trojan backdoor 7 - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Nov 21^st, 2008, 12:59pm

   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   trojan backdoor 7

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: trojan backdoor 7 (Read 1016 times)

davisesq212
Newbie

Don't insert text here you fruitloop.

Gender:

Posts: 4

trojan backdoor 7
« on: Mar 28^th, 2004, 4:00am »

Quote

Modify

what is this. Ad-ware seems to always find these items DC792.dll, dc793.dll and dc795 associated with adware.websearch and binet. Is that related to the trojan backdoor seven? My Norton keeps saying someone is trying to get into my system through trojan backdoor seven. How can I finally get rid od it even though NIS runs clean Huh

IP Logged

Ad-aware is my hero.

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5800

Re: trojan backdoor 7
« Reply #1 on: Mar 28^th, 2004, 9:03am »

Quote

Modify

Welcome to the forum davisesq212,

- adware.websearch and binet are spyware/adware that is detected/removed through AdAware6. Be sure you are running the latest version 6.181 of AdAware6 and have the latest updates of the spyware definitions for AdAware (01R276 27.03.2004). Then scan your system with AdAware and let it quarantine/remove the items it found. If the items are found in the System Volume Information folder, you will have to turn off System Restore, reboot your computer, and turn System Restore back on in order to remove any bad items in System Volume Information. If you have any problems removing the bad items, it would be best to register on the Lavasoft user forum and get the experts there to assist you in removing the spyware.
http://www.lavasoftsupport.com/index.php?s=ead0dfbcccb220bad43f58b6dd752 28f&act=idx

- Once you get your system cleaned of spyware/adware, I would recommend installing SpywareBlaster and SpywareGuard. These are free (with the option to donate) and can be found at: www.wilderssecurity.net/spywareblaster.html
www.wilderssecurity.net/spywareguard.html

- The NIS Trojan Backdoor Seven alerts are coming from internet attempts to access your computer through ports that are commonly used by Trojan Backdoor subSeven (there are several variants of this). The only way to stop the alerts from coming in is to close the ports or to create rules that block the IP addresses from which these attempts are coming. You can do this through NIS-Personal Firewall-Advanced tab, General and then create the block rules that you need.

HTH

« Last Edit: Mar 28^th, 2004, 9:04am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

davisesq212
Newbie

Don't insert text here you fruitloop.

Gender:

Posts: 4

Re: trojan backdoor 7
« Reply #2 on: Mar 28^th, 2004, 11:41am »

Quote

Modify

Thanks so VERY much for yours thorough response. Two follow-ups so far for this novice. 1) How do I know if I have ad-aware 6.181 I d/l ad-aware on March 25 & new updates either yesterday or the day before. I don't want to assume I am current unless you tell me how to see my version and; 2) how do I know if the adware is in the system volume information folder? Let's start with that right now......thanks. Am I safe though for now if I have a firewall? McAfee and Zonealarm popped up more frequently when I had them installed in reference to attempts to intrude but norton isnt making much noise.....only one alert in 24 hrs. Is that good or is it too lax?

Lastly and this might/might not be a virus issue/virus related. Since the virus has appeared 4 days ago, when I boot, my system prompts me, before the icons appear, with a pop-up/dialogue box to enter a network password and username. How do I remove that dialog box?

IP Logged

Ad-aware is my hero.

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5800

Re: trojan backdoor 7
« Reply #3 on: Mar 28^th, 2004, 7:00pm »

Quote

Modify

Hello again davisesq212,

To determine which version of AdAware you have, just open AdAware6. On the opening window, look in the lower right corner and it will tell you which version (example: Ad-Aware6 Plus, Build 6.181).

On the same Adaware window under the heading Initialization Status, it shows the date of the Reference File you have downloaded. It looks like: Reference File 01R276 27.03.2004 loaded.

On the same opening window, there is a hotlink titled Check for Updates Now. It is located near the bottom of the window. Be sure to sign onto your ISP before clicking on this link. If a new reference file has been issued, clicking on this link will download the new reference file. Lavasoft updates quite frequently, so you check for a new reference file every day or so.

If AdAware finds a nasty in your System Volume Information folder, it will identify the location of the nasty in folder System Volume Information... C:\System Volume Information\Nasty.exe.

