"Portal of Doom Trojan Horse" on my computer?

  • Thread starter Thread starter John R Rybock
  • Start date Start date
J

John R Rybock

Greetings, all. Hoping to get some help on this, been hard to find
specific information on this.

I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it. Both computers have Norton personal
firewall and anti-virus installed and running.

For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network. I believe that is in fact the computer that is
being attacked (from reading the "Wireless Network Connection"
properties box). Ran AV on a full check, and found nothing.

Does it sound like it is already on my computer? And if so, what can I
do to find it and get rid of it?
 
Greetings, all. Hoping to get some help on this, been hard to find
specific information on this.

I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it. Both computers have Norton personal
firewall and anti-virus installed and running.

For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network. I believe that is in fact the computer that is
being attacked (from reading the "Wireless Network Connection"
properties box). Ran AV on a full check, and found nothing.

Does it sound like it is already on my computer? And if so, what can I
do to find it and get rid of it?
Click to expand...

Norton will tell you of all attempted hacks, this only means that
someone was trying to see if your computer was infected.
You can turn off reporting for this.
Your system is probably clean but if you need to check try

Spybot
http://www.safer-networking.org/index.php?page=mirrors
or Adaware
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button


Taff..........



www.sounds-pa.com | www.thecomputerworkshop.com
 
John said:
Greetings, all. Hoping to get some help on this, been hard to find
specific information on this.

I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it. Both computers have Norton personal
firewall and anti-virus installed and running.

For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network. I believe that is in fact the computer that is
being attacked (from reading the "Wireless Network Connection"
properties box). Ran AV on a full check, and found nothing.

Does it sound like it is already on my computer? And if so, what can I
do to find it and get rid of it?
Click to expand...

You might want to try a trojan scan also:

http://www.trojanscan.com/trojanscan/trojanscan.htm

Ian
 
On that special day, John R Rybock, ([email protected]) said...
I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it.
Click to expand...

With "hardwired" you mean, connected by a patch cable? How is the router
configured, does it do Network Address translation?
For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network.
Click to expand...

Which of your computers does have this address, the router? If yes, the
IP number is reported because of this NAT function. However, any inbound
traffic is void, as long as there is no process LISTENING for these
calls. It is just like ringing all door bells on a block. If no one
opens, the inhabitants stay safe.

tell your computer no to answer these calls (by keeping it trojan free
and shutting down XP services you don't need), and you are safe.


Gabriele Neukam

(e-mail address removed)
 
On Tue said:
I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it. Both computers have Norton personal
firewall and anti-virus installed and running.
OK

For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network.
Click to expand...

Yep; 192.168.x.x is local range - and that makes this more serious
than the usual rattling of burglar bars one gets from the 'net.

What is the internal IP address (i.e. your LAN's view) of the router?
Does it sound like it is already on my computer?
Click to expand...

It sounds like it's coming from within your LAN; maybe some sort of
spurious thing from the Xbox, or something from outside that looks as
if it's from the router from your PC's viewpoint. I doubt the latter,
as I don't think that's the way these things work.
And if so, what can I do to find it and get rid of it?
Click to expand...

Who bites if you Ping 192.168.1.101 ?

--------------- ----- ---- --- -- - - -
Click to expand...
Error Messages Are Your Friends
 
John said:
Greetings, all. Hoping to get some help on this, been hard to find
specific information on this.

I have a home network connected to my cable modem, using a LinkSys
Wireless-B Broadband Router. 2 wireless point connected to home
computers, Xbox hardwired to it. Both computers have Norton personal
firewall and anti-virus installed and running.

For the last week, several times a day, at some points as often as
once a minute for about 5 minutes, Personal Firewall shows an attempt
to hack using the Portal of Doom Trojan Horse. PF's warning lists it
as coming from "192.168.1.101", which it generically states as a
computer on my network. I believe that is in fact the computer that is
being attacked (from reading the "Wireless Network Connection"
properties box). Ran AV on a full check, and found nothing.

Does it sound like it is already on my computer? And if so, what can I
do to find it and get rid of it?
Click to expand...

Sounds to me like it's an attempted intrusion. If it were found on your
system, NAV would provide you with a "Red Alert". Norton PF can be
configured to do its job without giving you an alert of every suspected
intrusion.
 
Gabriele Neukam wrote:

Which of your computers does have this address, the router? If yes, the
IP number is reported because of this NAT function. However, any inbound
traffic is void, as long as there is no process LISTENING for these
calls. It is just like ringing all door bells on a block. If no one
opens, the inhabitants stay safe.
Click to expand...

The routers IP address is likely 192.168.1.1. The 101 address is one of
his systems.
 
Back
Top