×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theflyingmonkey
Former Member
Message 1 of 6

Illusion Mailer Trojan

Hello, I am using McAfee Internet Security on a Windows XP Home Service Pack 3.

When I was checking my Yahoo Email and I was done.  There was a Incoming Event in my Histoy and Logs of McAfee.  The event was by the ip address 216.115.97.236 and it was trying to access my computer's TCP Port 2155 or Illusion Mailer Trojan, was the name of the port listed in the logs.

Does this mean that this ip address was trying to using this trojan on my computer? Or was it trying to scan my computer for this Trojan as I remember that it also said that this computer has scanned your computer for this trojan, but it was blocked by my firewall.

Also, is there any McAfee Threat Intelligence report on this Trojan.  I tried searching for Illusion Mailer and got nothing.

5 Replies
exbrit
MVP
MVP
Message 2 of 6

Re: Illusion Mailer Trojan

Those are blocked attempts and in that case it's one that is commonly used by that trojan, so no need to be concerned as they are there simply to illustrate what is being blocked.  We all get such attempts except people behind corporate firewalls perhaps.

I think the McAfee alias for that is different, try this: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=496679

theflyingmonkey
Former Member
Message 3 of 6

Re: Illusion Mailer Trojan

That is great that it was blocked. But why does McAfee say that the computer at 216.115.97.236 scanned my computer for this trojan. Does this mean that ip address was checking to make sure I'm clean or was it this ip address tried to infect me.

Also, I doubled checked and this ip address was just accessing port from 2150 to 2159 in this order: 7,6,5,0,1,2,3,4,8,9.

Not only that but why would this ip address try to make an incoming connection when I was checking my Yahoo email? The ip address was 98.139.43.115 trying to access TCP Port 2142. When I typed in the ip address into a browser it took me to something called YQL Console. Can you help me with this, this is weird I have never heard of this Console or used it in Yahoo mail.

exbrit
MVP
MVP
Message 4 of 6

Re: Illusion Mailer Trojan

Well that IP is Yahoo - so possibly something to do with your email provider/ISP.    Maybe they are testing everyone's lines to locate the source of this trojan.

Message was edited by: Ex_Brit on 09/01/12 5:35:51 EST AM
Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 6

Re: Illusion Mailer Trojan

I have a similar entry in my logs, but the IP address of the sender shows it to be Internap Network Services Corporation.  Could it be a regular check when you go to certain websites to make sure that you're not infected with the Trojan?

exbrit
MVP
MVP
Message 6 of 6

Re: Illusion Mailer Trojan

It could well be.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community