dsteve54
Newbie
Posts: 9
|
 |
???C:\I386\SVCHOST.EXE?? -Help
« on: Mar 12th, 2003, 4:46am » |
 Quote  Modify
|
I have been using Trojanhunter 3.0 with updated rulesets for awhile, with a persistant
Port 5180/TCP is open (matches Peeper.120)
in the Port Scan section. However, I have figured this to be benign because when I shut down AOL IM, the port closes.
Heretofore I have had no other problems reported...I do have a 3 computer LAN in my home in a peer-to-peer topology behind a router. Each computer has Norton IS 2003, SpyWareBlaster, TrojanHunter, IE-SPYAD, AnalogX Cookie Wall, Paniware Pop Up Stopper.
Ok, everything has been fine....last night I downloaded TrojanHunter 3.5 and implemented and copied my license.dat back to the new dir, then deleted old 3.0 directory. I updated the ruleset.
Now, on one of my computers, an XP Pro node, I am getting the same message as above under the Port Scan.
But now I am getting a suspect file, like so:
Found possible trojan file: C:\I386\SVCHOST.EXE (LanFiltrator)
This is the first time this has happened. Could this file have been there all along and only 3.5 version has detected it?
Do I simply just delete this file? Could this be harmless..a false trojan message...it does say "possible"...is there a valid reason this file should be here? If it is a trojan, could something have proliferated? After deleting (if I should) do I quarantine anything else? Can I stop any other spread or usage? My Norton Antivirus with LiveUpdate current shows no virus files. I have run www.hackerwhacker.com self test recently.
When I was downloading 3.5, I experienced irregularities...I reported to Magnus. I got to www.misec.net fine and started downloading TrojanHunter 3.5 executable install. The installation hung and I got "Invalid IP CheckSum" from Norton.
Magnus said he would appraise the situation but for now said there had been heavy hits on that server. When I tried to go back to www.misec.net I got Bage Not Found.. I finally turned off NIS 2003 and got to the site and the download worked. But it seemed funny, almost like there was a tainted file or process going on in the act of trying to download this new version. I did a file disk virus scan and a full TrojanHunter 3.0 scan of C: drive before I deployed the new 3.5...all was ok. Now I get this error.
Please advise on my next move. So far this has just been reported on one machine.
Helppppppp....thx
|
|
 IP Logged |
|
|
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
for creating an unnecessary post...if I had kept my head and *not* panicked instead, I would have thought to use SEARCH first and found in Trojanhunter forum the topic 
Search
Members
Login
Register