Results 1 to 4 of 4

Thread: Sub 7

  1. #1

    Question Sub 7

    I have a good fiewall installed on my computer, but I have heard a lot about the sub7. How would someone infect my computer with the sub7......and how would I know if it had happened? What methods would they use?

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Well the good firewall should stop it, Alot of firewalls will come streight out and say that someone is trying to access you via Sub7 and then give you their Ip address ( when this happens i usually ping them and then scan them just to let them know i am there ) The most common way of infection would be threw some sort of file sharing program, an email attachment and things downloaded off of websites.

    You really wouldnt know someone has infected you with a Sub7 unless you have some sort of Virus protection...but even with that i think with Sub7 there is a way to disable the virus scan or make it undetectible.

    Sub7 is a really easy to use trojan that cuts out alot of the work that would have to be done by other trojans.. For example with netbus trojan after you are infected the person who infected you would have to scan IP ranges of your ISP looking for an open port on 1234567 for example

    The only advise i can give you is watch what you download, keep your virus definitions up to date and watch what is trying to access the internet threw your firewall reports ...oh and if you do a search on for Trojan Ports you can come up with a pretty good list of what ports to have manually blocked on your firewall
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  3. #3
    Join Date
    Nov 2001
    its not only sub seven you have to worry about, its all trojans in general. a trojan is a program that opens up a port and sits on it so the person on the client side can have access to your computer. a decent firewall is really the only way to be safe but also scan anything you download with an anti-virus/trojan program to be sure you are safe. i've been hearing that ZoneAlarm can be exploited so if you have it, i'd switch. you could find out if someone is trojaning you by doing a ctrl-alt-del and see if there is anything unusual running, but some trojans can be invisible, such as Back Orifice. you can tell if Back Orifice is on your comp if in the windows/system files there is a .dll called "windll.dll" you should delete it immediatly. also check your registry run services to see if they are in your startup. another way to tell is if you go into the dos promt and type "netstat -n" and see some connection on some crazy port like 31337 for instance, you know someone is hacking you.

  4. #4
    If you have been infected with sub 7 the whole ctl-alt-del and see what running is useless.
    Look in your win.ini file and check your registry for the entries. With Sub 7 though the server can mask itself by looking like valid entries in both you sys files and your win.ini. In your registry the client exacuting entry is usually about 312 kb in size and is doubled up in the various run, run services folders in order to get it to start on boot up. Delete these and then reboot. Just be careful when messin with your registry. In your win.ini just delete the portion after run=. Such as run=sub7 (though it prob won't be called that). After all that reboot and get a better firewall and virus detection. Oh, also check your ICQ files if you have them. If the guy was on there long enough he could have changed your ICQ to altert him when your online and what your ip is (even if you have a dynamic IP) thus leaving you a target for future attacks even if sub7 is removed. Sub7 can do this by the sever installed on your puter as well but would be deleted when sub7 is removed.

    If you really want to have some fun with the kiddie ******* that infected you and you don't know much go find 00Sub7. Its a kiddie hackers program that is made to attack sub7 servers instead of its clients. As they connect to you usin sub 7, 00 sub 7 redirect the command to their own computer. So as they think they are fu8kin some computer they are really only damageing their own..... Or so I've heard.

    Peace out
    Those who are awake all live in the same world.
    Those who are asleep live in their own worlds. -Heraclitus

    All Your Base!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts