does this mean we have a trojan on our machine? It looks like all of the things are coming from the outside as the source, not from inside. The is inside our network, and is our SBS 2003 server.

If we do have this Trojan, how can we get rid of it?

The header for the log files, not attached is
# Time  Priority Category  Message Source  Destination

Question by:jeffschick
    LVL 9

    Accepted Solution

    The entry that concerns me the most is #4. As I read it, it says that the traffic source was Is that your server (your question states that .150 is your server, is that a typo)?

    It is possible that the Sonicwall has done its job and blocked the suspicious threats - both the ones comming in and maybe, one going out. Maybe one got past the sonicwall and it blocked the rest.

    Is this a one time occourance? OR are you seeing these messages constantly? Are you seeing a regular number of entries like #4 or was this the only one?

    What Anti-Virus solution do you have installed on your server?

    I would contact Sonicwall suppot - you should have support included with your updates and they may be able to give you more specific information about this particular trojan and to make sure you don't have it running on your network.

    It isn't ideal, but if you are seeing messages like #4 regularly, you may want to try disconnecting the network cable from the server at a time you susspect that it may happen again to confirm that it is not comming from your server.

    I hope that helps .... a little.

    Author Comment

    It just started happening today, and the .154 is also a server, but not the SBS. It seems from looking into it that whenever Firefox tried to download the IE Tabs update, it was blocked by the sonicwall as having a trojan in it, which may account for the message only showning up whenever I tried to run the install Add on update in Firefox. On our servers, we have Panda FileSecure for Windows Server 2008. Thanks for all of your help - i will try calling Sonicwall to see what they think. Thank you!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    This video discusses moving either the default database or any database to a new volume.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now