Constant Trojan blocking


Ad: Buy Girls Und Panzer Merch from Play Asia!
Status
Not open for further replies.

blckdemondrgn

-gao...?
Retired
Ok I honestly don't know how or if I got infected by something but it all started today early morning like 8 am.

My norton keeps blocking the same trojan called: Default Block Gatecrasher Trojan Horse.

For some reason it keeps blocking the same stupid trojan almost all day for each 30 minutes that has elapsed. It is annoying to have an alert that a trojan is trying to invade but it blocked every 30 minutes.

Now I thought it could've been a related problem to this thread: http://boards.fansub.tv/?showtopic=4958 . so I tried getting the a-squared program haruka suggested.

But after sweeping with a-squared, error check, norton and spy sweeper it still try to invade the stupid trojan even during the sweep.

Btw I still get invaded when nothing but the programs mentioned are on.

Also my norton says specifically: QUOTE Rule "Default Block GateCrasher Trojan horse" blocked (209.198.12.162,6969).
Inbound TCP connection.
Remote address,service is (209.198.12.162,5217).
Process name is "N/A".


If anyone knows what this means please help me.

Finally if anyone reccomends any other anti-virus, spyware, or other tips help much is obliged as this is bugging me all day!!! Hoping for a quick response thank you.

Also for anyone experiencing this or know extensive knowledge about this can tell me if it is harmful at all - so far it is just plain annoying every 30 minutes being reminded. >-<.
 
have u tried deleting it? it sounds u only just have the programs on and havn't scanned the computer. scan the computer with norton, and it should delete the trojan, make sure norton is up to date.
 
I encountered that with my Symantec Client Security. However after looking into the referred process it was Utorrent. After further research, I found that the transmission port range has been expanded, falling into ports that trojans in the past have used. I disabled the alert, and are not worse for wear.
 
QUOTE (luigiroxu @ Apr 13 2007, 11:10 PM) have u tried deleting it? it sounds u only just have the programs on and havn't scanned the computer. scan the computer with norton, and it should delete the trojan, make sure norton is up to date.
almost everythingis daily updated.

a-squared picked up some harmful cookies and backweb. I choose to delete them both.

when the others were scanning it didn't find anything at all. I am going to do another a-square scan but so far it isn't anything on my CPU from what I can tell and might be an outside source maybe but I ain't to bright with this viruses and never had a constant one like this before.
 
When Norton alerts you, you should be able to check details and it will give you a file name (assuming it's something on your HD). The alert you quoted though seemed like it was something trying to access your comp from the outside (it stated an IP, port, and that it was an *inbound* TCP connection). I'd say check your torrent programs, make sure they don't use port 6969.
Also, if you click on the trojan type, it should link you to the website, and state countermeasures you can take manually. They might even have a special removal program for it - they sometimes do.
 
@dchaosblade how do I check my bit lord's port?

also I would hope that it not being on would help me deduce it isn't my torrent but I'll still check. also I tried searching for the trojan but couldn't find it on symantec's site or norton's site.

@anime-addict I mean I could turn the alert off while it stills blocks but I am still worried about it.

also for the full log view it quoted: QUOTE Rule "Default Block GateCrasher Trojan horse" blocked (209.198.12.162,6969).
Inbound TCP connection.
Remote address,service is (209.198.12.162,5217).
Process name is "N/A".

will update my first post about the full log review.
 
I've also had my fair share of problems with trojans and here are some tips to help rid yourself of them.

-Delete all of your temp. internet files, cookies, etc manually.

-Use the SEARCH program and type in the date and time that the trojan first appeared and look for any programs created within that time frame.

-If you find the program but cannot delete it, change the name of the program and move it to your desktop. Then reset your computer and delete it there after.
 
eh done the cookies, temp internet files manually.

can find nothing so far that has the same time frame as when it first started.

so I can't do the third step.

*rubs head* grrr...really can't understand how to rid of it. >-< I've done nearly everything I know.
 
Another thing you can try is using Windows MRT (malicous removal tool).

This program is located in the following directory

-C:\WINDOWS\system32
 
Just ran MRT but still the problem still exist.

*sigh* If this get done with soon I might want to ask some proffessional helping with this annoying issue.

True no harm seems to be done so far but again it is way annoying.
 
i'd agree wih anime-addict... norton might be confusing your BT client's incoming connections with trojan-related connections, because if you indeed had a trojan all the scans you did would have detected the trojan file.

did you try changing the torrent client's ports to something else yet?
 
