NetSpy Trojan

  • Thread starter Thread starter Sineis
  • Start date Start date
S

Sineis

Hi,
When I first boot up and the desktop is "settling down" I
get a message from Norton Internet Security telling me
that it has blocked an intrusion attempt that has the
signature of the NetSpy trojan. It gives the following
details.

Rule "Default Block Netspy Trojan horse" stealthed
(localhost,1024)
Inbound TCP connection
Local address,service is (0.0.0.0,1024)
Remote address,service is (localhost,1036)
Process name is "C:\WINDOWS\Explorer.EXE"

I just installed Norton Internet Security 2003. Never
used to get this message from 2002. I have scanned my
whole system with Norton AV on this machine, the online
version on the symantec website, Mcafee online from their
website, and The Cleaner from Moosoft. No infection.
Anywhere.

But the question remains, why does explorer have a
connection with port 1024, which is apparently known to be
where NetSpy listens?
I am running Windows XP Home.
Anyone who could shed some light on this would get lots of
gratitude.
Hope somebody knows about this...
Thanks in advance,

Information: I already checked my Windows Folder and I
did not find any folder with name explorer.
 
There is a bug in Norton Internet Security which erroneously causes this
message on Win XP under certain circumstances. There is info. on this and
a solution at the Symantec website
See http://tinyurl.com/kifd for some information and the recommended
solution.
 
Back
Top