Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: subseven......

  1. #1

    Question subseven......

    I have been recieving several subseven trojan horse port scans according to my firewall. I am a newbie to security and would appreciate any info. on the subseven trojan horse (i.e. what it does, etc.). Thanks, Hillbilly75
    We Know Who You Are.....

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Sub7 and backdoor trojans like that give the user remote access to your computer, so they can basically control or mess with your computer. They're not good things to have, but this is really just information you can pick up at any site with info about them.
    Why am I still here?

  3. #3
    Thanks for the info. I 'm currently in school for networking/systems engineering and any knowledge is a plus!
    We Know Who You Are.....

  4. #4

  5. #5
    Many Thanks. Those links are informative and educational.
    We Know Who You Are.....

  6. #6
    Senior Member
    Join Date
    Nov 2001
    basically, Sub 7 is a program that allows script kiddies to play around with (and screw up) your computer. they are definitely something you want to avoid. as long as people were just scanning to see if you have it, and you don't actually have it, you will be safe. NOTE:another program like sub 7 is netbus. NEVER play a game called "Wack-A-Mole" it is a disguise for the netbus trojan.

  7. #7
    Senior Member
    Join Date
    Oct 2001

    Re: subseven......

    Originally posted by hillbilly75
    I have been recieving several subseven trojan horse port scans according to my firewall. I am a newbie to security and would appreciate any info. on the subseven trojan horse (i.e. what it does, etc.). Thanks, Hillbilly75
    Keep your firewall up, and make sure that you don't download any email attachments. Make sure you have a virus scanner on your computer and keep it regularly updated. The reason you'll want to do this is because Sub 7 is a trojan that allows malicious script kiddies to do whatever they want to your computer, others include netbus and Back orrifice. Read kapperdogs post for newbies.
    There\'s no sense in being would never work anyway.

  8. #8
    Many Thanks guys. I appreciate you taking the time to reply to what must seem like a basic question.
    We Know Who You Are.....

  9. #9
    Junior Member
    Join Date
    Sep 2001


    I Have Traced Sub-7 Back To A URL in The UK !

    If You Guys Have A FireWall Copy The Numbers of Your Attacker
    And Go Get "Sam Spade" And Trace it
    it's free

  10. #10
    There are literally thousands of trojans, all do different things but follow the same principle of giving a person remote access to ur comp. Sub7 is a very good trojan(bad if ur a victim), it has lots of features, and allows you to do anything that ur victim can do to their comp plus more.

    go to for a very good trojan scanner/remover. The default ports for sub7 are 1243 for older versions and 27374 for newer versions. I heard recently that the latest edition is 54344 or something? Anyway these are default ports, and often are changed. If ANYONE is portscanning you, they are obviously planning something nasty for you.

    All they must do is type in your ip and the port, click "connect" and theyre in. Then they just click buttons and do stuff, including getting screenshots of what youre doing, keylogging you, getting ur passwords, getting ur comp info, home info (including phone, address, etc, and most maliciously, if someone gets ur ISP username/pass, they can view your credit card details as well as phone home etc ). They have full read/write access to ur harddrive, they can edit your registry etc.

    So its best to get an updated VS (though these dont always pick up all trojans, eg the MooSoft trojan scanner found around 15 trojans (only 1 was running) on my comp, and my fully up to date Norton found 1, and it wasn't the running one )

    If you know you have a trojan running, and MooSoft of a virus scan says it had an error while trying to delete it, or if u manually delete the file and it says "Cannot delete: the specified file is being used by windows" this means its active and waiting for a connection. Boot up in dos or open ur dos shell (MS-DOS Prompt in Start Menu>programs) and type "del c:\trojan.exe" or wherever it is located.

    Alternately, if you know what trojan it is, eg netbus, sub7, progenic etc, you can get the client of this trojan (what the kiddie uses to connect and control u with) and use, if there, a delete server option. The server is the trojan, as trojans are Client>server technology.

    Hope this helped.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts