OT -- trojans

[patboivin]

A utility on my PC showed me that some TCP ports on my machine are in use, by something called "Executor trojan".

My old PC is behaving strangely, e.g. I have to double-click on Start menu items to get a response, single clicks won't do.

Does anyone know how to get rid of this thing?

I have F-Prot on my machine, Backend, Jammer, Tau Monitor and ZoneAlarm, but none of the utilities seem to be able to clean up my machine.

TIA

[CJMello]

Have you tried McAfee or Norton anti virus?

------------------

Order, Counterorder, Disorder. - von Moltke

[Blackhorse]

What utility did you use to detect them?

[CJMello]

Probably can't respond as the virus sends an E-Mail to all in his addy book. Hopefully not though. Whatever utility that detected it (Norton or McAfee) should be able to get rid of it. They may need to be updated if you haven't been on top of those things.

------------------

Order, Counterorder, Disorder. - von Moltke

[Subvet]

On the subject of trojans: have you guys heard about the latest version of the "subseven" trojan? Man this thing is going to be nasty! It will make these other trojans look a walk in the park.

------------------

Craiger

All your victory flag are belong to me

[This message has been edited by Subvet (edited 03-17-2001).]

[Maximus]

Man you guys are mean, I thought this was a thread about propalactics. LOL!

------------------

For your dream car click here.

For a Close Encounter click here.

Hey look! I can see my house!

And for all you Hamster Lovers out there, check this out! Kitty, this one's for you!

[Bozza]

I use BlackIce as an anti-hack device and I am amazed at how many people checking out my PC are actually looking for the Subseven Trojan program. (For what reason I don't know)

[Subvet]

I hear ya Bozza. For those that want to know more, see what ZDNet has to say about it here: http://netscape.zdnet.com/zdnn/stories/news/0,4586,2695851,00.html

Or go to the source here: http://www.sub7files.com/

------------------

Craiger

All your victory flag are belong to me

[patboivin]

FYI after downloading Norton Antivirus for nothing (it doesn't run on Windows95a), I downloaded McAfee AntiVirus and scanned my whole disk. There were five infected files INSIDE two .zip files, i.e. I haven't run those yet, therefore they weren't the cause of my problems. My PC is still infected.

I have a little utility which showed me last night that port 1411 was open for something called "Executor trojan", while ports 1412,1413,1414 were in "closing" state. Since they stayed in "closing" state for at least half an hour on my machine, obviously whatever server they were supposed to handshake with wasn't responding.

Norton AntiVirus, McAfee, F-Prot can't clean up my PC. Are there better products out there that would be able to remove ALL trojans?

Oh I have a fast download utility called Download Accelerator Plus. What it does is search for alternative sources of a file, when we try to download something. Then it downloads the file in parallel chunks from these various sources.

Just to let you know, it's not uncommon for servers in Eastern Block countries to show up, including ftp.kgb.ru and ftp.nsu.ru.. Those servers never end up serving files, they just show up in the download utility's list with 0 bytes downloaded -- somehow when we download stuff these ftp servers are sometimes there...

FTP servers let us download, but as you must know they also can UPLOAD stuff.

Beware! We are being watched, plus I am paranoid now because I can't clean my machine.

Thanks, if anyone can help. If I don't figure out what to do by Monday night, I am going to low-format my hard disks and completely re-install everything. GROAN

[Blackhorse]

Originally posted by patboivin:

I have a little utility which showed me last night that port 1411 was open for something called "Executor trojan", while ports 1412,1413,1414 were in "closing" state. Since they stayed in "closing" state for at least half an hour on my machine, obviously whatever server they were supposed to handshake with wasn't responding.

I ask again, What is the utility and where did you get it?

[CJMello]

For more info on the subseven:

http://vil.mcafee.com/dispVirus.asp?virus_k=10566&

------------------

Order, Counterorder, Disorder. - von Moltke

[zahl]

Reboot your system, connect to the net and run Netstat -an to determine your current tcp/ip connections. See which ports are being listened. Are you seeing port 1411 or similar ones on this list?

[rwcanuck]

I had my bout with Trojans two weeks ago. I now have the T Innoculate free virus scanner which is constantly updated and is very good at getting rid of viruses and worms.

Also, Zone Alarm which was recommended to me on the CM chat has helped to keep my computer free of these nasty viruses

RW

[Firefly]

patboivin,

Before you do anything too drastic you might want to look at TDS from

http://tds.diamondcs.com.au/

It's a commercail product, but there is a time-linited demo that might solve your immediate problem. Whether you go on to buy it is up to you.

I have no connection with the company .

[Firefly]

Whoops, double post.

Nothing to see here, move along please.

[This message has been edited by Firefly (edited 03-18-2001).]

[Skott Karlsson]

Them damn Trojans... If they ain't stealing the most beautiful woman in the world then their invading our computer systems or forcing us to include them in our romantic activities. Whats up with that? ::laughs::

~Skott~

[patboivin]

Originally posted by Blackhorse:

I ask again, What is the utility and where did you get it?

It's called Jammer I think, or Tauscan. Can't remember which, although I would NOT configure either of these to start up when you boot your machine, be prepared to go get coffee, beer, snacks, go to the washroom, and a bring something to read before they have finished scanning your machine at startup. It may just be my machine here, some kind of timeout error that I can't track down...

www.agnitum.com

They are gloating today, but a few days ago their site pointed to the Security overview section. Click on the Security link in the left frame to go to it, it's a good read.

Anyway I now have a copy of Windows95b, still transferring stuff to my laptop, will do a low-level format and re-install everything. It's a good excuse for me to clean up the computer. I can't install Windows2000, this is an old clunker of a PC with parts that are at least five years old.

I am convinced now that if a non-teenager or twenty-something hacker organisation wanted to get into my PC, they could do it even if I have a firewall, plus McAfee or other commercial virus / trojan defence software.

A system administrator I work with says he uses Black Ice too for his home LAN, but I'm too cheap I want to find something for free.

I know I get what I pay for but I like the adventure.

I took a crash course in computer security this weekend, and it was all a fluke -- if I hadn't had that Download Accelerator utilty running, I wouldn't have suspected anything.

You can call me paranoid from now on, maybe I should change my CM Board username...

I can still play CM though, so keep those PBEMs coming Kevin, Patrick and Stefan. I haven't been winning too many battles lately so I expect the PBEMs to keep coming...

[Subvet]

Originally posted by patboivin:

A system administrator I work with says he uses Black Ice too for his home LAN, but I'm too cheap I want to find something for free.

I know I get what I pay for but I like the adventure.

Get ZoneAlarm. It's free, and arguably as good or better than Black Ice. I won't connect to the internet from my computers without it up and running.

------------------

Craiger

All your victory flag are belong to me

[patboivin]

Thanks, I already have it.

[Guest Madmatt]

Okay, time to move this to the General Forum.

Thanks!

Madmatt