I FINALY GOT A SCREEN SHOT OF YOUR TROJAN YOU UPLOADED TO MY COMPUTER :razz: :razz: :razz:





THIS IS WHAT HAPPENS SOMETIMES ON YOUR SERVER AND BO'S
DO YOU THINK THE NORTON SETTINGS NEED ADJUSTING?

if the image didnt work this is the url

http://www.home-of-the-one.co.uk/html/home2.html

it says its blocked i wouldnt change the settings

Dark :roll: :roll: :roll: :twisted: :twisted: :evil:

I have gone to www.SARC.com to look it up and find out how to get rid of it if it's there. I checked my main PC that I paly with and it is clean. I am checking the server now. OK, just finished running a full scan using the latest dat files and on both machines I came up empty. There isn't any indication that it is infected when I look for the indicator SARC mentions as well. I think you are getting a false positive there sir. DM said it good too in that it said it blocked it which is exactly what you want it to say. I'll get some more info in a few minutes.

This is what it said at SARC:




Scan your computer with Norton AntiVirus.
Restart your computer in MS-DOS mode.
Delete any files detected by Norton AntiVirus as DeepThroat.Trojan.
Restart the system.
Edit the Windows registry using Regedit.exe. Go to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

On the right side of the window, look for the registry entry with SystemDLL32 as its name field. Right-click SystemDLL32 and click Delete.
Restart the machine again, look at the registry, and make sure that the Trojan horse did not reinstall itself.


OK then. That's all great but none of the above was true for me so I have done nothing. If you chose to check your machine using these settings, don't come to me if it doesn't start again. I don't have this issue so I haven't been able to try this myself. If you do any of the above, YOU DO IT AT YOUR OWN RISK! I'll post again as soon as I learn a little more.

One, I too have seen this one when I used to use Norton's firewall software; the deepthroat trojan is not on your PC. The firewall is simply seeing that their is a request on a port known to be used by that trojan. I would disregard it, or open the port if it is affecting your gameplay(but leave the AV software on!).

Hey one,

Let's see what the rest of your desktop pic looks like, lmao!!!

whoooowwaa i wasnt being funny or anything herm its just the first time i have remembered to do a screen shot of it i didnt think there was anything dodgy going on.
when i get this warning all that happens is i get kicked from the server and it wont refresh in the list i have to reboot and start the game again its not a problem :oops: :oops: :oops:

Final conclusion:

I have tried to update my virus software but it was already totally up to date. I ran a full scan and found nothing. I updated ad-aware and ran it. It found stuff but that was only cookies. I updated and ran SpyBot and it found a couple of items but nothing worth mentioning. (note, they had a new update released today).

What I do to make sure this doesn't happen to you:

1 Hardware Firewall
2 Software Firewalls
1 Auto-Updating AntiVirus
2 Anti-Spyware Tools
1 Bottle of Holy Water
Nightly Prayers

I have to rack up this to a false positive as far as the "Trojan Detected" warning. I imagine that this error would happen everytime you stop playing at CG. My firewall doesn't sound off from the DOS attacks until the second I turn off CG. Then all hell breaks lose as it blockes every computer running UT that is checking server IPs. That's all of them by the way. Then after all of them have tried to connect 3 times, they all give up as they should since it's in the programming to. The ones that don't give up trying are the DOS attacks. There were up to 8 just a month ago. Right now, I only have 1 hitting me constanly. 129,600 times a day to be exact. It actually doesn't hurt a bit because it's ignored. I can't block it because it uses the right ports and sends the right kind of packets. So I set up the game to ignore that IP address in order to keep the server running. Once the server is off and the firewall knows I'm not playing the game anymore, it then starts to block those packets. Either way, I'm OK and so is CG! Peace all.

Thats wierd....

Anyone know about routers?

I don't have that port enabled on my router. Does my router only block incoming traffic? I assumed it monitored both in and out.

How am I connecting to cg?

Your router knows what traffic it is supposed to send out and get back. Hardware firewalls usually don't monitor what goes out as far as stopping stuff goes. It can tell what is supposed to come in. So, if you play UT, it knows to let in UT info and you can connect and play but if you aren't playing UT then it should consider the packets unsolicited and reject or sent them to a black hole. That's why routers don't pass on braodcast storms. If they did, no one would be able to surf the web ever. Someone correct me if I have that wrong but I know it's pretty close to right. Clem?

Cool. I noticed the Norton firewall block outgoing traffic also...thats why I was wondering. I am not up on networking...I can set them up, but my troubleshooting capabilities are limited.

My first encounter with a firewall was Norton security....so I based my assumptions on that....

My next question would be, as you mentioned but just checking....

When I connect to CG, on port 7757, does my router open that port for incoming traffic? Or does it only allow the outgoing? I assume there is incoming traffic......Once I shutdown CG connection, it will disable the port again? Or does the game acutally communicate on port 80?

When you play on CG, your machine most likely opens ports 7777-7787. No matter what ports it opens, it only allows that type of traffic (UDP packets) with UT tags on them in and out. So, if someone sends you a trojan response request for instance and they happen to use one of those same ports, even though they are open for game play, the packet will be blocked by the firewall because it not a UT packet and is considered unsolicited. If your PC isn't asking for the info, then it will reject any other packets that come along. Port 80 is the default port for webcontrol. In the game, it uses TCP instead of UDP. It's what I use to remote into the game to kick a player for instance or to send everyone one of those messages that look like this:

Admin: Hey everyone! What's up?

At that moment, I'm not actually in the game at all but I can see who's playing and what is being said. I can change any attribute to the game from that console. It's really very sweet but I wish it would let me spectate too.

Once you're done playing, no more packets of any kind are allowed to use any of the above mentioned ports and all info sent to them will be rejected unless another program has requested info using one of the same ports. Hope that explains it a little.