Pulling my hair out
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Pulling my hair out

  1. #1
    Senior Member IcSilk's Avatar
    Join Date
    Aug 2001
    Posts
    296

    Question Pulling my hair out

    After allowing some careless family members to use my computer I have been stricken by a multitude of virii.

    My antivirus (EZ trust antivirus) does not delete them and I cant find them through a manual search to do it.

    These are them:

    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7sniffer.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/matrix.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/icqpwsteal.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7advanced.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7capture.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun1.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun2.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7takeover.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7keys.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7moreinfo.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7passwords.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7scanner.dll - Win32.SubSeven!plugin trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>server.exe - Win32.SubSeven.AM trojan.
    \Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP contains infected files.

    Please someone tell me how to get rid of them the right way.


    Thanks

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    try using hosecall.trendmicro.com its a free online virus scanner, and it works damn well.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    All of thse appear to be installed with subseven - from what you've posted it appears you have several different variations of the trojan - here's the search page on symantec.com for the different varieties and their removal instructions:

    http://search.symantec.com/custom/us/query.html

    Good luck and hope that helped!
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  4. #4
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Safe Mode

    I'd recommend booting into Safe Mode (F8 at boot screen) and manually removing the ZIP file. Since it's just detecting these in a ZIP file you may not be infected...but more investigation would be needed to determine that.

    After removing the ZIP file, scan the whole PC (while still in safe mode) with your anti-virus scanner --it *is* up-to-date signatures-wise right?

    Things to check/do:
    * Boot normally and run _netstat -an_ (assuming this is a Win2K or XP box). Review list of IPs in Foreign Address column to see if PC is connecting to any Internet IPs that you dont recognize. Also look at the port number (which is after the colon). SubSeven could run on many diff ports but the default is 27374 and 27573. Check here for list of ports http://andrew.triumf.ca/ports/sophos.html
    * Symantec has instructions here on how to remove SubSeven: http://www.symantec.com/avcenter/ven...alinstructions
    * Boot into Safe Mode with Networking and scan with Internet-based anti-virus scanner:
    Symantec has one http://security.symantec.com/sscv6/d...d=ie&venid=sym
    Trend Micro has one http://housecall.trendmicro.com/

    Hope this helps. Good luck.

  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    KISS = KEEP IT SIMPLE STUPID

    Every file you listed was "\Local Settings\Temporary Internet Files\Content.IE5" so why don't you simply empty your temporary internet files and be done with it?

    Now you probably have some more that are not showing in your temporary files and after you empty your temporary internet files and cashe, I would run something like Trend 'Housecall' to remove the rest.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    Location
    Florida
    Posts
    661
    BlackIce I hope you don't mind if I take your link...

    http://********firefox.com/
    "Content.IE5\"
    Whats that? Haven't seen that in years.

    Get Firefox, perfered by most -- secure (for the most part).

    Cheers
    First you listen, then you do, finally you teach.
    Duck Hunting Chat
    VirtualConvenience
    RROD

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    First off: Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"... BULLSHIT!... smart computing practices fix your problems.... Firefox has a cache, Netscape has a cache.. every browse these days has a cache.... He's most likely accessed the file at some point for it to be in his Temporary Internet files... don't blame IE for stupid users... and stop pushing Firefox... you're as bad as people that push Linux as a fix to Microsoft.... it's not relevant...

    Anyways... now that I've ranted... clear the cache like moxnix said....

    The other thing I'd recommend is getting rid of your AV... and replacing it with something better... We use eTrust in our corporate environment and since switching from Norton to it (gotta love when cost plays a roll) we're constantly being infected by viruses.... I've ran tests that show eTrust to be rather awful... out of my office (since we work on individuals computers)... we offer eTrust (we have it licensed for them) and AVG Free .... everyone wants AVG.... from the most experienced computer users to the ones that say my roommate got eTrust and she's got viruses now...

    Basically someone in your house downloaded subseven... They clicked the open button... and it was saved to your temp files.... they opened it looked at it and closed it.. now the zip is till there... it's really not too much of a concern... I have friends that collect viruses, as long as they're zipped it's no big deal... btw it is viruses... not virii.. there have been several discussions on here regarding that topic..

    As for your multitude of viruses, you don't have a single virus... You've got one Trojan and the associated files about it.... it's not really the end of the world... clear your Temp files... install real AV and run a scan... you'll be good to go.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    Location
    Florida
    Posts
    661
    I never said IE wasn't secure, for the most part it is if you know what your doing. This is the new age, FireFox has something new, something secure (AGAIN for the most part).

    All I was doing was recommending, either you take it or you don't.

    Obviously Firefox can't protect aganist anothers downloading habits.

    Now as for a(n) AV I prefer Symantec.
    We all differ in preference...

    Cheers
    First you listen, then you do, finally you teach.
    Duck Hunting Chat
    VirtualConvenience
    RROD

  9. #9
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    If you're running XP don't forget to turn off the system restore prior to cleaning!

  10. #10
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"...
    Never once have I said Firefox will fix all the problems. I support it and push it because it beats the living hell out of MSIE, plain and simple. There are certain sites I still need to use IE for, but they're becoming fewer and fewer - MS Update and a scant few others Mrs. |ce needs. I show the link and logo in my signature because I'd dearly love to see FF become the industry standard rather than the exception - perhaps then MS will get off its bum and fix the things in its product that have been needing repair for 10 years now.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •