TR Forums

While browsing lazily through PC-cillin 2002's features, I stumbled upon a personal firewall log which logged two instances of Deep Throat trying to send a message through.
I checked Deep Throat out, but the websites all said something about it infecting Win95, 98 and ME versions of Windows only. BTW, the files listed on the website that should be removed are not found in my system directory!
Help will be appreciated very much!!!!!

Well, it did say 'try' to send messages through. If you haven't been visiting dodgy sites or downloading and executing viruses of late, there shouldn't be a problem.

Probably someone was probing your ports and tried to hack into it.

It's important to know whether the communication attempts were inbound (someone on the net trying to send packets to your machine) or outbound (something on your machine trying to "dial home"). If they're inbound, it sounds like your firewall is blocking and logging them, so no big deal. Lots of idjits use vulnerability scanners to try and find exploitable boxes. As long as your firewall is handling it, don't sweat it.

But if they're outbound packets, something on your machine is possibly trojaned. I say "possibly" because sometimes regular communications happen to occur on ports that are known to be used by trojans. This seems less likely since one would expect that a firewall/antivirus package that recognizes the trojan ports should alert you to an app that is a trojan or has been compromised. It also seems likely that there would be more than 2 logged instances - it's unlikely that a trojan would simply give up after a couple of attempts.

Yes, see if the log entry indicates what direction the attempted communication was going -- inbound or outbound. As a guess, it is probably just someone else with an infected machine, that is randomly probing blocks of IP addresses for additional vulnerable PCs to infect.

It said out, that means it's an outbound packet. I'm scared. Would Kazaa have anything to do with this? (it's always trying to send out from port 1214, and Kazaa uses 1214).

It's most likely a coincidence. Kazaa sent out some packets that looked 'Deep Throat-like'. If you're really worried, fire kills all virii. Apply it directly to the hard disk's platters for greatest effect.

brings out flamethrower...