Sub7

[toori5ky]

Can anyone help. someone hacked into my pc with sub7 , i have refomated my pc and done search and found the following files
rg3d03d892.cad rg3d035f1c.cab rg3d03525d.cad rg3d042634.cab rg3d05225f.cab which are user dat files for sub 7 does this mean the person still has access to my pc? and how can i stop them?

[casper3699]

if you reformatted your harddrive then there should be no more files.
do you have a firewall running? Antivirus?

[huntx7]

Hmmm...try moosoft's( http://moosoft.com/ ) trojan cleaner, just to make sure. Get http://www.blackcode.com 's security scane, the trojan scan is on phase 2.

[waytallgel]

Try the cleaner by Moosoft

[glowpurple]http://www.moosoft.com/thecleaner/download.php[/glowpurple]

Greg

[waytallgel]

doh, hunt types faster than me

[alittlebitnumb]

if you reformatted your harddrive then there should be no more files.

Indeed. Did you reinstall a program that has the infection? That is the only way I can think to have reformatted and got a reinfection. DAT files and CABs alone cannot let the intruder back in, it's the server that lets them in. However, I can understand after being hit with something like that one becomes a bit awry about things.

As with all compromises like this, take deep breaths and do not panic. Sacn with the Cleaner as these good folks have said and run netstat -a to see if the server is still listening. I doubt it is, but it's better safe than sorry.

Good Luck

[toori5ky]

Many thanks..

[Manic Alex]

I tend to find the Symantec online utilities offer many boot programs for trojan/worm removal that do work.

Try: http://securityresponse.symantec.com...ools.list.html

They also offer tutorials for manually removing nasties.

A reformat does not necessarily remove every file on the drive, especially binaries.

Hope this might offer some help...

[{P²P}Apocalypse]

Did you do delete the primary DOS partition, then do an FDISK /MBR? After that create a new primary DOS partition and then reformat?