Again, the only way to get rid of a nasty found in this specific folder is to disable System Restore, reboot your computer, and then re-enable System Restore. On Windows XP, you find the System Restore feature by START-SETTINGS-CONTROL PANEL-SYSTEM-SYSTEM RESTORE tab.

Be sure you have turned OFF Windows XP firewall since you are running Norton Internet Security. It is strongly advised NOT to run two software firewalls simultaneously. This can cause false alerts and has also been known to allow unwanted access through your software firewalls.

To turn OFF the Windows XP firewall, START-SETTINGS-CONTROL PANEL-NETWORK CONNECTIONS. Click on your Default Network Connection. Select the Properties hotkey once the connection window opens. Then select the Advanced tab and disable the Windows XP firewall.

It's very hard to judge whether only one NIS alert is good or bad. It all depends on your Internet connection. If you are usings an always-connected cable modem or DSL, you will normally get many unauthorized hits in 24 hours. I've seen up to 400 in any one day with the normal hits on my cable modem as 100-150/day. That's why I use ALL the available power of NIS to set up blocking rules for IP addresses and ports. If you use a slower speed dial-up modem, then the hits are much, much less frequent and of course can only occur when you are signed onto your ISP.

HTH

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

davisesq212
Newbie

Don't insert text here you fruitloop.

Gender:

Posts: 4

Re: trojan backdoor 7
« Reply #4 on: Mar 28^th, 2004, 10:51pm »

Quote

Modify

OK, my veriion of ad-aware is 6.181 and ref file is now 01r277 29.03.2004. As for the other things you mentioned to do, I am too new to even try. Can this trojan stay on my system without tremendous harm? Attempts all seem blocked.

IP Logged

Ad-aware is my hero.

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5800

Re: trojan backdoor 7
« Reply #5 on: Mar 29^th, 2004, 12:51am »

Quote

Modify

No trojan/virus/worm should be allowed to stay on your system. And in my opinion neither should any form of spyware/adware.

Having said that, it is my understanding from your posts that it is Norton Internet Security "alerting" you that an "attempt" to access your computer with Trojan.Backdoor.Seven (subseven) is received. As long as you block these attempts when the alert is issued, then nothing bad is being downloaded or placed on your computer from the "attempt".

Are Norton Antivirus scans finding any trojans/worms/viruses?

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

davisesq212
Newbie

Don't insert text here you fruitloop.

Gender:

Posts: 4

Re: trojan backdoor 7
« Reply #6 on: Mar 29^th, 2004, 2:54am »

Quote

Modify

You are correct. NIS Professional is alerting me that someone has attempted to access my system through trojan.backdoor.subseven. NIS has luckily blocked the attempts automatically via their default settings. I have not chged any settings since install. I am happy with NIS other then this trojan that won't go away. (Is their a different between NIS and NIS Porfessional; I mistaken purchased the professional version and I have a stand-alone system..thinking of exchanging it for home version).

I ran the NAV right before writing this to be sure I have a clean system according to latest defs and I do. Nothing comes up. I really would like this trojan gone but understand, I am an utter novice. I need step by step by step instructions. If I am unsure of anything, I probably won't do it. It took me days to get to a system that doesn't crash. That alone keeps me sleeping at night.

One problem I am finding is that the only chatroom I use is using javascript and my NIS firewall set on medium) default I believe is not allowing me in. No second window for the room pops up like it used to. What can I do to correct that? Tongue

IP Logged

Ad-aware is my hero.

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5800

Re: trojan backdoor 7
« Reply #7 on: Mar 29^th, 2004, 4:49am »

Quote

Modify

NIS 2004 Professional is geared toward small office and business networks. If you are single computer with no network, you can just use NIS 2004.

Are you sure you even have Java on your computer? Since Microsoft lost the legal fight against Sun Microsystems, Microsoft does not bundle Java with Windows XP. Do a search for Java using Windows Explorer. You may need to download and install it from the following website:

http://www.java.com/en/index.jsp

Also, understand that it is NOT NIS that is the guilty party for the Backdoor Trojan. It is the INTERNET that is the guilty party. NIS is doing it's job for you...blocking malicious attempts from other users of the Internet.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register