Default Block Backdoor/ SubSeven Trojan Horse

[deb_in_nc]

Norton Internet 2003 caught this and stopped it. Visual Tracking showed it came from Los Angeles.Domain name AOL. What do I need to do with this info and what is it?

Debbie

[ColdFront77]

Good idea to post this issue here, Deb.

I am not quite sure what you can do. I noticed some IP addresses on my firewall program of people "reading my computer" and I just recently got Norton AntiVirus after not knowing what happened to (what I did with the anti-virus software I had).

[weatherlover427]

I have Zone Alarm firewall and Norton Anti-Virus (Norton Firewall makes my Internet crash). No hackers or viruses (on my comp) yet! I have had viruses in e-mails though.

[Lindaloo]

I got that a few times today as well deb. I also get alot of Kuang2 virus. It says the "source computer has scanned your machine for this trojan but it has been blocked by our security filters" Of course, I report it all the time to NeoWatch but they still try to get through my firewall.

[Pro-Storm]

I don't mess with firewalls or anti-virus's.....no hackers want anything in my PC. Nothing but games and educational stuff for the kids. Oh....and there is my S2K icon......Rock on!

[mf_dolphin]

Here's some info on the virus:

CHARACTERISTICS
SubSeven is a trojan similar to Back Orifice. Unlike Back Orifice and NetBus, SubSeven does not claim to be a legitimate administration tool. These types of programs (sometimes called "Backdoors" or "Remote Access Trojans") consist of a trojan server and a client program. The server is usually received as an e-mail attachment which installs itself onto the system when run. It may display a fake error message in order to make it seem that the program failed to execute.
When installed, someone can use the client program to connect from another machine and control different parts of the system, ranging from opening and closing the CD drive to modifying the registry, uploading files, and rebooting. It can also take screen shots, monitor keystrokes, and steal passwords from the infected machine. The server can also be set up to send an ICQ, IRC or e-mail message to notify someone of the computer being open to attack.

Compared to earlier versions SubSeven 22 has some new features like proxy support, extended notification capabilities, network sniffing, enhanced distributed denial of service attack (DDoS) capabilities and an open architecture, allowing to expand the base functionality by downloadable plugins.

[Lindaloo]

So what can we do about this Sub 7 Trojan?

[mf_dolphin]

Most virus checking programs should catch and prevent this one. If you think you may be infected, update your virus program and run a scan. It should be able to clean this one up pretty easily.

[Lindaloo]

Marshall maybe you can help me with this one. Yesterday I cleared my explorer cache and defragged my drive. I play Word Whomp in Pogo all the time and had NO problems with the games loading until after I did all of that. I contacted tech support at Pogo and they told me they are having no games loading problems. Did I do something wrong?

[mf_dolphin]

The only thing I can think of is to clear your cache again and clear your cookies. Nothing you did should have caused a problem.

[weatherlover427]

I also have a problem. I need a spam blocker for Outlook Express because I am getting a ton of spam -mail, but when I use it and it's active upon shutdown, my computer hangs at shutdown and I have to shut it down the hard way. I never get an error message. Any ideas?

[Lindaloo]

Thanks Marshall. Will try it.

[streetsoldier]

I checked my Norton Virus Encyclopedia, and found that I'm already protected, but...SubSeven has at least 11 variations to date, which makes me wonder when the next one is coming... :o

[ColdFront77]

Linda, I played "Word Whomp" on "Pogo Games" several months ago. I have been interested in "First Class Solitaire" more often for awhile... however I haven't been able to access; (I even tried "Word Whomp" once the last few days, too). It keeps loading, so I am unable to access the game(s) to play.

Marshall, I have cleaned the cache and cleaned my coookies and have still been having the same problem.

This has been going on for about two weeks.

[Lindaloo]

Tom... I am still having the same problem. I have never had this problem before though. The tech support at Pogo is telling me I need to install or update my Java for Internet Explorer. I am frowning on that decision. So I am going to take my hard drive to a good friend this evening so he can take a look at it. I will let you know what he finds. Your problem and mine could be the same.

[mf_dolphin]

If they say to update Java then it's a pretty good idea. Microsoft shipped some "not so standard" versions of Java and sometimes they can cause problems.

[Lindaloo]

Java can cause "all of a sudden" problems? I have not had any probs in the 4 years I have had this system.

[Lindaloo]

Tom... I went ahead and installed the Java update for internet explorer and BOOM my games now load.

Here is the address for the Java update.

http://java.sun.com/getjava/download/html

It has downloads for internet explorer, netscape etc. Have any problems let me know.

Thanks for all your help Marshall.