help with the documentaion of sub7
Results 1 to 6 of 6

Thread: help with the documentaion of sub7

  1. #1
    Banned
    Join Date
    Jul 2002
    Posts
    6

    help with the documentaion of sub7

    hey please let me know where to get the documentation of sub7 trojan as i got infected last week and so please let me how does it work?

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    http://www.xploiter.com/security/sub7.html

    Unless you have a dummy machine to use to tinker with it on. I suggest that you not play around with this tool, as the server and client are infected. Just go to one of the sites such as McAfee and get a removal tool. Then keep your OS, anti virus and anti trojan programs/definitions up to date.

    If you are wanting remote desktop control or to be able to access your system remotely in a legal legit way. Look at getting VNC. Just "Google" it and you'll get more links than you can handle.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    Although I do agree that you should not mess with this tool, the client and editserver, contrary to popular belief, are NOT infected. They come up as backdoors on AV scans to prevent people from messing with it to begin with. If you dont believe me, get some port scanners, run the client, and check your ports. No more will be open then when you started unless you run the server.exe. BTW, are you infected with 2.2 or 2.1? They both have very different methods of infection and removal. You should be able to find good documentation on either searching via google. If not, e-mail me and I can help you determine which you have and how to remove it.

    me thinks someone will prolly flame me for this, but in my eyes, info is info, and all is helpfull.
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  4. #4
    I have to agree that Sub7 as a remote administration tool is simply not a good idea. Sub7 servers are probably the most sought after by script kiddie scans (scanner is included on the client), and if you happened to install it for that purpose, then it will do you no good because not only "you" will have access to your files.

    But {p2p} I do not think that's what enjoy_lovelife asked... if this person (I do not know if you are M or F, so please forgive me) was infected and wanted to know how to get rid of it, I do not think this person wants to mess with it... but then again, I am not very good at "reading between the lines." hehe.

    cross is also exactly right about the server installation routines and restart methods are differnt from one version to the next are different. so it would help if you told us what version it was. To see this (since you know it's a Sub7 server), telnet to yourself to port 27374 (default fo ver 2.2, it can change, so if you need to find where the server is listening, do an netstat-a from the command line) TCP and see if there is a string acknowledging there is a server running. The string should tell you what version is running. Once you have that info, go on an uninfected machine and download the latest version of The Cleaner www.moosoft.com.

    Hope this helps

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by alittlebitnumb
    But {p2p} I do not think that's what enjoy_lovelife asked... if this person (I do not know if you are M or F, so please forgive me) was infected and wanted to know how to get rid of it, I do not think this person wants to mess with it... but then again, I am not very good at "reading between the lines." hehe.
    Thats why I included the link. I was not sure what type of documentation they wanted. At the linke I gave. It has how it works as well as documentation on how to remove it and fix the registry. Sort of a catch all.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  6. #6
    Banned
    Join Date
    Jul 2002
    Posts
    6
    hey thanks guys for the info it helped me a lot understanding what people do to get into systems
    anyhow i think i would ask u people a lot more question again and again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •