Trains.com

Site Administrator:: Norton Internet Security blocked this site at 6:58 AM// Trojan Horse attempt.

1549 views
14 replies
1 rating 2 rating 3 rating 4 rating 5 rating
  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Thursday, August 12, 2004 9:05 AM
YANKEES!!!! Just remember, Ole Jebb Stewart is making a raid up nawth next week. [:D]

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    April 2003
  • From: Willoughby, Ohio
  • 5,231 posts
Posted by spankybird on Thursday, August 12, 2004 6:11 AM
I thought that when you folk call DAD you were asking for a Rootbeer [?] [:P][%-)] [(-D][(-D]

I am a person with a very active inner child. This is why my wife loves me so. Willoughby, Ohio - the home of the CP & E RR. OTTS Founder www.spankybird.shutterfly.com 

  • Member since
    March 2004
  • From: Jelloway Creek, OH - Elv. 1100
  • 7,578 posts
Posted by Buckeye Riveter on Wednesday, August 11, 2004 9:18 PM
I don't know if I want to continue my associtation with the Chief if he drinks Soda. That is far too extreme for a Buckeye to swallow.

Celebrating 18 years on the CTT Forum. Smile, Wink & Grin

Buckeye Riveter......... OTTS Charter Member, a Roseyville Raider and a member of the CTT Forum since 2004..

Jelloway Creek, OH - ELV 1,100 - Home of the Baltimore, Ohio & Wabash RR

TCA 09-64284

  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Wednesday, August 11, 2004 8:51 PM
POP IS WHAT YOU CALL YOUR FATHER OR DAD. [:D]

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    April 2003
  • From: Willoughby, Ohio
  • 5,231 posts
Posted by spankybird on Wednesday, August 11, 2004 5:40 PM

I really think its because Chief drinks Soda and not Pop.

[:P][;)][;)][(-D][(-D]

I am a person with a very active inner child. This is why my wife loves me so. Willoughby, Ohio - the home of the CP & E RR. OTTS Founder www.spankybird.shutterfly.com 

  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Wednesday, August 11, 2004 4:07 PM
You are not a trusted site anymore. Working but seems to work slower. I guess it is scanning before letting it come up or it is just busy this time of day. We'll see.

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Wednesday, August 11, 2004 3:44 PM
Norton 2004 with firewall, Internet Security [set on medium], spam block, add block and anti-virus. Auto update is on [just sent me a new update as I turned computer on]. This has been working for two weeks. I have had two attempts from internet [not your site] for Trogan Horse that "zeroed in" on California. You see a copy of most of the raw data in my post. Call the "sucker" and find out what he is up too. I will take you back out as trusted site. We'll see but this should have appeared earlier than two weeks later. OH, also running Ad-aware too [Norton recommended I keeep running it with their product too]. When you all ran the last maintenance, I had to add you back in my accepted cookies in that.

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Wednesday, August 11, 2004 3:27 PM
QUOTE: Originally posted by penncentral8885

Hey guy's I got hit too! ,,,And I'm down for the count,.
When I turn my computer on all I get is a black screan,It wount boot up.
I'm talking to you from a friends computer, I saw CheifEagles mention this morning and it wasn't long untill I was Dead in the water,,,,,My norton didn't catch it untill it was too late I guess.


You know I have to ask...

What happened and when did it happen? When was the last time you updated your definitions? Are you using Ad-aware or Spybot S&D? If you are, when was the last time you scanned your system? Have you opened up any email with attachments recently? There's a nasty one going around. Below is a copy of the email we received Monday.

- - - - - - - - - - -
Sent: Monday, August 09, 2004 2:11 PM
Subject: [Kalmbach-support] [Msn-customers] New Virus - please do not open questionable attachments

All, there is a new email virus that several clients have received today. The email will have an attachment named price.zip, new_price.zip or some variant similar to this. There is currently no update from McAfee. Please do not open these attachments; we recommend instead, to simply delete the email from your inbox.

See this link for details if you are interested: http://vil.nai.com/vil/content/v_127423.htm
  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Wednesday, August 11, 2004 3:14 PM
Like Erik said, he forwarded the post to us this morning. At the time I didn't have an answer for him.

