Some one is hacking me with troj_sub7 .... what should i do :(

[Omegachi]

one day i noticed that my files are moving right in front of my eyes with me doing anything.. i scanned for virus and i found the troj_sub7 virus... i was able to delete it with with a anti-virus program... but recently its been happening again....what should i do... how can i prevent future attacks

 

[Lightbulb]

Well...if your anti-virus program couldn't remove the trojan from the files. You might need to reinstall it with a clean copy of the program. Install ZoneAlarm, it could helps you to block some unauthorized activities between your computer and the internet. Also, you might want to install some programs which are aimed for trojans...like The Cleaner, etc.

 

[MustangSVT]

Sub7's are hard to stop because the file u deleted probably was not the original file that came in to ur computer. From what i know (very little ), some sub7's come like a windows or important file name like win.dlI (notice the second "L" is i) and it'll create several hidden files and delete itself. once it does that all it does is, once ur computer is turned on and connected to net, itll connect to certain irc channel to report that it's ready. and then master can tell it to do whatever from there.
so unless u have acess to disable the ports its using, you might want to do a complete format(that means u do Fdisk/MBR 3 times and also delete partition and remake partitio) and reinstall everything but setup firewall (zone alarm seems to be good and its free!)before u install programs.

Good luck.

 

[LANMAN]

I guess if I found a sub7, I would disconnect from the internet, fdisk my HD, reinstall the OS and any other applications you like. Use a second pc to download zonealarm, install that to your new setup and then reconnect to the internet for any updates or patches you may need.

You maybe interested in downloading neotrace if your zonealarm goes off and find that pesty little "script kiddie" and find out where he's coming from. If he's in the US most ISP's are very helpful in notifying the other party to stop doing it or be disconnected.

PM me if you need more help hey?

Cheers!!

--LANMAN

 

[Russ]

The problem with SubSeven is that it places (and replaces) several different files in various locations (systemi.ini, registry, etc) so that even after your AV software deletes the Daddy file, the Baby files re-propogate as soon as you reboot.

Read this material, and see if you really need to do a format and re-install. Sometimes it can be removed without taking that step.

Once you're satisfied that it's completely gone, do three major things:

1. UN-BIND TCP/IP from File and Print Sharing.
2. PASSWORD protect your shares.
3. INSTALL Zone Alarm.

Taking those three steps will keep, at least this particular trojan, from ever bothering you again.

Russ, NCNE

 

[Omegachi]

hmm... thanks guys, but where can i dl a copy of neotrace or zonealarm?

 

[mikejae]

Are the sub7's the article posted at grc.com which was posted at overclockers.com? After reading that I quickly installed zone alarm.

 

[Abzstrak]

download them from here:

www.neotrace.com
www.zonealarm.com