Backdoor Subseven
 

All, As soon as I bought my latest computer I got Norton Antivirus, Spybot, Adaware and a Norton Firewall. I made the big mistake of installing the original version of Kazaa. I started getting those stupid Pop ups every 2 minutes when connected to the Internet. Uninstalled Kazaa, and put on Kazaa Lite which doesnt have all the ads and spyware. However, Still got lots of pop ups, but the firewall stopped them. I am told that they leave a program on your computer that sends out information to whoever created these programs, and therefore rely on being allowed to communicate, and I understand this is how the firewall stopped them. I also got alerts everday that the backdoor subseven trojan was trying to breach the firewall, and thought that these were just false alarms, so thought nothing of them.

Today I was trying to set up a wirelss network in my house. I bought a wireless hub which has a built in router. I noticed that when I had not got the cable connected to the router that the lights on the modem(Indicating traffic) was flashing away, indicating to me that these trojans are still trying to get out. I update my virus every couple of days, so am wondering what I should do? Thanks in advance.

P.S You''ll have to bare with me. Although able to use acomputer reasonably well, having had a look around in here I realize that I am still a novice and that I may have left some info out of this question.

Symantec - Backdoor subseven Removal instructions.

ORAC, Thanks did that, didnt turn up any of the files or values in the lists. Is it possible that the firewall just thinks that they are attacks, i.e false alarm?

Have you downloaded the latest Spybot and AdAware definitions lately as between the two they can usually rid your machine of this infuriating spyware.

FSD, Yes I have both. I think the Firewall was just a bit too sensitive. However I still wonder why there is still so much aoutbound traffic? I wonder if its got to do with the workings of Kazaa?

I have the norton software
 

but not the other stuff my data light is flashing away most of the time. I usually get the backdoor subseven msg several times a day, of a certain ip address trying to access through the trojan horse method. I want to trace the ip address and block it, anyone know how to track it down it is 24.114.178.41.


Ta.:)

fadec_primary_channel,

Here is the info on the IP:

Take Care,

Richard

A word of warning with Kazaa when you uninstall it it leaves behind the spyware and advertising programs.

Anyone who has a firewall and is connected to the net for any length of time will get these alerts. I also run all the software you list (inc Kazaalite) and even on my dialup connection, usually get an alert (typically a subseven) within 10 or 15 minutes. These alerts do not mean you have the trojan horse, just that scum using port scanners are looking for PC's infected with the program. The alert is just showing it (the firewall) has 'bounced' the scan, so even if your pc did have the trojan horse, the intruder would'nt get anywhere near it.
Rest assured, if you have all that protection, and you keep it up to date, you really should not have a problem.

The outbound traffic you are noticing could be just small packets of data being sent upstream (normal activity), or running programs attempting to update themselves.

Tim

Turkish,

If you close Kazaa lite with the close button (top right "X") rather than from the menu with File | Exit, Kazaa minimises to the system tray. It is still running in the background and will respond to requests for files you hold and send them.

That could account for some outbound traffic.

AA

useful site
 

This may be useful http://forums.spywareinfo.com/. There are some interesting sypeware removal/kazaa removal tools for free. I used a programmes called kazaabegone to great effect ! Seems to work.