Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Backdoor Subseven/Trojan - Help

  1. November 14th, 2003, 02:34 AM #11
    SevenBleach
    SevenBleach is offline
    Member
    Join Date
    Nov 2003
    Posts
    71
    prolly just follow all the instructions in this thread before you post anymore.. not to be mean man but seriously.
    Reply With Quote Reply With Quote
  2. November 14th, 2003, 03:17 AM #12
    sysmin770
    sysmin770 is offline
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Like other members have said you were most likely were just scanned for subseven. A fun thing that I have done in the past with people trying to spread Sub7 was to get connect to your computer with the client and find out the information of the person who put it on there. If they protected the server with a password you could use a program called Sub7 sniper. It is cool to send them Email or ICQ messages. I hate script kiddies.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563
    Reply With Quote Reply With Quote
  3. November 14th, 2003, 06:16 AM #13
    libertie
    libertie is offline
    Junior Member
    Join Date
    Aug 2003
    Posts
    13
    Open a command shell when you are online and type netstat -av, and look for the port 27374 to be open, if you have subseven this is the default port that will be open, look for any port numbers that are out of the ordinary. Actually, if the firewall is any good it probably logged the connection attempt and it will have the port number that someone tried to connect to. You might try setting your firewall to a learning mode where it asks you which taffic can go out and which can come in. More than likely everyone is right, it was just a scan. Hope this helps.
    -libertie
    Reply With Quote Reply With Quote
  4. November 14th, 2003, 06:40 PM #14
    mark_boyle2002
    mark_boyle2002 is offline
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Easy to follow instructions.
    Some people forget that plain english is easier for people new to this to follow.

    Sub7 was a back door into your computer.

    In order to find which doors are open hackers often try all the doors on all the houses in the street.

    When your internet security package notices some one trying the handle it reports it to you.

    The fact that it reports it means that your security package is up to date enough to block people opening the door and would remove the virus if you had it.
    Reply With Quote Reply With Quote
  5. November 14th, 2003, 10:58 PM #15
    sysmin770
    sysmin770 is offline
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    I wouldn't necessary go by the default port number though. That is easily changed by the server editor for the program, and a good many people change it to better mask the fact it is there.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563
    Reply With Quote Reply With Quote
  6. November 15th, 2003, 04:06 PM #16
    spools.exe
    spools.exe is offline
    Senior Member
    Join Date
    Sep 2003
    Posts
    279
    I would recomment booting in safe mode first. THen do a system scann or just delete the file. It should work that way.
    AntiOnline Quick Forum Version 2b Click Here
    10010101000000110010001100111
    Reply With Quote Reply With Quote
  7. November 15th, 2003, 08:45 PM #17
    Fatphantom
    Fatphantom is offline
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    If you dont have an av, do scans from trend micro

    My internet provider has already suspended my service for spamming. Help would be appreciated
    Try contacting them and tell them what happened?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules