Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: sub7:They tried it

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    180

    sub7:They tried it

    Hi everybody,
    I got a warning from my norton firewall that someone tried a sub7 trojon. I wasn't sure if they were tring to put one in my os(ms-xp) or if there was one in there already. I ran my norton virus check that had been update the day before and I got a clean bill of health. I got the IP address were it came from and ran it on AO's IP locator. The IP address is 65.49.44.167 and this is what I got from the ip locator: CPE00045a965b77-CMO14130003296.cpe.net.cable.rogers.com. My questions are:

    1. Did my norton virus check miss a sud 7 trojon?
    2. Who is this person?
    3. Sence this was the 1st time it happened, am I safe from this person?

    Freddy
    cybnut

  2. #2
    Freddy: It could be somebody with a client scanning for servers or somebody looking for the server they installed. It's usually the former. I would not worry about it.

  3. #3
    AO's Fluffy Bunny cdkj's Avatar
    Join Date
    Feb 2003
    Posts
    1,236
    Fred Brown

    i wouldn't worried about it your firewall blocks it out for 30mins.I get them type of hits at least 6 to 7 times a day.
    I had to google 'jfgi' to see what it meant. The irony is overwhelming.

  4. #4
    Freddy: It could be somebody with a client scanning for servers or somebody looking for the server they installed. It's usually the former. I would not worry about it.
    Very true.

    The warning that you got was it ?
    "The trojan subshiz tried to load" (or tried to connect)
    or
    "someone tried to connect on port 37337 (subshiz)"

    If it is the first you are probably infected (don't know how that happened since you keep all things updated and stuff) and you need to get the removal instructions.

    If it were the second then there is not much to worrie about, just someone trying to connect to a port on your system (identified as subshiz), that happens quite often.

    You could always try and run an anti trojan scanner on your system
    The cleaner: www.moosoft.com
    Tauscan: www.agnitum.com

  5. #5
    Senior Member
    Join Date
    Dec 2002
    Posts
    180
    noODle,
    Here's a part of the report:

    Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (65.49.44.167,27374)
    Inbound TCP connection

    The vrius check show no trojons.

    Freddy
    cybnut

  6. #6
    Inbound TCP connection
    This is what Drunk on Duvel and cdkj were talking about.
    There is nothing to worry about, just some punk scanning to see if you are infected.
    Ignore them.

  7. #7
    Senior Member
    Join Date
    Dec 2002
    Posts
    180
    That's what i thought , but I wanted to double check, Thanks.

    Freddy
    cybnut

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    1
    The IP locator says I'm in Australia... that's kind of far from where I really am in Detroit...

  9. #9
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by rabidus6
    The IP locator says I'm in Australia... that's kind of far from where I really am in Detroit...
    From the IP locator
    www.microsoft.com (166.90.148.246) is located in Broomfield, Colorado, United States.

    Not Seattle at their main offices?
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  10. #10
    you might want to try a trojan remover instead of a virus remover...your could be useless againts trojans such as sub7. There's programs out there that are made specifically to remove trojans such as sub7 and Back Orifice
    \"Not everything that counts can be counted, and not everything that can be counted counts.\" (Sign hanging in Einstein\'s office at Princeton)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •