Help needed with Backdoor/SubSeven Trojan

  • Thread starter Thread starter Pete Richardson
  • Start date Start date
P

Pete Richardson

Hi,

First of all, apologies if this is a stupid question. I'm running Windows
98SE with Norton 2003 anti-virus/firewall, etc. Recently over the last
couple of days, I'm getting a huge increase in the number of "high risk"
warnings from the firewall protection saying...

"Attempt to connect to local computer using the Backdoor/SubSeven Trojan
horse blocked" It then gives me then time of the "attack", the protocol -
TCP (Inbound), together with remote (I'm assuming the ip no of the computer
trying to connect to mine) and the local address.

A friend has told me that it's nothing to worry about - that it's just
another pc dialling random ip numbers trying to get in, but that my firewall
is stopping it. Is this right ? In fact, just while typing this email, I've
had THREE warnings pop up all from totally different ip addresses. It's the
sudden increase in "attacks" that's making me feel this isn't just my pc
being targetted randomly.

I've tried using a few Trojan removal programs but so far they all come back
saying my pc is clean.

Thanks for any help you can give.
Pete.
 
"Attempt to connect to local computer using the Backdoor/SubSeven Trojan
horse blocked" It then gives me then time of the "attack", the protocol -
TCP (Inbound), together with remote (I'm assuming the ip no of the
computer trying to connect to mine) and the local address.

A friend has told me that it's nothing to worry about - that it's just
another pc dialling random ip numbers trying to get in, but that my
firewall is stopping it. Is this right ? In fact, just while typing this
email, I've had THREE warnings pop up all from totally different ip
addresses. It's the sudden increase in "attacks" that's making me feel
this isn't just my pc being targetted randomly.
Click to expand...


Your mate's right.. nothing to worry about. Personal opinion, either
disable the (stupidly annoying) alerts.. or find a decent firewall (not
norton bloatware etc).

Anyways.. to your point..

As you have alerts enabled.. you can easily see that the firewall in this
case has done what it says on the tin and blocked the connection attempt
(or portscan). The time when you _want_ to be concerned, is when you have
alerts enabled and you _don't_ see that.. then you know you have something
listening on the port.

HTH clarify =)



Regards,

Ian
 
Back
Top