Trojans disabling anti-virus?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Trojans disabling anti-virus?

  1. #1
    Banned
    Join Date
    Apr 2002
    Posts
    69

    Unhappy Trojans disabling anti-virus?

    I've recently been getting alerts from my Norton Personal Firewall that said connection request to SubSeven Server or NetBus Trojan from (xxx.xxx.xx.xx) auto-blocked. I'm not really worried because I have 2 firewalls running and this is only my dial up router computer (Nothing important on here, its all behind it on a LAN). I have the most up to date norton and anti virus versions (live updated today before this happened, and 3 weeks before). Of course, I never play with trojans or anything and I think its a possibility someone with physical access to the computer infected me. Can these or other trojans disable Norton AntiVirus completely, even the updated versions? I've performed a full system scan which turned up nothing, and I have auto-protect enabled. I am extremely embarrased to admit I use dial up AOL, but I use the freebie ISPs when something like this happens.
    Share on Google+

  2. #2
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Happens all the time, more common in viruses though. I have actualy never seen subseven disable an AV utility. I didn't think that functionality was built into it. But to answer your question, yes. Check you see if your AV program still works. And then reinstall it, because that may be the only way to get it to work again.
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Trojans disabling anti-virus?

    When you don t trust your av do a free online check at trend.com

    http://housecall.antivirus.com/
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye
    Share on Google+

  4. #4
    I have actualy never seen subseven disable an AV utility.
    If the attacker has access to the machine, he/she can disable/enable anything, even AV. Yes, SubSeven has potential for that feature, even NetBus.
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    Dude, if your using Norton Antivirus like me, there is a problem. You need to go in the options and into the Exclusions section. Norton by default does NOT scan the \_RESTORE\ directory which is the SYSTEM RESTORE directory in windows. REMOVE THIS from the exclusion list and run the scan again. Chances are the trojan is in there. (I had this EXACT SAME PROBLEM) Now its not as easy as it sounds though! Norton can't just delete stuff from the restore directory because all the files are 'in use'. What you need to do is the following: (I use Windows ME so it may be a little different from what you may be using ;-)

    1. Right Click on My Computer and go to 'Properties'
    2. Click on the 'Preformance' Tab
    3. Click on 'File System' then on the 'Troubleshooting' tab
    4. Check the 'Disable System Restore' box, click ok and reboot!

    This empties the restore directory right out. Scan again just to make sure all the traces are gone. Also, Windows ME and XP both have UVPnP active by default which run off of port 5000. THIS PORT IS A TROJAN PORT!!! (I have to clue what Microsoft was thinking when they did this, maybe they weren't) You need to get the patch of their site for that by the way. My firewall logged these as a local connection to a 'Backdoor-g-1' trojan. It could be either of these, maybe even both. I suggest you follow the instructions I gave you up top and to get the update. EVERY trojan I have ever had spread to the Restore directory. I'm still mad at Symantec for excluding this directory by default. Some people these days...
    Alcohol & calculus don't mix. Never drink & derive.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    139

    Lightbulb

    if the person had physical access to your machine then it's somebody you know just trying to play a practical joke on you. i dont no about norton's firewall but i no that zone alarm hasn't let any of many many attempts on me get through and im "pretty sure" that sub7/netbus cant shut down your av proggy unless its already connected to a console.
    I did not come here to tell you how it is going to end, I came here to tell you how it was going to begin. I\'m going to hang up this phone, then I\'m going to tell these people what you don\'t want them to hear.
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    243
    I had the very same problem, uninstalling Norton won't work like someone said, I ended up reformatting for this and other reasons, because I didn't know about any fix, silly me!
    Search First Ask Second. www.google.com
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    PastyPyro

    when your firewall notifies you of these connection attempts, it dosn't mean you have the trojan on you system.

    What your seeing are kiddies scanning the internet, looking for infected computers. if they get a response to there connection attempt, it is logged and when thier scanners run is done they'll come back to play with it.

    You'll get these all the time, it means nothing.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Share on Google+

  9. #9
    Banned
    Join Date
    Apr 2002
    Posts
    69
    It's not only a connection attempt, the alert said the connection attempt was to SubSeven or NetBus trojan. I reformatted the drive late last nite (I set the computer up so I could wipe it in an emergency) and I was going to use to it to scan the rest of my network for anything else. But I accidently fried that machine I think while plugging in an ethernet cable while the machine was booting and it just went off and I can't get it to even come back on. Back to square one here, but luckily theres nothing even slightly important on there. Anybody know of any good pay-as-you go ISPs with no proprietary windows software? (I'd love to use a slackware router)
    Share on Google+

  10. #10
    Member
    Join Date
    Dec 2001
    Posts
    66
    As far as I know, NetBus or Sub Seven Trojans cannot disable your anti-virus. But there are many that can. Some people might send you that kind of viruses frist; through e-mail or messengers then they might send you a Trojan.
    So becareful what you are downloading.
    Its good to have an updated firewall and a anti-virus.
    With great power comes great responsibility.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •