cancel
Showing results for 
Search instead for 
Did you mean: 

Socet de Trois Trojan

N/A

Socet de Trois Trojan

Can anyone here help - last Sunday I had a report that I had an attack by the following trojan when I tried to connect to my website using Cute FTP.

I did some research on the internet and then asked Customer Support for input, as I had seen reports that Norton Internet Security could represent uPnP as this Trojan and thought they might have details.

To cut a long story short - after asking for more info, etc, after 4 days they have basically told me to contact the software manufacturers or ask on this Form.

I am SO underimpressed with the service.

Globalscape (Cute FTP) give me instructions to configure Norton to let their application access the internet - but that's already done. There is also a suggestion that I disable Windows XP firewall.

Any suggestions? By now you'll have worked out that I'm using Windows XP, Norton Internet Security and Cute FTP.

I accessed the site successfully with this combination - but have done some Windows security downloads since then.
7 REPLIES
N/A

Socet de Trois Trojan

I would not have windows firewall activated fullstop. This is not a real firewall (at least not till SP2).

Norton will however be pretecting you more.

Second, support are not here to support uPnP or Norton software. There primary job is to suppor the services offered, ie the portal, webspace and your actual connection.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Socet de Trois Trojan

Have you tried using Windows command line ftp app - just start a DOS window and run ftp) or even IE using the following format: ftp://username:password@ftp.plus.net in the address bar.

Note: FTP access is currently down although I have just connected to ftp OK so give it a try. If the alternative method works CuteFTP may have been corrupted in some way so I suggest you uninstall and reinstall it.

Also disable the windows firewall anyway, it's not a firewall and is useless (until SP2).
N/A

Socet de Trois Trojan

Thanks for your reply - two things -

Firstly I do have SP2 installed.

Secondly, I am aware that Support are not there to support other software, however they should be aware of common problems that might affect access to services and advise the customer in a timely way to contact their software provider.

Since I posted I have gone on to resolve the problem - whether correctly or not. It is Norton Internet security Firewall that is blocking, not the Windows XP firewall. The instructions on the Globalscape support to resolve the Norton issue don't work, so I have taken another route and entered the plusnet IP addresses as a trusted site.

Your response was appreciated - thanks.
N/A

Socet de Trois Trojan

You're very trusting, installing a beta program (SP2) that is such a major mod to an OS.
barnyandpippa
Grafter
Posts: 81
Registered: 05-10-2007

Socet de Trois Trojan

I am having a similar problem.

I know it is Norton that is blocking the "intrusion", the question is, what is "intruding".

Doesn't making criticalmass a trusted site mean that if this is really a Trojan, that you just let it in?

Could this be an intrusion from someone spoofing the criticalmass address or am I just being paranoid?

Can someone from support advise whether there is something legitamate that NIS is mistaking for a trojan or whether there really is a risk?
N/A

Socet de Trois Trojan

Hi

I have had no problems since I entered the PlusNet IP address as a trusted site. (Sorry - not quite sure what/who you mean by 'Criticalmass' ). The IP address shown on my Norton Security log was for PlusNet

I'm not quite clear on the details - but it seems Norton Internet Security sees Universal Plug and Play's use of a port, or address, as an attack by this trojan.

Someone else may be able to help you further - but that's how I solved it.

I doubt that anyone from support will help - see above - they asked for all the logs from my incident, kept them for 4 days then told me to contact my software supplier (Norton) - they won't waste time on a non-Plusnet problem.

B
barnyandpippa
Grafter
Posts: 81
Registered: 05-10-2007

Socet de Trois Trojan

Criticalmass is the name of the cgi server. I've not had this problem on the website server, then again, I've done a lot more with scripts than pages.

I hope support will help, you can't describe it as a "non-plusnet problem" if someone is spoofing their address and attacking their users.

It might not be a problem at all but you'd hope they know what their servers are doing and whether this can be misinterpreted by firewall software.

So far I've been impressed with Plusnet support, let's hope it stays that way!