QUOTE (darkdog @ Apr 14 2007, 06:10 AM) i'd agree wih anime-addict... norton might be confusing your BT client's incoming connections with trojan-related connections, because if you indeed had a trojan all the scans you did would have detected the trojan file.

did you try changing the torrent client's ports to something else yet?
umm...seriously how do I do that? again I don't have that much knowledge on computers.

though just wondering I thought if the trojan is say coming through my torrent then why does it still trying to infect my computer if it isn't turned on - for example I restart my computer and my bit client: bit lord isn't running/loaded.
 
a trojan doesn't try to infect a remote computer, as far as i know.. a trojan is something that is disguised as something it is not -- imagine, for example, that someone sends you an app saying it's an anime database app, and actually, when you open it, it opens as many security holes on your system as it can find.

by definition, a trojan horse is something you MUST open to be harmful, unlike viruses and worms. and, for you to open a trojan horse, it HAS to be on your computer -- which it is not. That's what makes me think that norton's warning is a false positive.

and changing the BT client's ports depends on the client.. so you should check your BT app's help / website for info on that. If you still can't find info on how to do that let us know!

btw, if i said something wrong, please correct me
smile.gif
 
QUOTE (darkdog @ Apr 14 2007, 07:43 AM) and changing the BT client's ports depends on the client.. so you should check your BT app's help / website for info on that. If you still can't find info on how to do that let us know!

btw, if i said something wrong, please correct me
smile.gif

@darkdog I've been searching the options of bit lord and it's site for a good while.

all I've found is something about TCP port but on bit lord 0.56 version I have it only shows: listen port 16623. nothing I can find about changing, ignoring, or such.

Would a wise option to make is to uninstall bitlord and find another bit torrent program? if so any reccomendation?

Thanks all for the help everyone as this is really starting to drive me insane. >-<.
 
hmm.. bitlord's support seems to be terrible, and since i can't install it to give it a try myself (i own a mac) i'll have to wait for someone else to help you out.

regarding other clients, i use azureus and most definitely recommend it -- as long as it's not the version 3 crap. i'm using version 2.5.0.4 and, even though it's a little on the heavy side, it works perfectly and has all the features i could ask for.. you can give it a try, you don't have to uninstall bitlord to do so. get it at http://azureus.sourceforge.net/ and follow the Azureus 2.5 link, not the other one
tongue.gif
 
well I might just uninstall bitlord anyway, my friend reccomended me this program like ages ago - maybe like 5-7 years ago =P. Never did bother with the new programs.

also maybe I can figure out the ports stuff so I can block 6969 or what the other people mentioned above with azureus.

will update on the progress of my computer and the stupid trojan asap.

well so far I uninstalled bitlord but did not install azureus, but sadly I still get the stupid trojan. dang what will get norton to stop saying the trojan from trying to breach my computer or whatever it is doing >_<...

I also search on yahoo for related problems. so far there have been a few in the past like in '04-'06 but I couldn't find the solutions or I couldn't understand what to do >-<.

ok darkdog I've installed azureus so you might can help me with the changing ports or such? I have to repeat myself and say...I hate this stupid trojan as it still continues >-<.
 
well, first of all, to change the port on azureus.. go to azureus' options (inside the Tools menu). Right on the "Connection" section of the options you should see 2 fields: incoming TCP listen port, and incoming UDP listen port. Set a random value, preferably between 10000 and 65000, on both fields.. setting the same port on both works fine.

After you did this, go to Tools > NAT / Firewall test, and check if it's ok. if it isn't let us know!

finally, going back to your issue.. it's weird that you're still getting such warnings. Do you know if your internet connection has a static or dynamic IP address? if you don't know, it's probably a dynamic one. Could you do the following:
- shut down the computer;
- reset the modem (turn it off and on again);
- turn the computer on again

please? let us know when you did that!
 
QUOTE (blckdemondrgn @ Apr 14 2007, 08:34 AM) well I might just uninstall bitlord anyway, my friend reccomended me this program like ages ago - maybe like 5-7 years ago =P. Never did bother with the new programs.

also maybe I can figure out the ports stuff so I can block 6969 or what the other people mentioned above with azureus.

will update on the progress of my computer and the stupid trojan asap.

well so far I uninstalled bitlord but did not install azureus, but sadly I still get the stupid trojan. dang what will get norton to stop saying the trojan from trying to breach my computer or whatever it is doing >_<...

I also search on yahoo for related problems. so far there have been a few in the past like in '04-'06 but I couldn't find the solutions or I couldn't understand what to do >-<.

ok darkdog I've installed azureus so you might can help me with the changing ports or such? I have to repeat myself and say...I hate this stupid trojan as it still continues >-<.
why dont you try bit-comet as a torrent program? or avg,avg(anti-spyware) as an antivirus
 
QUOTE (±Exiled± @ Apr 14 2007, 10:04 PM) why dont you try bit-comet as a torrent program? or avg,avg(anti-spyware) as an antivirus
can you point me to the links of the reccomended programs for anti-virus/spyware?

cause I don't understand what the abbreviations stand for.
 
Status
Not open for further replies.
Playasia - Play-Asia.com: Online Shopping for Digital Codes, Video Games, Toys, Music, Electronics & more
Back
Top