Forums Connection Issues Spybot Keylogger Commands

I started getting this yesterday. I'm logged into a irc server when during time that can span from several minutes to hours my norton firewall gives me Spybot Keylogger Commands alert and blocks off mIRC and mIRC gives me

[10053] Software caused connection abort

error, after that I could connect again and the same issue then repeats itself.

My first conclusion was that I must have been infected with some virus so I ran several antivirus, bot and spyware removal tools and all returned zero infection results.

So I connected back on and now I hear that some of my friends are getting this issue as well.

I read from symantec page about this alert and it has an interesting statement that says:

Possible False Positives
This signature will trigger if bot specific commands are embedded in normal IRC conversation.

Well that could be the case, my other theory is that there is some infection of this virus running around and it tries to infect other irc users and when it tries to infect me my firewall blocks it and at the same time disconnects me from irc server.

Anyone have any information on this case or instructions on how to resolve this?

Lots of people are having some form of childish "fun" at the moment by using certain key words in IRC channels. If people say these words, Norton triggers and closes mIRC.

You can either hope that Symantec fix the issue, or disable Norton antivirus.

Regards,

What I don't understand is that if the mIRC client is in the allowed list of programs etc. Why would nortons react?

-Andy

Norton (aka Symantec) can be a complex and interactive set of protection programs. Sometimes they'll update one part of that set, but not have the correspoonding updates for the other parts, so you get a program (mIRC for example) being alllowed under, 3 out of 5 parts (again example only) of Norton, that still means that those other 2 parts are going to recognize that mIRC is being used, but they don't have anything in them (yet) to tell them that it's OK.

That's as simplistic as I was able to make the official response from Symantec when I queried them about the same thing. Their response is nearly 10 pages in length.

man u mean it took them 10 pages to say "look were slackers, and havent updated all our software ok?", If only they put as much effort into the software updates as they did into the reply you got!

PS: I use NAV/NIS coperate addition, and guess what, It dont have the problem. I guess all the homeys pirating it kinda made symantecs not care that much about them. <snicker snicker>

Two possibilities: 1) They put more effort into responding to my request than in fixing their software (which wouldn't surprise me any), or 2) (and this is scary) they put as much effort (or more) into fixing the software, than they put into answering my request, and they still have problems.

I don't have the finances nor the need for a corporate edition, but what I use (and it does have that problem occasionally) is Norton SystemWorks Premiere 2006. And it's not a pirated copy.

This is a know exploits related to a bug in Norton Firewall

This bug can be repaired by going within Norton :
-> Intrusion detection
-> configure tab
-> advanced tab

Then, uncheck Spybot keylogger commands.

This will fix your problem.

Cheers

If your running Internet Security Pro 2003, you can also fix the bug :
-> Intrusion Detection
-> Configure
-> Intrusion Detection Signatures (that square icon)

Go down the list till you run across the SpyBot Keylogger commands, then Exclude it. Nothing worse then people purposely kicking you off the network and you can't deal with frustation (head injury). Hope this helps.