Pamola opened this issue on Aug 10, 2003 ยท 24 posts
sandoppe posted Mon, 11 August 2003 at 11:00 PM
It does indeed sound like a virus. Svc. on XP means "switched virtual circuit" and is related to your network. There is a relatively new backdoor trojan, with a variety of aliases, that may fit your description. Here's some info that I collected from McAfee: Backdoor.Fxsvc (AVP) Troj/Fxsvc (Sophos) Backdoor-AQK: There are several variants of this trojan, and the specific actions taken are decided by the hacker who uses this trojan, so this description is a general guide. "This trojan is a remote access trojan. It targets NT/XP/2000 machines. When run with a command line switch, it installs itself as a service. The service is set to automatic start at system start up. One of the following service names might be used: Windows Help Manager fxSVC Once running on the victim machine, it opens port 33 or 34 and listens on the port. The hacker is able to connect (and administer that machine). The trojan can perform the following activities: System information gathering. Network scanning. SQL server related activities. Symptoms Existence of the service name mentioned above. Unusual/unexpected ports open on machine. (For this trojan, by default this is port 33 or 34). Unusual behavior on victim machine, explainable by unauthorized remote administration." This information on this virus was found at Symantec's site: "Backdoor.Fxsvc is a Backdoor Trojan Horse that gives its author access to your computer. The Trojan is written in Borland Delphi and is packed with UPX. When Backdoor.Fxsvc is executed, it opens a port that gives the Trojan's creator unauthorized access to the infected computer. The Trojan drops server.ini that provides configuration settings, including opening port 34, by default. One of the payloads allows the Trojan's author to remotely shut down the compromised computer." There are more instructions at Symantec for this virus, based on your OS. Plus if you can access the web, and have a subscription to Norton, you should be able to download the virus definitions from their site. If noone else has done so, I'll copy and past your message into the Poser forum. If there's anything else I can do, let me know.