#33 ShockRave Worm Intrusion

open
nobody
None
7
2006-01-22
2005-09-03
Damian Parker
No

Yo!

Ive been using Dorgem for about 2 days now on Windows
XP. Tonight literally just a few minutes ago my Norton
Anti-Virus pops up and says its detected and blocked a
Internet Worm Intrusion attempt ShockRave something or
other and listed Dorgem as its gateway onto the machine.

Has this been heard of before?
Should we Dorgem users be worried?

Discussion

1 2 > >> (Page 1 of 2)
  • Damian Parker
    Damian Parker
    2005-09-03

    • summary: ShockWave Worm Intrusion --> ShockRave Worm Intrusion
     
  • Frank Fesevur
    Frank Fesevur
    2006-01-03

    Logged In: YES
    user_id=169016

    I assume this is a problem with Norton AV

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-03

    • status: open --> closed-invalid
     
  • Damian Parker
    Damian Parker
    2006-01-03

    Logged In: YES
    user_id=458483

    Unfornately not, after reading through some other google
    results it seems there is a hole in this software. As its
    happened to numerous others.

    Fortunately for me Im back on Gentoo and have no need to use
    this.

    Norton detected the virus incoming, and listed Dorgem as its
    medium onto my system.

    Cheers

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-04

    Logged In: YES
    user_id=169016

    Then I'll re-open it.

    When I google "shockrave dorgem" I don't get any hits, so
    could you provide some extra information.

     
  • Frank Fesevur
    Frank Fesevur
    2006-01-04

    • status: closed-invalid --> open
     
  • Damian Parker
    Damian Parker
    2006-01-20

    Logged In: YES
    user_id=458483

    Ok, Its taken a while to get a system re-loaded with Windows
    XP. We have Windows XP and Norton Anti-Virus 2005 using the
    latest updates. Bearing in mind this also happened
    previously with Norton 2003 on the original bug reporting.

    Security Rule: Default Block FTP99CMP Trojan Horse
    Date: 20/01/2006
    Time: 20:15
    Path: c:\Program Files\Dorgem\Dorgem.exe
    Filename: Dorgem
    Direction: Inbound
    Local Address: All local network adapters
    Local Port: 1492
    Protocol: TCP

    Dorgem is connected to a Creative Labs Webcam for Notebooks.
    FTP uploading to 192.168.10.1

     
  • Damian Parker
    Damian Parker
    2006-01-20

    • priority: 5 --> 7
     
  • Damian Parker
    Damian Parker
    2006-01-20

    Logged In: YES
    user_id=458483

    Just got another one up:

    Security Rule: Default Block SubSeven 2.1/2.2 Trojan Horse
    Date: 20/01/2006
    Time: 22:06
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 2774
    Protocol: TCP

     
  • Damian Parker
    Damian Parker
    2006-01-21

    Logged In: YES
    user_id=458483

    And another:

    Security Rule: Default Block SubSeven 2.1/2.2 Trojan Horse
    Date: 21/01/2006
    Time: 00:11
    Path: c:\program files\dorgem\dorgem.exe
    Filename: Dorgem
    Direction: inbound
    Local Address: All local network adaptors
    Local Port: 4267
    Protocol: TCP

     
1 2 > >> (Page 1 of 2)