cancel
Showing results for 
Search instead for 
Did you mean: 

Netbus trojan horse

N/A

Netbus trojan horse

Hi,
Is anyone else being bombarded with the Netbus trojan horse? I started getting alerts from my Norton Internet Security software on the 5th May. Now every time I log on the alerts start. My firewall is blocking it, so it isn't a problem as such, just unnerving. It's coming from various different IP addresses. I've not loaded any new software recently, or altered any settings. Is there anything I can do to stop the bombardment, or do I just wait it out?

Thanks! Smiley
18 REPLIES
Alecto
Grafter
Posts: 2,886
Registered: 30-07-2007

Netbus trojan horse

Have you done a liveupdate of Norton recently?

There was a similar problem last year where an update to Norton caused it to go wild reporting spurious trojan horses and attacks at a furious rate.

Norton denied it, then issued a corrected liveupdate a week or so later and all was well.
N/A

Netbus trojan horse

I have my router back now (new power transformer), but a couple of days back I had to use my USB modem and my McAfee firewall log was full of blocked attempts on port 12345 from the Netbus trojan. Traces showed that all the attacks were coming from Madrid and Seoul. I was under bombardment until I reconnected my router. The vast majority of unsolicited traffic is now stopped at the gateway and doesn't actually reach my computer anymore.
N/A

Netbus trojan horse

alicelouise,

If your firewall is blocking it then you having nothing to be concerned about, a lot of hits against your firewall are something that none of us can really do anything about, other than regard them as background internet noise.
Community Veteran
Posts: 1,139
Thanks: 4
Registered: 20-07-2007

Me Too

I've started getting bombarded by NetBus Trojan Horse as well. It started around the same time as reported by alicelouise. It seems a bit of a coincidence - what's going on?

Bob
N/A

Netbus trojan horse

Have you been able to trace the IP address? is it a PN addy? if not, then sadly there is little than can be done.
N/A

RE: Netbus trojan horse

@ alicelouise,

I too have been getting that "A LOT" since around the time you stated, I think it may be something to do with one of these trojan/worm outbreaks going around for example the sober one :?

There is not a lot we can do except keep software up to date and hope that none of them get through if they are malicious.
Community Veteran
Posts: 1,139
Thanks: 4
Registered: 20-07-2007

Netbus trojan horse

Quote
Have you been able to trace the IP address? is it a PN addy? if not, then sadly there is little than can be done.

It's comming from several IP addresses with seemingly no connection (when traced using Norton). How can I tell if it's a PN address?

Bob
N/A

Netbus trojan horse

Get the rDns for the address, and that will tell you, since it should with end 'Plus.Com'
N/A

Netbus trojan horse

Thanks for the replies folks, I thought someone else might have seen the same problem.

Quote
Have you done a liveupdate of Norton recently?

There was a similar problem last year where an update to Norton caused it to go wild reporting spurious trojan horses and attacks at a furious rate.

Norton denied it, then issued a corrected liveupdate a week or so later and all was well.


Yes, every time I connect to the net, the first thing I do is run liveupdate. If it's that hopefully they'll fix it quickly.

One other question; gadgetboy suggested "Get the rDns for the address" to see if it's a PN addy - what's the rDns and how would I find it?

Thanks! Smiley
Community Veteran
Posts: 1,139
Thanks: 4
Registered: 20-07-2007

Netbus trojan horse

My attacks seem to have stopped now. Whatever it was seems to have gone away.

Bob
Alecto
Grafter
Posts: 2,886
Registered: 30-07-2007

Netbus trojan horse

Quote

Yes, every time I connect to the net, the first thing I do is run liveupdate.


Just a point worth thinking about alicelouise, since the episode last year where the Norton update caused problems and they denied it etc, I run live update often, but don't actually download any program updates till they've been there a week or so.
This way, any faulty updates are likely to have been spotted and changed before they get to me.

You should still update the virus definitions, of course, but Automatic Live Update does that for you anyway if you've got it switched on.
bootletip
Grafter
Posts: 79
Registered: 26-08-2007

I am reassured it is not just me that is getting attacked

tuesday last week I started getting bombarded by firewall attacks - norton stated that all were a netbus trojan.

at exactly the same time I started to get hit by e.mails infected by the sober virus. my machine is clean and use norton 2005 firewall and antivirus and like you all make a point of updating each time I go on line.

in total I have had over 10,000 e.mails and in fact there is still over 2,000 sitting in my plus account - a great many came from an ntlworld address eventually got through to ntl to report it and these seem to have died down.

I have tried all sorts of blocking tactics - I have managed fairly well in outlook express but not in plus web mail and as the headers, subject lines, from etc keep changing this has not made it easy and yes I have reported it to plus support, one tech said to do blocking in ox - it failed and the last one deleted over 1,000 in bulk for me.

why can't people find some more constructive to do than creating virus and causing havoc for everyone.
Alison
N/A

Netbus trojan horse

Quote

Just a point worth thinking about alicelouise, since the episode last year where the Norton update caused problems and they denied it etc, I run live update often, but don't actually download any program updates till they've been there a week or so.
This way, any faulty updates are likely to have been spotted and changed before they get to me.

You should still update the virus definitions, of course, but Automatic Live Update does that for you anyway if you've got it switched on.


Thanks for the advice gpattison - definitely worth a try. I stopped getting the alerts 10/05, so whatever it was, it seems to have gone away/been fixed. Cheesy
N/A

Netbus trojan horse

I've had the same Netbus attacks starting and finishing on the same days as mentioned above.
Unfortunately, they appear to have reappeared this morning,Sat 14th May.
Is it just me or is everyone being bombarded again?