I could not post or view anything. I have added you as a trusted site but should I?
Details:
Berbee Information Networks Corp
455 Science Dr.
Madison WI 53711
Tech name: Stahr, James
Phone 1-608-288-3000
Email: stahr@binc.net
IP Address: 64.73.42.2
NetBus Trojan Horse
What about this???
Still no answer. ??? I sent them an email about that this AM.
I went thru Symantec’s information about Netbus. I usually do not put sites in my “trusted zone” and just visit. I probably would not expect a reply for some time if at all.
I think this is a tool that is run on the server itself by a person who wants access into it. Your sending the email may have been enough (with others?) to alert the admin and they can run procedures to close this problem.
I am happy the site works and there are no alerts going on on my Norton.
Thanks HighIron2003ar. I’m no computer person and I trust Norton. Thanks again for the info. My spam and etc has gone [once in a while one slips thorugh and you can put future block on it] since I upgraded to Norton 2004.
Hello,
I did receive your e-mail this morning (which, by the way, is the best way to alert us about concerns like this… not via a post that we might not see). I’ve forwarded to our online department to look into it.
I also run Norton (at home) and never get warnings regarding our site.
If I hear anything, I’ll let you know.
Erik
Hey guy’s I got hit too! ,And I’m down for the count,.
When I turn my computer on all I get is a black screan,It wount boot up.
I’m talking to you from a friends computer, I saw CheifEagles mention this morning and it wasn’t long untill I was Dead in the water,My norton didn’t catch it untill it was too late I guess.
Like Erik said, he forwarded the post to us this morning. At the time I didn’t have an answer for him.
I really think it’s a false positive. I use NIS at home and I know of others using it. Nobody has mentioned being alerted by Norton. The company which hosts are (dedicated) servers are very good about keeping their network clean of things like this. One our IS guys checked the server during lunch and made sure all the virus definitions were up to date. Whenever new security updates are released, it’s the top priority to get all of our servers patched.
I know this has come up before, but I just can’t remember what it was and in what context.
Out of curiousity, I do have a couple of questions.
What version of Norton Internet Security (NIS) are you using (2003, 2004)?
Do you know what level your security settings are at?
Are you using any 3rd party applications such as Ad-aware or Spybot S&D? (highly recommended)
When you said you added trains.com as a trusted site, was that in NIS or Internet Explorer? If you don’t mind, remove the site from the list of trusted sites and see if this comes up again.
Doing some digging around, here are a couple of things I came up with.
Some ISPs use the same ports as Trojans
Be aware that some Internet Service Providers (ISP’s) may use some of the same ports that Trojans use to monitor whether or not your Internet connection is in use. This activity may be causing the Trojan alerts if they seem to happen at a regular interval, or on a regular basis. If you think this is the case, and a security scan does not detect any Trojans, you may click the “Do not warn me again” checkbox on the alert. This prevents any future detections of this event from creating pop-ups. The activity is still logged in the NIS log files.
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2001012308470736
You see an alert for a Trojan Horse when you
You know I have to ask…
What happened and when did it happen? When was the last time you updated your definitions? Are you using Ad-aware or Spybot S&D? If you are, when was the last time you scanned your system? Have you opened up any email with attachments recently? There’s a nasty one going around. Below is a copy of the email we received Monday.
Sent: Monday, August 09, 2004 2:11 PM
Subject: [Kalmbach-support] [Msn-customers] New Virus - please do not open questionable attachments
All, there is a new email virus that several clients have received today. The email will have an attachment named price.zip, new_price.zip or some variant similar to this. There is currently no update from McAfee. Please do not open these attachments; we recommend instead, to simply delete the email from your inbox.
See this link for details if you are interested: http://vil.nai.com/vil/content/v_127423.htm
Norton 2004 with firewall, Internet Security [set on medium], spam block, add block and anti-virus. Auto update is on [just sent me a new update as I turned computer on]. This has been working for two weeks. I have had two attempts from internet [not your site] for Trogan Horse that “zeroed in” on California. You see a copy of most of the raw data in my post. Call the “sucker” and find out what he is up too. I will take you back out as trusted site. We’ll see but this should have appeared earlier than two weeks later. OH, also running Ad-aware too [Norton recommended I keeep running it with their product too]. When you all ran the last maintenance, I had to add you back in my accepted cookies in that.
You are not a trusted site anymore. Working but seems to work slower. I guess it is scanning before letting it come up or it is just busy this time of day. We’ll see.
POP IS WHAT YOU CALL YOUR FATHER OR DAD. [:D]
I don’t know if I want to continue my associtation with the Chief if he drinks Soda. That is far too extreme for a Buckeye to swallow.
I thought that when you folk call DAD you were asking for a Rootbeer [?] [:P][%-)] [(-D][(-D]
YANKEES!!! Just remember, Ole Jebb Stewart is making a raid up nawth next week. [:D]