AceBIT

When transferring files or using the folder synch tool NAV will report blocking worms and trojan horses. I am using the program to manage a website hosted by 1and1.

Are these messages correct or is NAV mis-identifying a valid FTP operation as a threat? How do I stop the messages if they are not valid?

Thank you.

Hello,

we never heard from such an issue. Which exact message does NAV 2006 reports if you are trying to sync folders with Wise-FTP?

Thank you in advance!

___________________________
Best regards,
- Acebit Support -

[quote="Julian (AceBIT Support)"]

Which exact message does NAV 2006 reports if you are trying to sync folders with Wise-FTP?

Most of the messages were received during the synch operation but a few were received when uploading a large amount of data. There were 35 messages so far, some of which repeated. Here is one of each message:

Details: Rule "Default Block Ultor's Trojan horse" blocked communication.
Local address: All local network adapters(1234).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Backdoor/SubSeven Trojan horse" blocked communication.
Local address: All local network adapters(Backdoor-g-1(1243)).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block FTP99CMP Trojan horse" blocked communication.
Local address: All local network adapters(1492).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Shiva Burka Trojan horse" blocked communication.
Local address: All local network adapters(1600).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Spy Sender Trojan horse" blocked communication.
Local address: All local network adapters(1807).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Striker Trojan horse" blocked communication.
Local address: All local network adapters(2565).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block WinCrash Trojan horse" blocked communication.
Local address: All local network adapters(2583).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block SubSeven 2.1/2.2 Trojan horse" blocked communication.
Local address: All local network adapters(2774).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Phinneas Phucker Trojan horse" blocked communication.
Local address: All local network adapters(2801).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Master Paradise Trojan horse" blocked communication.
Local address: All local network adapters(3129).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block DeepThroat Trojan horse" blocked communication.
Local address: All local network adapters(3150).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block ShockRave Trojan horse" blocked communication.
Local address: All local network adapters(1981).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block TransScout" blocked communication.
Local address: All local network adapters(2000).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Bugs Trojan horse" blocked communication.
Local address: All local network adapters(2115).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

Details: Rule "Default Block Ripper Trojan horse" blocked communication.
Local address: All local network adapters(2023).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

I have not had any messages in the last few days. The latest entry in the log is:

Details: The user has created a rule to "permit" communications.
Inbound TCP connection.
Local address,service is (******************).
Remote address,service is (************************ *************************).
Process name is "C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe".

(I have obscured the address details. If you want this information please give me a private e-mail address where I can send it.)

Thank you for your response. Please let me know if I can help resolve this problem.

Hello,

it seems like NAV is reporting this because the ports used by Wise-FTP during this operation are also used by this malware programs sometimes.

You can safely ignore this warnings.

_________________________
Best regards,
- Acebit Support -

Thank you for the information. I suggest you add an advice to your documentation or FAQ. Have a happy New Year.

Hello,

Thanks a lot for your suggestion - have a happy New Year as well!

______________________
Best regards
Mirko - AceBIT - Support

Hi,

Almost similar problems: While running WISE FTP 5, the upload to a 1&1 server transfers only empty files. NAV2006 is running and configured correctly, as far as I know. But no file transfer can be performed.
Another freewaree FTP client (Fatstrack FTP) transfers the data, but NAV delivers numerous blockings with warning of trojans intruding.
Personally I would prefer to use my WISE FTP ... any suggestions?

Und nochmal auf Deutsch:
Ich habe ein ähnliches Problem: Während des Uploads auf einen 1&1-gehosteten Server werden nur leere Dateien übertragen, und das mit der Geschwindigkeit einer Schnecke. NAV2006 ist korrekt konfiguriert (soweit ich weiß...), Verbindung zum Server besteht.
Bei der Übertraung von Daten mit einem freeware FTP client (Fasttrack FTP) kriege ich Dutzende von Warnungen über einfallende Trojaner (u.a. Shiva Burka, Backdoor, SpySender usw. - die Liste meines Vor-Fragers kann ich gut reproduzieren...), aber die Daten werden übertragen.
Ich würde lieber das WISE-Produkt nutzen... irgendwelche Hilfevorschläge?
Danke & Gruß!

Guten Tag,


welche Version von WISE FTP 5 nutzen Sie genau? Könnten Sie vielleicht testweise NAV 2006 kurz deaktivieren und Daten auf den FTP Server laden? Tritt dieser Fehler dann immer noch auf? Nutzen Sie zusätzlich noch andere Programme, die die Übertragung stören könnten?

_____________________
Mit freundlichen Grüßen

AceBit - Support -

Hallo,

ich verwende WiseFTP 5.0.2, registrierte Version. Ich verwende außer NAV2006 noch Spybot (nicht-resident), den ich allerdings schon abgeschalten habe, ohne Erfolg. Habe auch die Windows-interne Firewall abgeschalten (die sowieso...). NAV-Deaktivierung habe ich noch nicht ausprobiert, mache ich bei nächster Gelegenheit, wird aber etwas dauern - ich bin sozusagen vom Rechner getrennt (durch einige Tausend Kilometer...). Was hätten Sie denn gerne, vollständige Deaktivierung oder nur den Wurmschutz?

Guten Tag,

wir würden vorschlagen, dass Sie die Software einmal komplett deaktivieren - danach können Sie gerne einzelne Komponenten wieder nach und nach aktivieren. Sollte Norton bei Ihnen auch die Firewall stellen, würden wir Ihnen raten, für die Zeit in der diese de-aktiviert ist, die Windows-Firewall einzuschalten.

______________________
Mit freundlichen Grüßen
Mirko - AceBIT - Support

Hallo,

o.k., mache ich sobald als möglich. Firewall habe ich nicht von NAV.
Gruß