Reply
Regular Member
Posts: 378
Registered: ‎12-21-2016
Kudos: 42
Solutions: 7

Re: IPS Alert 1: A Network Trojan was Detected

same here today.

 

My iPhone is suddenly causing this alarm

Message: IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE Suspicious User-Agent (1 space). From: 192.168.2.189:64309, to: 203.205.143.155:8080, protocol: TCP

 203.205.143.155 (AS132203 Tencent Building, Kejizhongyi Avenue)

 

iPhone is running latest OS, not jailbroken

There is not much troubleshooting possible on an iOS device, but I suppose it is a false positve.

New Member
Posts: 1
Registered: ‎06-19-2017

Re: IPS Alert 1: A Network Trojan was Detected

[ Edited ]

I get this alert any time I run registery clean up with CCleaner 5.43.6522 (64-bit). 

Scan your CCleaner.exe. For me it came up with 

Trojan.Droma.Win32.1366

https://www.virustotal.com/#/file/e0c16136c81498b8b0cc05075b5de3fa007dec878839db7fc7f8d492d7ade5a5/d...

Regular Member
Posts: 378
Registered: ‎12-21-2016
Kudos: 42
Solutions: 7

Re: IPS Alert 1: A Network Trojan was Detected

thanks, but the device was an iPhone. So no .EXE files.

 

Anyway, the alerts did not come up again... I hope it stays that way

Established Member
Posts: 1,357
Registered: ‎08-20-2012
Kudos: 700
Solutions: 15

Re: IPS Alert 1: A Network Trojan was Detected


@jpigott wrote:

my daughters IPad (not jailbroken) is doing the same thing. She is using the app Music.ly and I think this is causing it. The IP is showing in China as well.

 

Site: Default

Message: IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE Suspicious User-Agent (1 space). From: 192.168.88.136:52461, to: 119.29.29.29:80, protocol: TCP, on interface: eth1

 

Would be nice to know more about the signatures to know more about them.


I got the same thing with my daughters also not jailbroken iPad:

IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:55063, till: 119.29.29.29:80, protokoll: TCP	09:00 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:55060, till: 119.29.29.29:80, protokoll: TCP	09:00 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:55044, till: 119.29.29.29:80, protokoll: TCP	08:58 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:55027, till: 119.29.29.29:80, protokoll: TCP	08:56 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:55006, till: 119.29.29.29:80, protokoll: TCP	08:55 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54994, till: 119.29.29.29:80, protokoll: TCP	08:54 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54966, till: 119.29.29.29:80, protokoll: TCP	08:52 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54962, till: 119.29.29.29:80, protokoll: TCP	08:52 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54937, till: 119.29.29.29:80, protokoll: TCP	08:48 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54912, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54872, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54869, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54868, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54871, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04	
IPS Varning 1: A Network Trojan was Detected. Signaturen ET MALWARE Suspicious User-Agent (1 space). Från: 192.168.10.201:54870, till: 119.29.29.29:80, protokoll: TCP	08:46 pm	2018/08/04

I have not had any alerts from this iPad earlier in this way and she has not installed anything the actual evening either.

 

New Member
Posts: 22
Registered: a month ago
Kudos: 3

Re: IPS Alert 1: A Network Trojan was Detected

Same here as @rdahlin from an iPhone. Happened 1st time today x4.
Highlighted
Emerging Member
Posts: 60
Registered: ‎08-08-2013
Kudos: 9
Solutions: 2

Re: IPS Alert 1: A Network Trojan was Detected

 


@okolgroup wrote:

I'm getting the same alert, however, it says it comes from 192.168.1.190 but there is no client in the network with that address!


I am also seeing this alert, but with no client matching the local IP??

New Member
Posts: 1
Registered: Friday

Re: IPS Alert 1: A Network Trojan was Detected

Was there any resolution to this? 

 

I had a coworker who runs wechat on his phone flagged for connecting to 203.205.219.139:8080 which may actually just be legitimate traffic.

 

Would that make sense in your case? 

 

How do we find out more about the particular connection, is there a way for the IDS to actually look at the content and judge based on that, or does it just flag because of a connection to such a port which could be anything, benign as well

New Member
Posts: 3
Registered: ‎04-05-2018

Re: IPS Alert 1: A Network Trojan was Detected

I would suspect that the users have WeChat installed on their device which goes to Tencent.  I'd simply ask to confirm if this is correct.  I am seeing this from my network quite a bit (as I host students from various countries from time to time including China).

 

 

--------------------------------------------

USG Pro-4 v4.4.22.5086057

Controller v5.9.22.0 (beta)

UAP AC Pro v3.9.47.9228 (beta)

UniFi Switch 16 POE-150W v3.9.42.9152

Regular Member
Posts: 378
Registered: ‎12-21-2016
Kudos: 42
Solutions: 7

Re: IPS Alert 1: A Network Trojan was Detected

Hi @johncrowe, at least for me I can confirm that I have WeChat installed (from official Apple IOS app store, of course :-)

New Member
Posts: 3
Registered: ‎04-05-2018

Re: IPS Alert 1: A Network Trojan was Detected

Thanks for confirming @mbrust. Seeing WeChat traffic through to Tencent from the following IP addresses : destination port numbers in my logs:

203.205.128.110 : 8080
203.205.219.139 : 8080
203.205.143.155 : 8080
Reply