?
Solved

Trojan Blocked on Sonicwall by gateway AV

Posted on 2009-02-10
2
Medium Priority
?
436 Views
Last Modified: 2013-11-22
Hello,
When checking the logs on our Sonicwall, I noticed that we had entries for a blocked Trojan. I have copied the latest log entries (there are also intrusion prevention, but these are OK). I could not copy over the header, therefore, it should be:
Does this mean we have a trojan on our machine? It looks like all of the things are coming from the outside as the source, not from inside. The 192.168.168.150 is inside our network, and is our SBS 2003 server.

If we do have this Trojan, how can we get rid of it?

The header for the log files, not attached is
# Time  Priority Category  Message Source  Destination

sonicwall-log.txt
0
Comment
Question by:jeffschick
2 Comments
 
LVL 9

Accepted Solution

by:
acroment earned 2000 total points
ID: 23606747
The entry that concerns me the most is #4. As I read it, it says that the traffic source was 192.168.168.154. Is that your server (your question states that .150 is your server, is that a typo)?

It is possible that the Sonicwall has done its job and blocked the suspicious threats - both the ones comming in and maybe, one going out. Maybe one got past the sonicwall and it blocked the rest.

Is this a one time occourance? OR are you seeing these messages constantly? Are you seeing a regular number of entries like #4 or was this the only one?

What Anti-Virus solution do you have installed on your server?

I would contact Sonicwall suppot - you should have support included with your updates and they may be able to give you more specific information about this particular trojan and to make sure you don't have it running on your network.

It isn't ideal, but if you are seeing messages like #4 regularly, you may want to try disconnecting the network cable from the server at a time you susspect that it may happen again to confirm that it is not comming from your server.

I hope that helps .... a little.
-Eric
0
 

Author Comment

by:jeffschick
ID: 23607004
Eric,
It just started happening today, and the .154 is also a server, but not the SBS. It seems from looking into it that whenever Firefox tried to download the IE Tabs update, it was blocked by the sonicwall as having a trojan in it, which may account for the message only showning up whenever I tried to run the install Add on update in Firefox. On our servers, we have Panda FileSecure for Windows Server 2008. Thanks for all of your help - i will try calling Sonicwall to see what they think. Thank you!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question