Backdoor Subseven
Before "Ze Germans" get here
Thread Starter
Join Date: Apr 2003
Location: ?
Posts: 319
Likes: 0
Received 0 Likes
on
0 Posts
Backdoor Subseven
All, As soon as I bought my latest computer I got Norton Antivirus, Spybot, Adaware and a Norton Firewall. I made the big mistake of installing the original version of Kazaa. I started getting those stupid Pop ups every 2 minutes when connected to the Internet. Uninstalled Kazaa, and put on Kazaa Lite which doesnt have all the ads and spyware. However, Still got lots of pop ups, but the firewall stopped them. I am told that they leave a program on your computer that sends out information to whoever created these programs, and therefore rely on being allowed to communicate, and I understand this is how the firewall stopped them. I also got alerts everday that the backdoor subseven trojan was trying to breach the firewall, and thought that these were just false alarms, so thought nothing of them.
Today I was trying to set up a wirelss network in my house. I bought a wireless hub which has a built in router. I noticed that when I had not got the cable connected to the router that the lights on the modem(Indicating traffic) was flashing away, indicating to me that these trojans are still trying to get out. I update my virus every couple of days, so am wondering what I should do? Thanks in advance.
P.S You''ll have to bare with me. Although able to use acomputer reasonably well, having had a look around in here I realize that I am still a novice and that I may have left some info out of this question.
Today I was trying to set up a wirelss network in my house. I bought a wireless hub which has a built in router. I noticed that when I had not got the cable connected to the router that the lights on the modem(Indicating traffic) was flashing away, indicating to me that these trojans are still trying to get out. I update my virus every couple of days, so am wondering what I should do? Thanks in advance.
P.S You''ll have to bare with me. Although able to use acomputer reasonably well, having had a look around in here I realize that I am still a novice and that I may have left some info out of this question.
![My names Turkish is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Ecce Homo! Loquitur...
Symantec - Backdoor subseven Removal instructions.
![ORAC is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Before "Ze Germans" get here
Thread Starter
Join Date: Apr 2003
Location: ?
Posts: 319
Likes: 0
Received 0 Likes
on
0 Posts
ORAC, Thanks did that, didnt turn up any of the files or values in the lists. Is it possible that the firewall just thinks that they are attacks, i.e false alarm?
![My names Turkish is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Before "Ze Germans" get here
Thread Starter
Join Date: Apr 2003
Location: ?
Posts: 319
Likes: 0
Received 0 Likes
on
0 Posts
FSD, Yes I have both. I think the Firewall was just a bit too sensitive. However I still wonder why there is still so much aoutbound traffic? I wonder if its got to do with the workings of Kazaa?
![My names Turkish is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Join Date: Jun 2001
Location: UK
Posts: 173
Likes: 0
Received 0 Likes
on
0 Posts
I have the norton software
but not the other stuff my data light is flashing away most of the time. I usually get the backdoor subseven msg several times a day, of a certain ip address trying to access through the trojan horse method. I want to trace the ip address and block it, anyone know how to track it down it is 24.114.178.41.
Ta.
Ta.
![Smilie](https://www.pprune.org/images/smilies/smile.gif)
![fadec_primary_channel is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
The Oracle
![](http://www.naples-air-center.com/DAoC/nac.gif)
![](http://www.naples-air-center.com/DAoC/nac.gif)
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
fadec_primary_channel,
Here is the info on the IP:
Take Care,
Richard
Here is the info on the IP:
Rogers Cable Inc. ROGERS-CAB-2 (NET-24-114-0-0-1)
24.114.0.0 - 24.114.255.255
Rogers Cable Inc. Ym ON-ROG-YM-29 (NET-24-114-128-0-1)
24.114.128.0 - 24.114.191.255
24.114.0.0 - 24.114.255.255
Rogers Cable Inc. Ym ON-ROG-YM-29 (NET-24-114-128-0-1)
24.114.128.0 - 24.114.191.255
Richard
![Naples Air Center, Inc. is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Nice-but-dim
Join Date: Sep 2001
Location: Rural Yorkshire
Posts: 636
Likes: 0
Received 0 Likes
on
0 Posts
Anyone who has a firewall and is connected to the net for any length of time will get these alerts. I also run all the software you list (inc Kazaalite) and even on my dialup connection, usually get an alert (typically a subseven) within 10 or 15 minutes. These alerts do not mean you have the trojan horse, just that scum using port scanners are looking for PC's infected with the program. The alert is just showing it (the firewall) has 'bounced' the scan, so even if your pc did have the trojan horse, the intruder would'nt get anywhere near it.
Rest assured, if you have all that protection, and you keep it up to date, you really should not have a problem.
The outbound traffic you are noticing could be just small packets of data being sent upstream (normal activity), or running programs attempting to update themselves.
Tim
Rest assured, if you have all that protection, and you keep it up to date, you really should not have a problem.
The outbound traffic you are noticing could be just small packets of data being sent upstream (normal activity), or running programs attempting to update themselves.
Tim
![timmcat is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Join Date: Sep 1998
Location: Sydney, Australia
Posts: 513
Likes: 0
Received 0 Likes
on
0 Posts
Turkish,
If you close Kazaa lite with the close button (top right "X") rather than from the menu with File | Exit, Kazaa minimises to the system tray. It is still running in the background and will respond to requests for files you hold and send them.
That could account for some outbound traffic.
AA
If you close Kazaa lite with the close button (top right "X") rather than from the menu with File | Exit, Kazaa minimises to the system tray. It is still running in the background and will respond to requests for files you hold and send them.
That could account for some outbound traffic.
AA
![Ausatco is offline](https://www.pprune.org/images/statusicon/user_offline.gif)
Join Date: Jun 2003
Location: europe
Posts: 68
Likes: 0
Received 0 Likes
on
0 Posts
useful site
This may be useful http://forums.spywareinfo.com/. There are some interesting sypeware removal/kazaa removal tools for free. I used a programmes called kazaabegone to great effect ! Seems to work.
![livinginspain is offline](https://www.pprune.org/images/statusicon/user_offline.gif)