[winny22]

hi i downloaded a trojan and norton anti virus quarantined it does this mean my pc is infected or do i just delete the file from quarantine thanxs guys

[nemisys]

If Norton's quaranteened it, this typically means it found it before it had a chance to infect your computer and your computer should not be infected.

Once quaranteened, you ca ncompletely remove the file by deleting from quaranteen.

[winny22]

thanxs nemisys didnt want to reformatt thanxs again

[PsYcO CyBrArIaN]

As well, you might want to back it up with an auxillary scan from like house call and a trojan specific remover(or a general one ) youll be surprised how many times running two or even three can find something else or find the same one because the other couldnt fully delete it. Hopefully it hasnt replicated to your boot sector...

[nemisys]

Might try this link for a web based scan.
http://housecall.antivirus.com/

[Enyo]

i got sub seven, never noticed till i started using e-scan. (although e-scan sucks like hell it gets itself suck in a loop while scanning, it scans half the pc then scans that half again through the hub, sends info to the hub and back to itself then it scans the hd again half waythough. makes me wanna kick it.)

[[EG]~NaTz~]

hey if u got subseven well uhh all i should say is watch what u download...

u guys know what subseven is used for correct?

[cack01]

sounds like the perfect back door virus. http://news.com.com/2100-1001-254164.html


EDIT: man do I have a bad memory. We actually talked about using the GUI version of this virus to monitor the computer cafe at work. Its great (as long as your not infected, b/c it hides itself very very well and can replicate to come back once removed). The version we had let us do all types of things to the other user's screen, see what their seeing, control their mouse/keyboard, file transfer, and a whole lot more. Its impressive, but man I would never never want to be infected by it.

[winny22]

will a formatt get rid of it thanxs i done a scan from trend and it was a clear scan i think norton got it first thanxs again

[I.M.O.G.]

i do not know how I got it but when i had broadband internet i used norton systemworks 2002 including internet security and antivirus... and didn't download anything which i didnt know exactly what it was, but i still got the backdoor subseven. I would get security alerts every 20 minutes telling me someone from a different i.p. address was trying to connect to my computer... i used another one of my favorite programs to track approximately where the attack was coming from geographically and they were never consistent at all, it was always some place different, and it had no geographic concentration whatsoever. i figured they were bogus security warnings... but anyways i keep all my data constantly backed up so i just reformatted and i don't have the problem anymore.

[I.M.O.G.]

holy sh*t that news link was a good read... thats some nasty stuff, im glad i had the firewall blocking all that garbage. i never thought the firewall was really good for much, guess i was wrong.

BTW, i was connected to the internet through a router with 8 other computers, do you know if the virus is network aware so that it could travel directly from computer to computer over the network? there were a couple girls living in my house that would just open any email or attachment they got without thinking about it, i wonder if i didnt catch it from them.

[cack01]

Quote:

Originally posted by I.M.O.G.

BTW, i was connected to the internet through a router with 8 other computers, do you know if the virus is network aware so that it could travel directly from computer to computer over the network? there were a couple girls living in my house that would just open any email or attachment they got without thinking about it, i wonder if i didnt catch it from them.

I really don't remember, I doubt it. Although it is possible, b/c the version that I am familiar with had an option to scan a range of IP addresses and also to look for a specific open port. So making it self aware to copy would not be too hard for the maker.

[Johnny Knoxville]

I used subseven a few times on some people, you can basically access their hard disk and do anything in their computer, like viewing a screenshot of what they're currently doing, opening their cd-rom , deleting files, making fake error messages. Conclusion: make sure you don't have the trojan

[Hayduke]

Quote:

Originally posted by I.M.O.G.
i do not know how I got it but when i had broadband internet i used norton systemworks 2002 including internet security and antivirus... and didn't download anything which i didnt know exactly what it was, but i still got the backdoor subseven. I would get security alerts every 20 minutes telling me someone from a different i.p. address was trying to connect to my computer... i used another one of my favorite programs to track approximately where the attack was coming from geographically and they were never consistent at all, it was always some place different, and it had no geographic concentration whatsoever. i figured they were bogus security warnings... but anyways i keep all my data constantly backed up so i just reformatted and i don't have the problem anymore.

Those are not bogus warnings. They are legitimate scans looking for infected computers. There are an amazing number of infected computers worldwide and an even larger number of freaks who do nothing but sit in front of their computer every spare minute scanning the internet for unprotected computers to exploit. Before I installed my router my Zonealarm logs showed thousands of probes from all over the world just randomly looking for open trojan ports. If you see scans for ports 1243, 2772, 2773, 6771, 6776, 7215, 27374 (most common), 54283, they are looking for Sub7. Other various trojan ports are 1080, 50505, 54320, 60001, and numerous others.

Check out my logs for a 3 month period ONLY for Sub7 port 27374 scans:

http://myweb.cableone.net/hayduke/sub7_probe_log.html

You should see my main log - it's massive! Sometimes the probes come from a certain part of the world for awhile then suddenly stop. Then somewhere else for a few weeks. Montreal was really bad for awhile. I had several coming from Seoul, Korea also.

Some of the WORST internet providers for lax security are Rogers, Road Runner, Shaw Cable and Videotron. I've had more probes from those domains than any other. Most providers frown on port scanning but these obviously don't care.

Now that I have a hardware firewall NOTHING gets through to Zonealarm. Kind of boring now. I miss back-tracking the probes of the day

[winny22]

i cant see any unusual activity goin on in my pc obvious when someone is looking through the pc the internet icon would flash.green anyway the matter is would a formatt cure the trojan or has my norton stopped it gettin thru .any way thanxs for all the replys guys i rely on this support thanxs again.

[Hayduke]

Quote:

Originally posted by winny22
i cant see any unusual activity goin on in my pc obvious when someone is looking through the pc the internet icon would flash.green anyway the matter is would a formatt cure the trojan or has my norton stopped it gettin thru .any way thanxs for all the replys guys i rely on this support thanxs again.

Sure a format will clean out anything you have. That may be the only way to completely repair the damage. That thing alters a lot of files. I got it once but caught it immediately. I accidentally double clicked on a file I suspected instead of right clicking to scan it! Oops. Anyway it really scrambled lots of dll files and after 5 installs of Windows 98 I still haven't fixed them all. It would be easier to just wipe my drive and start over which is what I ended up doing with my backup system.

[cack01]

If you did not run the virus, I think you should be ok.

[Hayduke]

What did Norton say about the quarantine? Is there some reason is wasn't actually removed? If it can't remove it for some reason find out why. Maybe you can fix it. You can always format as a last resort but try to fix it first.

[winny22]

norton couldnt fix it ,said quarantine it (recommended) but i deleted it. thanxs