sub7 question/story
Results 1 to 9 of 9

Thread: sub7 question/story

  1. #1

    sub7 question/story

    this post is mainly for humor and a good laugh for all the advanced computer users out there but this was a traumatizing event for me. well this is how the story goes:

    i am at my uncles house playing around on the computer so i try to put the famous sub7 server file on his computer. i was too scared to run it on his so i figured his was the perfect experiment computer. so i ran it and things went bad from there. i started getting fatal errors and the blue screen of death. so i closed the computer down. from then on, everytime i would start the computer i would get this message : "Windows is protected. Please Restart your computer" i would then press ctrl - alt -del and it would bring back a screen that says, safe mode failed to load please select another mode. and i would just press 1 for normal and the computer would load and it would execute the file i had set in the server file for subseven. so i thought hmm this will never do, the computer runs so slow now, so remembering some posts i had read on here, i went to www.moosoft.com and downloaded their cleaner for trojans.

    I did the scan and it returned two trojans(BDE and SubSeven)...(BDE i later found out was used in Kazaa for something or other).. so i cleaned subseven from everything and restarted the computer. this time i started getting errors saying that the "C:WINDOWS\SYSTEM\SYSTEM dir does not exist" that is the directory the subseven has setup in. along with several other error messages for the same type problem. well i went to the registry and deleted the key named SubSeven and anything else that had subseven on it.

    the next step was changing the win.ini file back to where it should have been. (i was getting errors for it trying to access something that wasnt there) so i fixed that and things were good. i would not get any error messages on startup or anything like that.

    BUT THE PROBLEM: the computer could not start 3 times in a row without getting the "windows is protected message"on the 4th try. does anyone know why this may be? please i am asking if anyone knows the answer.

    ...the end: i ended up having to reformat the entire computer but hey, its better now than it was before so who can complain??

  2. #2
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Well , Possibly by a bug in the servers code , the server might have screwed up something in the autoexec.bat file , which might have displayed the "windows is protected" , but usually that happens if there is an antivirus engine running , and it causes the system to hang.I really dont associate with trojans but thats all i can say
    -N
    "Serenity is not the absence of conflict, but the ability to cope with it."

  3. #3
    Banned
    Join Date
    Apr 2002
    Posts
    82
    I use to be infected with that sub7, but I didnt get the same errors. The weird part was that I was running NAV 2001 and Zonealarm, thats why i switched over to 2002 - hoepfully this one catches everything.... It's good to get an anti-trojan with NAV because it would save you some problems. Anyway, with your story, you learned new things. I did that with my friends comp. and with his permission!..........he believed he cleaned himself, but that same year he had to format his HD twice cause he got another sub7. With that he had about 20 more viruses/trojans that was undetected by the norton (2001 or 2002) he was running. Imagine what could have happened..... Always a bad idea to mess with something you don't know.

  4. #4
    Banned
    Join Date
    Jun 2002
    Posts
    23

    Talking

    i am at my uncles house playing around on the computer so i try to put the famous sub7 server file on his computer. i was too scared to run it on his so i figured his was the perfect experiment computer. so i ran it and things went bad from there. i started getting fatal errors and the blue screen of death. so i closed the computer down. from then on, everytime i would start the computer i would get this message : "Windows is protected. Please Restart your computer" i would then press ctrl - alt -del and it would bring back a screen that says, safe mode failed to load please select another mode. and i would just press 1 for normal and the computer would load and it would execute the file i had set in the server file for subseven. so i thought hmm this will never do, the computer runs so slow now, so remembering some posts i had read on here, i went to www.moosoft.com and downloaded their cleaner for trojans.
    I learned from my own personal experience don't mess with Sub7 Trojans = L@/\/\'

  5. #5
    Originally posted here by Isellcrack4FBI


    I learned from my own personal experience don't mess with Sub7 Trojans = L@/\/\'

    Good advice. The Patch/Server files ALWAYS contain nasty little suprises such as Win95.spaces. You have to disable virus protection to install the software so you're leaving yourself open to all kinds of threats. Sounds to me like you played with fire and got burnt.....Oh well, a lesson learnt...

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    216
    Been there,Done that,broke it
    Hope you learnt your lesson
    Ifyou whant to see how things work use a isolated spare pc
    and when you are done educating yourself reformat
    Regards
    Mike
    Never miss a good opportunity to shut up.....

  7. #7
    Banned
    Join Date
    Jun 2002
    Posts
    32
    I just wanted to say something to whoever it was that said his NAV didn't catch the virus and neither did zonealarm. Yo should know that there are files that come with trojans that disable antivirus and firewall programs, to let the trojan operate freely without being detected.

  8. #8
    Banned
    Join Date
    Apr 2002
    Posts
    82
    Well, I forgot about the attributes of some of the viruses today. Thx for the info. I forget a lot. I don't "see" sub7 around much anymore and one question. Does the sub7 trojan contain a pack of viruses when it is executed, cause my experience with it only consisted of the virus itself and no other.

    Another thing, NAV and ZA were running fine, but I don't know about in pristine order because I saw the ZA load/upload meters working with it able to catch alerts. When I installed NAV 2002, it was able to catch remnants of the virus......before that I just ran a full C:\ scan with '01.

  9. #9

    Lightbulb

    Sounds like you had a rough time with Sub 7. Sorry to hear it. Sub 7 and the trogens that it was spawned from (such as backorifice and such) are not to be feared though. Rather I take the approch that knowlage is power. If you are security minded don't rule out using such programs to learn from.

    Now don't get me wrong. I don't use such programs with any mal-intent. Sub 7 happens to be one of the largest tools of the script-kiddie. Neophite hackers/crackers live for programs like that. It does all the work for them, leaving them only to find a sucker dumber than they are or caught unaware. Take the program, use it on yourself. Learn from it and learn how to defend agenst it. Remember that these guys are just running a program they got there hands on. So why not know "Exactly" what the program is capable of.

    I may be way off base but I also think that the best defense is a good offense. Everytime someone hits you with a losey port scan or attackes you using one of the common Sub 7 ports, log it and the IP. Get a feel for your attackers and you'll be in a much better place to judge your own security.

    Peace out and let my flaming begin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •