Hey computer geeks. I just installed Norton Internet Security 2002 (formerly Norton Personal Firewall) on my machine here. Its running Win2K Pro on a always-on cable modem without any physical firewall.
Anyways, since I’ve had it on I get an alert warning of “Default Block Backdoor/SubSeven Trojan horse”. It seems to happen almost constantly.
I’ll be the first to admit that while I’m somewhat used to the basics of computers and the internet I know absolutely nothing about networks and the concept of internet security.
What is this alert for? Should I be concerned? I haven’t been able to really learn anything from my web searches or from the Symantec site. Any advice or thoughts from you folks?
You should be concerned: “Backdoor.Subseven.22.a acts as the server application that allows a remote user to control and retrieve information from your system. Some of the capabilities include searching, retrieving, and sending files, stealing passwords, changing the colors and resolution, playing sounds, and changing the date and time.”
Anyways, this seems like what I ws seeing. I’ve scanned my computer a few times and it never reports finding any trojans. But it looks like the alert I’m getting is the the firewall blocking it from being downloaded. Which is good news since I think I’m not infected, just trying to be infected.
Though it makes me wonder, I was running for months without any security, and I must have been getting hit with these attempts. If so, why would I not be infected?
My first thought would be that you have a trojan on your machine. Norton’s firewall can only block it; it doesn’t remove it. If it’s blocking it “contantly,” the odds are that it’s on your machine. Also, if the trojan is on your machine and running, Norton antivirus can’t clean it.
My first thought would be that you have a trojan on your machine. Norton’s firewall can only block it; it doesn’t remove it. If it’s blocking it “constantly,” the odds are that it’s on your machine. Also, if the trojan is on your machine and running, Norton antivirus can’t clean it.
Just to agree with cls, you are not infected. Those who wish to compromise other computers will generally scan large IP ranges constantly in search for infected machines. Machines that are infected will be logged for exploitation at a later date, nothing happens to those that aren’t. The same person will often scan frequently, and there are many people simultaneously running the same scans. This leads to a large number of probes every day. In conclusion, as long as you aren’t infected, these probes are harmless.
I think the hamsters are getting up in years, I’ve been losing alot of posts lately.
RealityChuck, just to be safe I checked that website, and none of the registry keys they list in the removal instructions exist on my machine. Hopefully, I’m not infected. Why do you say that NAV wouldn’t be able to clean this? On the NAV website, the first step in their cleaning procedure is to run NAV to wipe it out.
All those probes certainly are annoying, I always get a IP address from the machine attempting to access me, should I do anything with that or report it to anyone?
No, just ignore it. While technically port scanning is a crime, no one cares. The government doesn’t care enough to prosecute, and their ISP doesn’t care enough to stop taking their money. You’ll just have to get used to it.
If the trojan is running, antivirus software can’t clean it until you remove the registry keys and reboot. Windows doesn’t allow you to delete a running file.