Trogen horse's

[comp_custom]

I have been getting attacked from the internet by trogen horses and i was wandering if there is eney way i could stop them from attacking me? I have norton internet security 2004. If you need eney more info ill write back.

[fyrewall]

Install a firewall and dont allow incoming connections (except needed ones). Also install a virus scanner that can detect and remove trojans etc. AVG is a good free one.... Also be wary of what you are double clicking on (you dont want to click on trojans)

What does norton internet security 2004 have? if it has a firewall and an antivirus .. thats a good start

[jinxy]

Trojans do not attack from the internet, they attack from the inside.

I would hazard a guess that NIS keeps popping up with some type of warning along the lines of, "sub7 trojan hourse attack detected".

This is just the firewall part if NIS doing it's job, stopping attemps to connect to your pc. Infact they are probably not attemps to connect at all, but rather scans looking for pc's that are infected with what ever trojan. As such nothing to be alarmed about.

On the other hand you could possibly be infected. So run some av/malware scans to be sure. Don't limit your self to just NAV, use Trend Micro's House call, an online scan.

http://housecall.trendmicro.com/hous...start_corp.asp

Download install and run. Spybot search and destroy, Lavasoft's Adaware, MoosoftsThe Cleaner, Tds3. These are all found easily using google. Or indead looking through some of the posts here at AO where there may already be a link.

[nihil]

IMHO, the best thing is to go to the DiamondCS website and get a trial of TDS3.

There is some useful free stuff as well, like RegistryProt

Good luck!

[comp_custom]

My norton internet security does have a fire wall and anti virus. I all sow have Lavasoft's Adaware and i have scaned with both of them and found nothen. Two of the trogens horse's that have attacked me are (Backdoor/Subseven Trojan horse) and (Back Orifice 2000 Trogen horse). Thanks for your help sow far.

[fyrewall]

remember to keep your Antivirus uptodate to dude or it is useless

[comp_custom]

My Antivirus is uptodate.

[comp_custom]

Could'ent i just block the IP adress's ???

[jinxy]

Could'ent i just block the IP adress's ???

If you try to do that for each ip address that NIS reports an attempt to connect from you will spend the rest of your life putting ip addresses into the blocked part of the firewall.

As long as you are confident that you have a clean pc, what you see reported from your firewall is just noise from the internet and nothing to worry about.

Let me explane how a trojan like sub7/back orifice works. There are two parts to a remote access trojan. The client and the server. The server needs to be installed on a targets pc, the client needs to be on the bad guys pc.

So having installed the server part of the trojan on a target the bad guy neads to connect to the server useing the client on his pc, from here he can carry out his hacking activities. Now it is not that easy to target a particular pc. The best way to install a trojan on a target is to send the server to as many pc's as possible. In the hopes that at least one numb nut will actually install it.

Not knowing which pc has the server installed, the hacker will have to find that pc. He does this by scanning a whole range of ip addresses untill he finds an ip address with the server active on it. He can then connect and do his stuff.

What your firewall is alerting you to, is the fact that some one is scanning a range of ip addresses, one of which is yours. That does not mean you are being attacked, just that someone is looking for someone to attack.

Hope this helps you some......................................................................................................................................................................And if anyone picks me up on useing the H word, i will rip your arms of and beat you with the soggy end

[Chris Mallon]

If you have a firewall and an up to date AV, then the AV should be able to delete the trojan, because both of them are awfully old i believe, but since that doesnt work, i found a few websites to help you remove them. Be sure to be careful when editing the registry.
Sub7 Removal
A few tools

Back Orfice