Backdoor\sub seven trojan

[owlman77]

Should I be worried that I seem to be recieving a lot of hits from this trojan according to Norton Internet Security? Or is this normal? Thanks Owlman77

[FuzzButt]

I used to get a ton of them but it has gone away as of late. I believe it is one of those false positives. I have search high and low for info abouot and sign of this trojan on my PC but have not found any. Now I am getting odd FTP requests in the middle of the night. Of course NIS grabs it but that is odd too.Chris

[Guest LilBambi]

owlman77 --I would suggest going to the Symantec AV Center and clicking on the expanded list under the New viral threats listed at the top of the page. On the expanded list page, there is a place to search for viral threats there. Search for "subseven" (sans quotes and no space between sub and seven).There are quite a few variations on subseven backdoor threats.It sounds like someone may well be trying to gain entry to your computer but NIS is catching it. I would suggest familiarizing yourself with what to look for in the different variants, and keep an eye on it just in case.Just my 2 cents

[Guest ThunderRiver]

Well, it is false positive. Each day, you should be expected to see probe and scanning towards your ip. It should not be something you should worry about unless you have low security/or Xp is lacking patches Nonetheless, if you are a geek, you should play around with SubSeven. You may say it is playing fire, but hey! Once you get to know it, you can defeat it with no fear. The greatest fear to people is the things that are unknown, so the best way to be familiarzed is to play with SubSeven. Infect yuorself and play aroudn with it and learn how to remove it.It is not hard. I have used BO2k, SubSeven many times before in the past, and it was considered as scriptkiddie tools, but who is here to say when it also has the same remote admin feature as Norton PCAnywhere?

[jbredmound]

I sometimes take the time to "match up" my firewall log with my personal report @ MyNetwatchman.The first thing that I noticed was that assaults on my ports usually come in "showers" that last a week or so, and then taper off. Of course, there is the routine, daily traffic, but specific threat attacks seem to come in the shower configuration.It's probably been a couple of months ago that every time I opened OE, Norton was identifying 3 or 4 infected messages. I thought, "What is going on?" After about a week, that ceased, and I haven't had an infected message warning since.As the rodeo clowns would say, "Sometimes, its just your turn in the barrel."

[Guest LilBambi]

Good point JB. They do tend to go in cycles. I think this is because they are using robot scripts to do the checking and do this within IP ranges. If they don't get anywhere on your IP range, they will move on.

[owlman77]

Thanks to each of you have responded, I was wondering if these hack attacks might be some kind of robot because they came from all over the world China, Korea, US, Canada etc but always the same backdoor sub seven trojan. owlman77

[Guest ThunderRiver]

If you often get trojan horse sent to your email box, you need to watch out. It is most likely that you are being targeted because someone you know is trying to get inside your PC.ThunderRiver

[owlman77]

The hits that I am recieving are probes detected by Norton INternet Security's fire wall, at least so far. owlman77

[Guest ThunderRiver]

Sounds good to me. I used to have BlackICE, but I later found out that it was quite easy to penetrate such firewal; thus I switched to ZoneAlarm, but then again, I felt that ZA is causing system instability so I am using the firewall from Microsoft. Not the built-in one, but the beta program I am in.

[ctsolutions]

I highly recommend Kerio Personal Firewall - they even have a free version. Not really for newbies, but for those who want a lot of control over what comes and goes it's the best I've found (and the best free one by far.) Zone Alarm free seems to be spyware to me - I can't imagine why it would need to check for updates that often - especially once you've told it not to auto-update. Sygate had stability issues, but the lateot Kerio is rock solid and can be set to load as a service (before you even log in.)When I switched from DSL to cable modem, I was connected without my router briefly and I was just amazed by the number of hits my firewall was getting - I can't imagine being connect.ee with neither a NAT router or software firewall!

[Guest LilBambi]

ctsolutions --Hi and welcome!Actually, ZoneAlarm doesn't have to check for updates at all ... that is a setting you choose. I have it set so I manually check when I hear of an update.BTW: Could you post a link to the Kerio free version for folks that would like to try it out?