owlman77 Posted May 22, 2003 Share Posted May 22, 2003 Should I be worried that I seem to be recieving a lot of hits from this trojan according to Norton Internet Security? Or is this normal? Thanks Owlman77 Quote Link to comment Share on other sites More sharing options...
FuzzButt Posted May 22, 2003 Share Posted May 22, 2003 I used to get a ton of them but it has gone away as of late. I believe it is one of those false positives. I have search high and low for info abouot and sign of this trojan on my PC but have not found any. Now I am getting odd FTP requests in the middle of the night. Of course NIS grabs it but that is odd too.Chris Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 23, 2003 Share Posted May 23, 2003 owlman77 --I would suggest going to the Symantec AV Center and clicking on the expanded list under the New viral threats listed at the top of the page. On the expanded list page, there is a place to search for viral threats there. Search for "subseven" (sans quotes and no space between sub and seven).There are quite a few variations on subseven backdoor threats.It sounds like someone may well be trying to gain entry to your computer but NIS is catching it. I would suggest familiarizing yourself with what to look for in the different variants, and keep an eye on it just in case.Just my 2 cents Quote Link to comment Share on other sites More sharing options...
Guest ThunderRiver Posted May 23, 2003 Share Posted May 23, 2003 Well, it is false positive. Each day, you should be expected to see probe and scanning towards your ip. It should not be something you should worry about unless you have low security/or Xp is lacking patches Nonetheless, if you are a geek, you should play around with SubSeven. You may say it is playing fire, but hey! Once you get to know it, you can defeat it with no fear. The greatest fear to people is the things that are unknown, so the best way to be familiarzed is to play with SubSeven. Infect yuorself and play aroudn with it and learn how to remove it.It is not hard. I have used BO2k, SubSeven many times before in the past, and it was considered as scriptkiddie tools, but who is here to say when it also has the same remote admin feature as Norton PCAnywhere? Quote Link to comment Share on other sites More sharing options...
jbredmound Posted May 23, 2003 Share Posted May 23, 2003 I sometimes take the time to "match up" my firewall log with my personal report @ MyNetwatchman.The first thing that I noticed was that assaults on my ports usually come in "showers" that last a week or so, and then taper off. Of course, there is the routine, daily traffic, but specific threat attacks seem to come in the shower configuration.It's probably been a couple of months ago that every time I opened OE, Norton was identifying 3 or 4 infected messages. I thought, "What is going on?" After about a week, that ceased, and I haven't had an infected message warning since.As the rodeo clowns would say, "Sometimes, its just your turn in the barrel." Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 23, 2003 Share Posted May 23, 2003 Good point JB. They do tend to go in cycles. I think this is because they are using robot scripts to do the checking and do this within IP ranges. If they don't get anywhere on your IP range, they will move on. Quote Link to comment Share on other sites More sharing options...
owlman77 Posted May 23, 2003 Author Share Posted May 23, 2003 Thanks to each of you have responded, I was wondering if these hack attacks might be some kind of robot because they came from all over the world China, Korea, US, Canada etc but always the same backdoor sub seven trojan. owlman77 Quote Link to comment Share on other sites More sharing options...
Guest ThunderRiver Posted May 23, 2003 Share Posted May 23, 2003 If you often get trojan horse sent to your email box, you need to watch out. It is most likely that you are being targeted because someone you know is trying to get inside your PC.ThunderRiver Quote Link to comment Share on other sites More sharing options...
owlman77 Posted May 24, 2003 Author Share Posted May 24, 2003 The hits that I am recieving are probes detected by Norton INternet Security's fire wall, at least so far. owlman77 Quote Link to comment Share on other sites More sharing options...
Guest ThunderRiver Posted May 24, 2003 Share Posted May 24, 2003 Sounds good to me. I used to have BlackICE, but I later found out that it was quite easy to penetrate such firewal; thus I switched to ZoneAlarm, but then again, I felt that ZA is causing system instability so I am using the firewall from Microsoft. Not the built-in one, but the beta program I am in. Quote Link to comment Share on other sites More sharing options...
ctsolutions Posted June 21, 2003 Share Posted June 21, 2003 I highly recommend Kerio Personal Firewall - they even have a free version. Not really for newbies, but for those who want a lot of control over what comes and goes it's the best I've found (and the best free one by far.) Zone Alarm free seems to be spyware to me - I can't imagine why it would need to check for updates that often - especially once you've told it not to auto-update. Sygate had stability issues, but the lateot Kerio is rock solid and can be set to load as a service (before you even log in.)When I switched from DSL to cable modem, I was connected without my router briefly and I was just amazed by the number of hits my firewall was getting - I can't imagine being connect.ee with neither a NAT router or software firewall! Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 21, 2003 Share Posted June 21, 2003 ctsolutions --Hi and welcome!Actually, ZoneAlarm doesn't have to check for updates at all ... that is a setting you choose. I have it set so I manually check when I hear of an update.BTW: Could you post a link to the Kerio free version for folks that would like to try it out? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.