Thanks Mate will look. But how come its just started this type of behavior??

Scanned all service ports up to 1056. No problems. I think Messenger service is disabled never used it where is it

Both downloaded, both were enabled, now disabled, re booted and after a minute of loging on the Trojans back, the alerts come every minute. Have not found that other disable alert thingy yet. Looks like i'm stuck with it. No figure though.

That''s a good idea Stephen...I forgot all about you have that option in dial up.....

Brian, #1 : you''re safe. #2 : there should be a setting to disable that icon from flashing.....it''s been so long that I used Norton, I just can''t remember where it''s at. You could just hide the icon in the system tray, then you''ll know it''s running and, more importantly, you won''t see it all the time.


[Message Edited]

Norton 2004 auto blocks a site which is seen to attempt to run an invalid script or to attempt a TCP/IP attack for 30 minutes, you can over ride it in the configuration, over all or ively.

I would suggest ive.... just because

Increased scanning of 5000/tcp
added May 18
US-CERT has received reports of scanning activity directed at port 5000/tcp. This port is used by the Microsoft Windows Universal Plug and Play service (UPnP). Some of this activity can be attributed to two worms: W32/Bobax and W32/Kibuv. These worms scan for systems with port 5000/tcp open to identify machines running Windows XP (which enables the UPnP service by default), prior to attempting to exploit these systems.

Now see if i've got this right. These two ground crawlers are hitching a lift in the Trojan, Sokets de trios v1, to bombard my port 5000 (the firewall confirms this) to stuff up my puter. I'm safe because i'm behind a firewall and the three disabling programs i downloaded. Also because i've run a security check on ALL port to confirm i am in full stealth mode. Some lowlife somewhere is making these bullets and firing at ramdom for kicks or financial gain?

Acording to reports i've read there is very high activity in port 5000 taraffic. Thanks Deborah I did a little reading

Have i got the gist of it

yrag likes a good bumpin'..

Yes, you have a good understanding of what is happening and what isn't. Norton, unlike most, is just telling you that it was blocked. The one thing you have to remember is that it's only telling you that, not the scanner. When you run in full Stealth, for all intents and purposes, nothing scanning the internet knows you're there. If, on the other hand, Norton was to react to the actual scan (other then the alert to you) by bouncing it back to the source then the scan would know your presence...have I confused you enough?

No setting...a good firewall is set that way as a default. The idea (and it's a good one) is that a scanner can't scan what it can't find.....

A little paranoid, are we...

If all your ports show "Stealth" you're good.


yrag thinks you need to move on....try playing with something else for a while

Thanks Yrag ,but it was fun while it lasted. Now about Symetrix you emailed me. (joking only joking)

I'm late to the party, sorry, so don't flame me.

If you just started getting the trojan notices, I would delete the internet cache if I were you. Sometimes, a bad cookie could cause such problems. I would also run Spybot to make sure you haven't got a malicious file of some sort.
You may also want to delete all your cookie authorizations in NPF. Just in case you authorized a malicious activeX. Its really easy to delete all the cookie authorizations. Just manually delete one and then hold down the enter button and it will delete the rest.