I really think it's a false positive. I use NIS at home and I know of others using it. Nobody has mentioned being alerted by Norton. The company which hosts are (dedicated) servers are very good about keeping their network clean of things like this. One our IS guys checked the server during lunch and made sure all the virus definitions were up to date. Whenever new security updates are released, it's the top priority to get all of our servers patched.

I know this has come up before, but I just can't remember what it was and in what context.

Out of curiousity, I do have a couple of questions.

What version of Norton Internet Security (NIS) are you using (2003, 2004)?

Do you know what level your security settings are at?

Are you using any 3rd party applications such as Ad-aware or Spybot S&D? (highly recommended)

When you said you added trains.com as a trusted site, was that in NIS or Internet Explorer? If you don't mind, remove the site from the list of trusted sites and see if this comes up again.

Doing some digging around, here are a couple of things I came up with.

Some ISPs use the same ports as Trojans
Be aware that some Internet Service Providers (ISP's) may use some of the same ports that Trojans use to monitor whether or not your Internet connection is in use. This activity may be causing the Trojan alerts if they seem to happen at a regular interval, or on a regular basis. If you think this is the case, and a security scan does not detect any Trojans, you may click the "Do not warn me again" checkbox on the alert. This prevents any future detections of this event from creating pop-ups. The activity is still logged in the NIS log files.
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2001012308470736

You see an alert for a Trojan Horse when you connect to an FTP site
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2002012210484436
  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Wednesday, August 11, 2004 3:01 PM
Hey guy's I got hit too! ,,,And I'm down for the count,.
When I turn my computer on all I get is a black screan,It wount boot up.
I'm talking to you from a friends computer, I saw CheifEagles mention this morning and it wasn't long untill I was Dead in the water,,,,,My norton didn't catch it untill it was too late I guess.
  • Member since
    January 2001
  • From: US
  • 1,431 posts
Posted by Bergie on Wednesday, August 11, 2004 2:12 PM
Hello,

I did receive your e-mail this morning (which, by the way, is the best way to alert us about concerns like this... not via a post that we might not see). I've forwarded to our online department to look into it.

I also run Norton (at home) and never get warnings regarding our site.

If I hear anything, I'll let you know.

Erik
Erik Bergstrom
  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Wednesday, August 11, 2004 12:52 PM
Thanks HighIron2003ar. I'm no computer person and I trust Norton. Thanks again for the info. My spam and etc has gone [once in a while one slips thorugh and you can put future block on it] since I upgraded to Norton 2004.

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Wednesday, August 11, 2004 12:24 PM
I went thru Symantec's information about Netbus. I usually do not put sites in my "trusted zone" and just visit. I probably would not expect a reply for some time if at all.

I think this is a tool that is run on the server itself by a person who wants access into it. Your sending the email may have been enough (with others?) to alert the admin and they can run procedures to close this problem.

I am happy the site works and there are no alerts going on on my Norton.
  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Posted by ChiefEagles on Wednesday, August 11, 2004 11:30 AM
Still no answer. ???? I sent them an email about that this AM.

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

  • Member since
    February 2004
  • From: Rolesville, NC
  • 15,416 posts
Site Administrator:: Norton Internet Security blocked this site at 6:58 AM// Trojan Horse attempt.
Posted by ChiefEagles on Wednesday, August 11, 2004 6:50 AM
I could not post or view anything. I have added you as a trusted site but should I?
Details:
Berbee Information Networks Corp
455 Science Dr.
Madison WI 53711
Tech name: Stahr, James
Phone 1-608-288-3000
Email: stahr@binc.net
IP Address: 64.73.42.2
NetBus Trojan Horse

What about this??????

 God bless TCA 05-58541   Benefactor Member of the NRA,  Member of the American Legion,   Retired Boss Hog of Roseyville Laugh,   KC&D QualifiedCowboy       

              

Join our Community!

Our community is FREE to join. To participate you must either login or register for an account.

Search the Community

FREE EMAIL NEWSLETTER

Get the Classic Toy Trains newsletter delivered to your inbox twice a month