Hello, I am using McAfee Internet Security on a Windows XP Home Service Pack 3.
When I was checking my Yahoo Email and I was done. There was a Incoming Event in my Histoy and Logs of McAfee. The event was by the ip address 188.8.131.52 and it was trying to access my computer's TCP Port 2155 or Illusion Mailer Trojan, was the name of the port listed in the logs.
Does this mean that this ip address was trying to using this trojan on my computer? Or was it trying to scan my computer for this Trojan as I remember that it also said that this computer has scanned your computer for this trojan, but it was blocked by my firewall.
Also, is there any McAfee Threat Intelligence report on this Trojan. I tried searching for Illusion Mailer and got nothing.
Those are blocked attempts and in that case it's one that is commonly used by that trojan, so no need to be concerned as they are there simply to illustrate what is being blocked. We all get such attempts except people behind corporate firewalls perhaps.
I think the McAfee alias for that is different, try this: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=496679
That is great that it was blocked. But why does McAfee say that the computer at 184.108.40.206 scanned my computer for this trojan. Does this mean that ip address was checking to make sure I'm clean or was it this ip address tried to infect me.
Also, I doubled checked and this ip address was just accessing port from 2150 to 2159 in this order: 7,6,5,0,1,2,3,4,8,9.
Not only that but why would this ip address try to make an incoming connection when I was checking my Yahoo email? The ip address was 220.127.116.11 trying to access TCP Port 2142. When I typed in the ip address into a browser it took me to something called YQL Console. Can you help me with this, this is weird I have never heard of this Console or used it in Yahoo mail.
Well that IP is Yahoo - so possibly something to do with your email provider/ISP. Maybe they are testing everyone's lines to locate the source of this trojan.Message was edited by: Ex_Brit on 09/01/12 5:35:51 EST AM
I have a similar entry in my logs, but the IP address of the sender shows it to be Internap Network Services Corporation. Could it be a regular check when you go to certain websites to make sure that you're not infected with the Trojan?
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: