Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Backdoor Subseven/Trojan - Help

  1. #1
    Junior Member
    Join Date
    Nov 2003
    Posts
    3

    Backdoor Subseven/Trojan - Help

    I have a Backdoor/Subseven Trojan Horse on my computer. I have installed Norton
    Internet Security, so, now it can't get out. However, I cannot seem to delete
    it. I've tried the Symantec removal instuctions, when I am in the DOS window;
    and am to cd \winnt it states it is an invalid directory and when I try to copy regedit.exe
    regedit.com it says the file doesn't exist. Can you help me? I do not really
    want to spend 4.95/min on the phone to Symantec. My internet provider has already suspended my service for spamming. Help would be appreciated. Thanks. Tara

    Norten says the following:

    "Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected."

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Try cd \windows if you are not on Windows NT, 2000 or XP.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    just because it says "Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected" doesn't mean your infected. Everytime some one uses sub7 to scan ranges of ip's for already infected people, you will get that message from norton if they scan past your ip. If norton is up to date and not finding anything, i'm willing to bet you dont have anything. But just in case, disable your virus scanner and go to housecall.antivirus.com/ they will scan your computer from theirs. If they find subseven, remember the version it states and go to: http://www.hackfix.org/subseven/

    Hope this helps
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    What operating system?

    If it isn't c:\winnt then it's probably c:\windows

    Giving us the OS will really help.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Junior Member
    Join Date
    Nov 2003
    Posts
    3
    I had the trojan horse before I got Norton Internet Security. I have Windows XP, and my system is becoming slower everyday?

  6. #6
    Banned
    Join Date
    Jul 2002
    Posts
    877

    Re: Backdoor Subseven/Trojan - Help

    Originally posted here by Tara47

    Norten says the following:

    "Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected."

    Uhhh... that sounds like your firewall & what is most likely just a scan or something. And any AV that doesn't detect sub7 should be thrown in the garbage can. Do you have some of the newer products? Because I hear many of nortons new products can **** up performance a bit. Infact almost anything I buy now days with 2003/2004 on the end of the logo seems to mess up. But thats just me...

  7. #7
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Like Specialist said, Sub7 can be detected easily by AV software, it's just too old to be a threat to most systems. If you don't have AV though, it's still dangerous. And Firewalls do tend to indicate the presence of trojans when a request is made to the trojan's port, with or without the trojan's presence.
    Real security doesn't come with an installer.

  8. #8
    Junior Member
    Join Date
    Nov 2003
    Posts
    3

    Question

    So, I probably do not have the sub7 on my system?

    I had the apparent sub7 before the AV. which was told to me by my internet supplier when SHS.exe was detected by my operating system.

  9. #9
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by Tara47
    which was told to me by my internet supplier when SHS.exe was detected by my operating system.
    !!!Detected by your OS? WTF!!!

    Ummm.... whatever, pal.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run, key: preset value

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices, key: preset value

    WIN.INI, section [windows], key run={server name}.exe

    SYSTEM.INI, section [boot], key 'shell=Explorer.exe {server}.exe

    HKLM\Software\Microsoft\Active Setup\Installed Components\{random value}

    Check for startups.
    Or you could go to restore then reboot and see if it still shows up.

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    maybeyou just got an alert from your firewall, thats all nothing to worry about

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •