-
November 13th, 2003, 11:33 PM
#1
Junior Member
Backdoor Subseven/Trojan - Help
I have a Backdoor/Subseven Trojan Horse on my computer. I have installed Norton
Internet Security, so, now it can't get out. However, I cannot seem to delete
it. I've tried the Symantec removal instuctions, when I am in the DOS window;
and am to cd \winnt it states it is an invalid directory and when I try to copy regedit.exe
regedit.com it says the file doesn't exist. Can you help me? I do not really
want to spend 4.95/min on the phone to Symantec. My internet provider has already suspended my service for spamming. Help would be appreciated. Thanks. Tara
Norten says the following:
"Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected."
-
November 13th, 2003, 11:37 PM
#2
Try cd \windows if you are not on Windows NT, 2000 or XP.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
November 13th, 2003, 11:38 PM
#3
just because it says "Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected" doesn't mean your infected. Everytime some one uses sub7 to scan ranges of ip's for already infected people, you will get that message from norton if they scan past your ip. If norton is up to date and not finding anything, i'm willing to bet you dont have anything. But just in case, disable your virus scanner and go to housecall.antivirus.com/ they will scan your computer from theirs. If they find subseven, remember the version it states and go to: http://www.hackfix.org/subseven/
Hope this helps
-
November 13th, 2003, 11:38 PM
#4
What operating system?
If it isn't c:\winnt then it's probably c:\windows
Giving us the OS will really help.......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 13th, 2003, 11:40 PM
#5
Junior Member
I had the trojan horse before I got Norton Internet Security. I have Windows XP, and my system is becoming slower everyday?
-
November 13th, 2003, 11:40 PM
#6
Re: Backdoor Subseven/Trojan - Help
Originally posted here by Tara47
Norten says the following:
"Attempt to connect to local computer using the Backdoor/Subseven Trojan horse detected."
Uhhh... that sounds like your firewall & what is most likely just a scan or something. And any AV that doesn't detect sub7 should be thrown in the garbage can. Do you have some of the newer products? Because I hear many of nortons new products can **** up performance a bit. Infact almost anything I buy now days with 2003/2004 on the end of the logo seems to mess up. But thats just me...
-
November 13th, 2003, 11:48 PM
#7
Like Specialist said, Sub7 can be detected easily by AV software, it's just too old to be a threat to most systems. If you don't have AV though, it's still dangerous. And Firewalls do tend to indicate the presence of trojans when a request is made to the trojan's port, with or without the trojan's presence.
Real security doesn't come with an installer.
-
November 14th, 2003, 12:03 AM
#8
Junior Member
So, I probably do not have the sub7 on my system?
I had the apparent sub7 before the AV. which was told to me by my internet supplier when SHS.exe was detected by my operating system.
-
November 14th, 2003, 12:15 AM
#9
Originally posted here by Tara47
which was told to me by my internet supplier when SHS.exe was detected by my operating system.
!!!Detected by your OS? WTF!!!
Ummm.... whatever, pal.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run, key: preset value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices, key: preset value
WIN.INI, section [windows], key run={server name}.exe
SYSTEM.INI, section [boot], key 'shell=Explorer.exe {server}.exe
HKLM\Software\Microsoft\Active Setup\Installed Components\{random value}
Check for startups.
Or you could go to restore then reboot and see if it still shows up.
-
November 14th, 2003, 02:24 AM
#10
maybeyou just got an alert from your firewall, thats all nothing to worry about
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|