My norton firewall keeps alerting my by saying this:

A computer with the IP address XXX.XXX.XXX.XXX attempted to connect
to your computer using Default Block Backdoor/SubSeven Trojan horse.

I get these every few minutes while I'm surfing the net, and sometimes when I'm not even using my pc. What does this mean and how can I stop it? Is there anyway I can turn it off so it just automatically blocks it and doesn't alert me everytime? I'm just confused! thanks!

These sort of attacks are fairly common, as your ports are scanned, and attempts made to connect to them. They are probably the most common thing you'll see in Norton. You can turn down the alert levels if you wish - it will still block them, but won't warn you about them.
Also, with Norton, it is EXTREMELY important that you run the live update utility regularly - I had Norton running and it fell on it's backside due to blaster/welchia.
I don't use it any more:D

I may be wrong about this, but I think you are looking at a trojan that is installed on your machine and trying to connect to the web. You could try running Norton AV and see if it will find and kill it and/or you can run HijackThis and copy/paste the log here for the experts (not me) to check out and let you know if you have any onboard intruders....

Here are my HijackThis scan results:


Logfile of HijackThis v1.97.3
Scan saved at 12:57:52 AM, on 11/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dplaysvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/ON01.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19add0eb01b8d4f82702/netzip/RdxIE601.cab
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.7504398148
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab





Thanks if anyone can help!

http://service1.symantec.com/SUPPORT/nip.nsf/docid/2001012308470736

If the IP address xxx.xxx.xxx.xxx was external to your pc then the scan was trying to get in and all should be well.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/ON01.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19add0eb01b8d4...ip/RdxIE601.cab
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab

No trojans, but certainly unwanted!

BI is classed by some as a trojan.....;)

thanks everyone....I have fixed the mentioned files but my norton is still alerting me of trojan attempts every few minutes....can anyone tell me how to stop this from alerting me?

NIS > Options > Alerting Level

Bring the slider down to Medium or Low.Default level is Low. :cool:

Originally posted by shanmuga
NIS > Options > Alerting Level

Bring the slider down to Medium or Low.Default level is Low. :cool:

Ok I changed the slider to medium. Isn't it actually bringing it up to medium? Thus causing more notices of possible intrusions? It seems that on medium I have having the same amount, if not more, notices. I really wish I could get this thing to stop! I'm just confused because up until about 2 weeks ago, I got about one notice a week, now I'm getting 20 a day if not more.
Any other ideas?:(

Originally posted by deddard
These sort of attacks are fairly common, as your ports are scanned, and attempts made to connect to them. They are probably the most common thing you'll see in Norton. You can turn down the alert levels if you wish - it will still block them, but won't warn you about them.

@flingz, If you don't want to receive any alerts, you can hide the alert tracker by right clicking on it.As deddard posted it will still block them, but won't warn you about them.

Have you a Trojan already resident on your system - that seems to be the question?

Run this free on-line Trojan scan and see if anything shows up:

http://www.trojanscan.com/trojanscan/trojanscan.htm

:) :)

alright this just keeps getting more fun by the minute!
I don't have the alert messenger on....My norton icon in the bottom right just blinks with a ! mark until I click on it (this is what is annoying me). I went to the online trojan finder and I have tried it 4 times now and everytime I do it, it goes fine for about 5 minutes then shuts down ALL of my IE6 windows! I think I may have something majorly wrong here......:confused:

Sounds very distressing.

Why not do a Trojan search with a full-blown anti-Trojan program?

Download either Trojan Hunter or The Cleaner on a 30 day free trial basis and then run whichever - or both!!

Here:

http://www.misec.net/ for THunter

http://www.moosoft.com/ for The Cleaner

BTW, do you have Go Back or any similar roll-back utility? :) :)

ok update....I tried the trojan things and one found no trojans and the other found 3 , all called SUPERBAR...I cleaned them and I am waiting to see if it helped. i did a rollback to last month and it didnt work....we shall see if this superbar was the culprit!

Fingers crossed. :) :)

Which program found "Superbar"?

http://www.doxdesk.com/parasite/SuperBar.html

SIGH


The Cleaner found superbar. I had no notices for an hour not i've been surfing 15 minutes and have gotten 6 notices. I have been checking them and they are all from different places all over the world. I'm thinking I'm just gonna have to live with that little annoying exclamation point come up every 5 minutes!

Hi again

1) Can you post one of these notices, so I can see it?

2) It's worth running TH and The Cleaner again, at least one more time.

3) This is really back to basics, but I can and do turn off the intrusion alerts from my ZA firewall. Does Norton offer you that same option? :) :)