July 8th, 2003, 09:31 AM
Connecting to server
Ok need a bit of help - a friend of mine thinks she has sub7 on her comp. No avp instaled or a firewall (i know i know we can all criticser her later)
I ran a quick scan and right enough she does have one of the common sub7 ports open. Thing is she doesn't know much about computers and even tho I have tried to talk her thro getting rid of it she can't seem to grasp it. But I read that you can connect to the server and delte it remotley.........but every time I try to connect it keeps failing. What am I doing wrong? How can I connect to the server?
thanks for the help peps
July 8th, 2003, 10:03 AM
Not that I am anything more than a newbie that comes here to read and read and hardly ever post. I know that is what I did to remove sub7 from a computer a while back by actually installing the client and connecting to the server to remove it, just don't remember how. I am waiting to see if anyone will actually try to explain this to you on this forum just because you are a senior member (nothing against you) BTW. I just see too many newbies come here and ask about similar tools and how to use them and the threads go suicidal not to mention the flames. Now if people try helping you by posting on the forum it would be total unfairness. Let's say someone like you should know better than asking those questions here, seeing as you are a senior member. Now like I said it is probably legit and this is a good way of getting her server closed and removed but I just wanted to throw in my .02. If I get negged for finally posting and speaking my mind it's cool. I just thought I would speak my mind.
July 8th, 2003, 10:37 AM
I found this site Instructions on Sub7 through google ...there is an explination on removal ...maybe this helps.
If not I'll try to find something else.
Back when I was a boy, we carved our own IC's out of wood.
July 8th, 2003, 10:40 AM
http://www.trendmicro.com/vinfo/viru...=BKDR_SUB7.22A seems to be a fairly detailed set of instructions to removing sub7.
My best recommendation, however, is to slap your friend upside the head, and repeat as necessary until she clean-boots and installs an antivirus system. The link above is for Trend Micro, which has a decent rep as far as I've heard.
Once issue, though: A lot of viruses out there are variants, so you might not be able to get all of the files off the system with a manual or conventional approach. If so, you're looking at a nice reformat :\
July 8th, 2003, 02:02 PM
Ok I know the question has been answered beautifully. I just want to point out that the answer is actually right here at AO in one of the famous thread: The Ultimate Newbie FAQ by Ennis. You can easily find it by searching it... [EDIT]No. Somehow entering "The Ultimate Newbie FAQ" (quoted or unquoted) in AO search box fails to show its link. Guess AO search engine sucks huh...[/EDIT]
Anyway, here it is: http://www.antionline.com/showthread...hreadid=218093 . See the Trojan Removal link.
I think I will re-read that thread again and again once in a while. Especially because it seems to be updated once in a while.
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
July 8th, 2003, 03:16 PM
Valhallen, Instead of trying to connect to the server, Why dont you just install Anti-virus software scan the system and delete what ever malicious code you find?
But I read that you can connect to the server and delte it remotley.........but every time I try to connect it keeps failing. What am I doing wrong? How can I connect to the server?
There are numerous reasons why its not connecting to the server. The person who has the CLIENT for SUB7 also configured the server. Which means this person could have it setup where sub7 runs on any random port or he could be dumb enough to set the port number to default port which normally is 27374. What this person probably did was set a SERVER PASSWORD which will protect his victim from others who try to connect to her using SUB7 server. Does your friend connect with broadband or dial up? If its broadband find it and destory it ASAP. If its dial up hes probably using A bot that logs whenever his victim is connected to the net. Look in the Windows directory c:\windows\filename of the server <------cause thats where its gonna be along with the registry keys.
As far as seek and destroy use this software anti - trojan v5.5 http://download.com.com/3000-2239-10...ml?tag=lst-0-1
I used it last night on my girlfriends PC found sub7 2.1.5 legends on her system as well a few others now I got her system running trojan free.
July 8th, 2003, 07:43 PM
ok sorry peps but my above post was BS
I was conducting a small social experiment to see how people would react to what could be a thinly disguised excuse for information that is frowned upon in these forums. I guess I just wanted to see how reactions differ between newbies asking these types of questions and a more senior member.
for those who now think I am trying to hide the fact that i really was trying to find out information with regards to sub7 you can view my post in the addicts forum -> http://www.antionline.com/showthread...=641545&t=5153
posted straight after this one (before people started replying)
for those of you who are reading this now i hope you read the other posts first as then you can think about your true reaction and how/if it differed? Does the fact that I have been here longer mean that someone who has just discovered the site has less legit reasons for asking the same question? Ok I may have phrased it better than most but that is because I know a little bit more about this site and if i had asked out-right
'How do I hack someone with sub7' I think most people would laugh it off as me mucking around ( i hope )
Anyways I think what am getting at is maybe sometimes newer members deserve the benifit of the doubt, am not saying many people dont do this already - there are plenty of posts i have seen where instead of flamming someone they have pointed out the FAQ's and steered the newbie in the right direction, as well as giving types about better question phrasing.
But even so there are still alot of people who have been banned before they have really got to find their feet in the forums - some of these people may very well of deserved (infact have a feeling most do) but some may have gone on to become good members but were scarred off before being given a chance......
well I'll step down of my soap box now - oh btw thanks to those people who gaqve answers...ok I didn't need the info but you didn't know that and were genuinly trying to help - so thanks for that
July 8th, 2003, 08:37 PM
Even though this is a rather 'dodgy question', I think that it would not get 'shot down if it was from a newbie'. The idea was legitimate and removing it by connecting to it and deleting it is an interesting way to get rid of a trojan, especially if the other user is not using windows xp and remote assistance is not an option. But I certainly do think that your 'ap/member status' did have something to do with it, by encouraging the thread to reamin on topic and the posts to be descent. Just my opinion.
July 8th, 2003, 10:00 PM
As I don't take offence at all ... nice experiment anyway... you say to us in your hidden post to check out the post you started right after this one under the addicts forum...
I believe you and I believe your honest meanings but as I'm still working my way up the ladder (read post more threads) I'm still not alowed in that section ... now this is not to whine about that but just to tell you that now I can't read that post and maybe see the reactions on your little experiment.
Also alot of people on this forum (I think) probably wont get the to the addicts ladder soon as some of us are not always able to post many threads ...this due to many things like work , family obligations , computertime and knowledge on certain things... maybe they don't miss much but it still a possibility ...
Sorry for the rant ... had this on my liver ... I like this site very much and it helped me alot allready...but sometimes I gotta rant
Back when I was a boy, we carved our own IC's out of wood.
July 9th, 2003, 05:25 AM
I'll back up v_Ln on the existence of the thread in the Addicts Forum...he's being straight up about that. I've got to commend him for his very original line of thinking on how to bring up this subject (it has been discussed before) in a way that DRIVES the point home. Had he been a newbie he would have been negged out of existence for that post. Thanks for makiing the point valhallen....it was much appreciated.
It isn't paranoia when you KNOW they're out to get you...