• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

backdoor/subseven

Question

nexionly    0

Norton Antivirus keeps telling me that backdoor/subseven is being blocked and it tells me it has been blocked for the past 30 minutes and such. thats all it tells me that and this ip number 24.66.172.10,27374 it won't tell me where the subseven/backdoor virus is on my computer or anything and it Id like to be able to get rid of it... any ideas?

Share this post


Link to post
Share on other sites

19 answers to this question

Recommended Posts

  • 0
fr33k    2

find the subseven and see if the guy who made it has a faq on how to remove it.

you might want to look on the symantec website and cnet downloads too. + figure out what you put on your computer that the subseven came with and tell us so everyone can avoid it

Share this post


Link to post
Share on other sites
  • 0
rand0m.bullet    33

if ur running ME or XP don't forget to turn off system restore and restart cause most likly the sub7 backdoor will be backed up

Share this post


Link to post
Share on other sites
  • 0
rand0m.bullet    33

but if u r running Win ME don't forget to get a new os ;)

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

It has been on my computer for a long while, I just ignored it. but I started thinking that it could be the cause to my computer crashing, because it always crashes when I play Ragnarok Onine which an online rpg and I have to disable my firewall...

I am running some scans and such, and will keep you informed.

Share this post


Link to post
Share on other sites
  • 0
fr33k    2

why would you ignore your computer being hacked?

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

because the firewall is blocking it. so I hadn't really thought too much of it.

and yes I know its stupid yeya.

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

so apparently I have Executor, RingZero,Tiny Telnet Server. And thats just what I know of, Im going to download a few other virus scanners now and run them as I sleep.

Share this post


Link to post
Share on other sites
  • 0
fr33k    2

dude if those are trojans why waste your time? :ermm: just reformat and do a clean install

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

Because I've got too much stuff on here to reformat.

and that is more work than using a virus scanner to find and get rid of them.:disappoin

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

It is becoming very frustrating as the online trojan scanner tells me I have Tiny Telnet Server, Executor, and Ring Zero trojans on my computer, but not virus scanners seem to be detecting them.

Share this post


Link to post
Share on other sites
  • 0
YahoKa    0

1. Reboot to SAFE MODE

2. Run your anti-virus software manually

3. Run a FULL system scan (and let it fully complete)

4. once it tells you where the files are you can get the software to delete them, or you can do it yourself. OR you can also get another trojan scanner... just make sure ur doing this in safe mode ;)

Share this post


Link to post
Share on other sites
  • 0
[saint lucifer]    0
Originally posted by DJ^TuRKiYe

but if u r running Win ME don't forget to get a new os ;)

LMAO

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

Why is it so important to do it in safe mode, will it work then, and actually detect them?

Share this post


Link to post
Share on other sites
  • 0
YahoKa    0

In safe mode the trojan can't automatically start up (this makes it pretty much impossible to remove)

Share this post


Link to post
Share on other sites
  • 0
mtgriffith    0

I went to the site that freek recommended. It said that I have RingZero. I looked it up on Symantec's site. I searched for the files it drops (yes, I have show hidden files, etc. turned on) and could not find them. I also looked in the reg where it is supposed to be. Nothing there either. I tried scanning in Safe Mode like YahoKa suggested but NAV did not find any viruses.

Do you think Sygate would be lying to get me to buy their firewall?

Share this post


Link to post
Share on other sites
  • 0
nexionly    0

It is quite possible. but I still have Executor... what ever that is.

Share this post


Link to post
Share on other sites
  • 0
MxxCon    0

run msconfig or autoruns to see what you have in startup

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.