1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Backdoor/SubSeven Trojan horse on a daily basis

Discussion in 'All Other Software' started by bcon76, Jan 28, 2002.

Unmark Solved
Thread Status:
Not open for further replies.
Advertisement
  1. bcon76

    bcon76 Guest Thread Starter

    My firewall (NPF2002) alerts me to Backdoor/SubSeven Trojan horse on a daily basis, at least once a day. Would this most likely be a false alarm? Not that it matters that much because it gets blocked but it would be nice to know. If it is false what might be causing it? Also, I have found a list of files associated with this trojan and have found none on my machine but what exactly does it do? How is it received, what purpose does it serve the person instituting it?
     
  2. SavvyLady

    SavvyLady

    Joined:
    Oct 14, 2001
    Messages:
    2,218
  3. bcon76

    bcon76 Guest Thread Starter

    I already know I don't have a Trojan. I am just looking for more info on this one and if it is feasible that I would receive alerts for it so often. This is the only Trojan, virus or worm I have ever been alerted to. It seems strange that it occurs everyday and it is always SubSeven.
     
  4. SavvyLady

    SavvyLady

    Joined:
    Oct 14, 2001
    Messages:
    2,218
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,091
    Hiya

    As with all trojans, there is the good and bad side for them. The good side is that it can be used by admins to keep an eye on the users. The bad way is if an attacker wants to use it. Thats why you can download them freely.

    Now, the reason why you may got more inbounds on that port and for that trojan, is that its one of the most common types of trojan, and the passwords are all the same.

    As long as you keep your system up to date with scans and that you keep your firewall up to scratch, by going to www.grc.com and Test My Shields and Probe My Ports, you should be okay.

    They can do all sorts: open your CD drive, root thru all your files, delete stuff, and shut you down. Of course, the most worrying thing about them, is that if you didn't have a firewall, and you went along to your local online bank, typed in all your secure, encrypted passwords, trojans have key logging programs, so they can see what you type. Then, when you go offline, in goes the attacker.

    Just a little bit of info about them

    Regards

    eddie
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396

    bcon76,how do you know?
    how do you know whether subseven is trying to get in or "call out?"
    what is the context of the alerts?
    just trying to help here,if you dont know what a trojan can do,you cant know for sure you dont have one.
     
  7. bcon76

    bcon76 Guest Thread Starter

    $teve,

    The alert says an attempt to access your system using backdoor/subseven trojan was blocked.

    I have also done a manual search for all files that could be associated with subseven.

    I have also updated all norton applications, ran a complete virus scan and multiple security scans from multiple sources. And, to take it one step further, I have checked all running processes on this machine running XP pro, which is online, against another machine running XP pro which has never been online and that came up negative.

    In conclusion, I am relativly sure that my system has not been breached. I have spent alot of thime on this, not that I have anything on this machine that would be of much interest, but I also do not want some weasel using my machine as a tool to exploit others.
     
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    i had 1st hand experience with subseven a couple of years ago when i was green and wasnt wearing any protection,it was weeks before i even new it,thats why i was just a tad concerned.
    you obviously know your onions,it just seams strange why someone would keep trying.
    all the best.:cool:
     
  9. Joogs

    Joogs

    Joined:
    Jan 31, 2002
    Messages:
    3
    I get the very same alert (among others) from NPF 2001, though I get alerted several times a day. It's just script kiddies scanning your ports to see if there's a SubSeven server on your computer. Nothing to worry about at all. Even if you were infected, outgoing traffic from the trojan probably wouldn't get past NPF anyway.

    Jen

    :D
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/66762

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice