After allowing some careless family members to use my computer I have been stricken by a multitude of virii.

My antivirus (EZ trust antivirus) does not delete them and I cant find them through a manual search to do it.

These are them:

\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7sniffer.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/matrix.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/icqpwsteal.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7advanced.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7capture.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun1.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun2.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7takeover.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7keys.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7moreinfo.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7passwords.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7scanner.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>server.exe - Win32.SubSeven.AM trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP contains infected files.

Please someone tell me how to get rid of them the right way.


Thanks

try using hosecall.trendmicro.com its a free online virus scanner, and it works damn well.

All of thse appear to be installed with subseven - from what you've posted it appears you have several different variations of the trojan - here's the search page on symantec.com for the different varieties and their removal instructions:

http://search.symantec.com/custom/us/query.html

Good luck and hope that helped!

I'd recommend booting into Safe Mode (F8 at boot screen) and manually removing the ZIP file. Since it's just detecting these in a ZIP file you may not be infected...but more investigation would be needed to determine that.

After removing the ZIP file, scan the whole PC (while still in safe mode) with your anti-virus scanner --it *is* up-to-date signatures-wise right?

Things to check/do:
* Boot normally and run _netstat -an_ (assuming this is a Win2K or XP box). Review list of IPs in Foreign Address column to see if PC is connecting to any Internet IPs that you dont recognize. Also look at the port number (which is after the colon). SubSeven could run on many diff ports but the default is 27374 and 27573. Check here for list of ports http://andrew.triumf.ca/ports/sophos.html
* Symantec has instructions here on how to remove SubSeven: http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html#removalinstructions
* Boot into Safe Mode with Networking and scan with Internet-based anti-virus scanner:
Symantec has one http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Trend Micro has one http://housecall.trendmicro.com/

Hope this helps. Good luck.

KISS = KEEP IT SIMPLE STUPID

Every file you listed was "\Local Settings\Temporary Internet Files\Content.IE5" so why don't you simply empty your temporary internet files and be done with it?

Now you probably have some more that are not showing in your temporary files and after you empty your temporary internet files and cashe, I would run something like Trend 'Housecall' to remove the rest.

BlackIce I hope you don't mind if I take your link...

http://********firefox.com/
"Content.IE5\"
Whats that? Haven't seen that in years. :)

Get Firefox, perfered by most -- secure (for the most part).

Cheers

Hey Hey,

First off: Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"... BULLSHIT!... smart computing practices fix your problems.... Firefox has a cache, Netscape has a cache.. every browse these days has a cache.... He's most likely accessed the file at some point for it to be in his Temporary Internet files... don't blame IE for stupid users... and stop pushing Firefox... you're as bad as people that push Linux as a fix to Microsoft.... it's not relevant...

Anyways... now that I've ranted... clear the cache like moxnix said....

The other thing I'd recommend is getting rid of your AV... and replacing it with something better... We use eTrust in our corporate environment and since switching from Norton to it (gotta love when cost plays a roll) we're constantly being infected by viruses.... I've ran tests that show eTrust to be rather awful... out of my office (since we work on individuals computers)... we offer eTrust (we have it licensed for them) and AVG Free .... everyone wants AVG.... from the most experienced computer users to the ones that say my roommate got eTrust and she's got viruses now...

Basically someone in your house downloaded subseven... They clicked the open button... and it was saved to your temp files.... they opened it looked at it and closed it.. now the zip is till there... it's really not too much of a concern... I have friends that collect viruses, as long as they're zipped it's no big deal... btw it is viruses... not virii.. there have been several discussions on here regarding that topic..

As for your multitude of viruses, you don't have a single virus... You've got one Trojan and the associated files about it.... it's not really the end of the world... clear your Temp files... install real AV and run a scan... you'll be good to go.

Peace,
HT

I never said IE wasn't secure, for the most part it is if you know what your doing. This is the new age, FireFox has something new, something secure (AGAIN for the most part).

All I was doing was recommending, either you take it or you don't.

Obviously Firefox can't protect aganist anothers downloading habits.

Now as for a(n) AV I prefer Symantec.
We all differ in preference...

Cheers

If you're running XP don't forget to turn off the system restore prior to cleaning!

Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"...

Never once have I said Firefox will fix all the problems. I support it and push it because it beats the living hell out of MSIE, plain and simple. There are certain sites I still need to use IE for, but they're becoming fewer and fewer - MS Update and a scant few others Mrs. |ce needs. I show the link and logo in my signature because I'd dearly love to see FF become the industry standard rather than the exception - perhaps then MS will get off its bum and fix the things in its product that have been needing repair for 10 years now.

IMHO,
both IE and FireFox have pros and cons, but I think that the user is to be blamed in the first place. A Powerful weapon in an idiot's hands worths nothing, and a needle in a clever man's hands acts like a sword.

We have to stop blaming programs. When finding Bugs or vulnerabilities only then we can blame these programs, am I right?

Black Cluster - Coders gave up most of their rights to blame the end (l)users when 'idiot proofing' was invented. This doesn't mean it's not a fun thing to do, it simply means that having educated, intelligent users is an ever-elusive Utopia. Gates recognized this, and took most of the computing power away from the (l)users with Windows. With each new upgrade or release of new MS software, the end user actually loses more direct control of what he can do with his computer versus the traditional command line os's.

Unfortunately for MSIE users, Gates *still* hasn't recognized that after he took all of that power away, the responsibility fell to him to fix all his security issues as well in each and every product MS produces (yet another nearly impossible task if you're from the same old school I'm from).

Having the hard core 'supply and demand' 'dog eat dog' business kinda mindest I have, I firmly believe that stout and serious competition will be just the trick to force Gates to get the problems fixed. This is the primary reason I use and recommend FireFox. My secondary reasons are every bit as important as the first; that some (not all) of the security issues which exist in MSIE (specifically activex but others as well) do not exist in FF, nor will they, and that FF 'blows away' MSIE in usability with tabbing, extensions, ease of use, and a host of other things MS hasn't yet considered adding to its antiquated and vulnerable browser.

I'll end posting about FF here - it's turning into too much of a commercial and less an informative thread.

You cant find them with a search because they are hidden!!
By default local settings temp internet files are hidden. In explorer click tools> folder options>view>show hidden files and folders.

Then navigate to that directory select all and delete.