patboivin Posted March 17, 2001 Share Posted March 17, 2001 A utility on my PC showed me that some TCP ports on my machine are in use, by something called "Executor trojan". My old PC is behaving strangely, e.g. I have to double-click on Start menu items to get a response, single clicks won't do. Does anyone know how to get rid of this thing? I have F-Prot on my machine, Backend, Jammer, Tau Monitor and ZoneAlarm, but none of the utilities seem to be able to clean up my machine. TIA Link to comment Share on other sites More sharing options...
CJMello Posted March 17, 2001 Share Posted March 17, 2001 Have you tried McAfee or Norton anti virus? ------------------ Order, Counterorder, Disorder. - von Moltke Link to comment Share on other sites More sharing options...
Blackhorse Posted March 17, 2001 Share Posted March 17, 2001 What utility did you use to detect them? Link to comment Share on other sites More sharing options...
CJMello Posted March 17, 2001 Share Posted March 17, 2001 Probably can't respond as the virus sends an E-Mail to all in his addy book. Hopefully not though. Whatever utility that detected it (Norton or McAfee) should be able to get rid of it. They may need to be updated if you haven't been on top of those things. ------------------ Order, Counterorder, Disorder. - von Moltke Link to comment Share on other sites More sharing options...
Subvet Posted March 17, 2001 Share Posted March 17, 2001 On the subject of trojans: have you guys heard about the latest version of the "subseven" trojan? Man this thing is going to be nasty! It will make these other trojans look a walk in the park. ------------------ Craiger All your victory flag are belong to me [This message has been edited by Subvet (edited 03-17-2001).] Link to comment Share on other sites More sharing options...
Maximus Posted March 17, 2001 Share Posted March 17, 2001 Man you guys are mean, I thought this was a thread about propalactics. LOL! ------------------ For your dream car click here. For a Close Encounter click here. Hey look! I can see my house! And for all you Hamster Lovers out there, check this out! Kitty, this one's for you! Link to comment Share on other sites More sharing options...
Bozza Posted March 17, 2001 Share Posted March 17, 2001 I use BlackIce as an anti-hack device and I am amazed at how many people checking out my PC are actually looking for the Subseven Trojan program. (For what reason I don't know) Link to comment Share on other sites More sharing options...
Subvet Posted March 18, 2001 Share Posted March 18, 2001 I hear ya Bozza. For those that want to know more, see what ZDNet has to say about it here: http://netscape.zdnet.com/zdnn/stories/news/0,4586,2695851,00.html Or go to the source here: http://www.sub7files.com/ ------------------ Craiger All your victory flag are belong to me Link to comment Share on other sites More sharing options...
patboivin Posted March 18, 2001 Author Share Posted March 18, 2001 FYI after downloading Norton Antivirus for nothing (it doesn't run on Windows95a), I downloaded McAfee AntiVirus and scanned my whole disk. There were five infected files INSIDE two .zip files, i.e. I haven't run those yet, therefore they weren't the cause of my problems. My PC is still infected. I have a little utility which showed me last night that port 1411 was open for something called "Executor trojan", while ports 1412,1413,1414 were in "closing" state. Since they stayed in "closing" state for at least half an hour on my machine, obviously whatever server they were supposed to handshake with wasn't responding. Norton AntiVirus, McAfee, F-Prot can't clean up my PC. Are there better products out there that would be able to remove ALL trojans? Oh I have a fast download utility called Download Accelerator Plus. What it does is search for alternative sources of a file, when we try to download something. Then it downloads the file in parallel chunks from these various sources. Just to let you know, it's not uncommon for servers in Eastern Block countries to show up, including ftp.kgb.ru and ftp.nsu.ru.. Those servers never end up serving files, they just show up in the download utility's list with 0 bytes downloaded -- somehow when we download stuff these ftp servers are sometimes there... FTP servers let us download, but as you must know they also can UPLOAD stuff. Beware! We are being watched, plus I am paranoid now because I can't clean my machine. Thanks, if anyone can help. If I don't figure out what to do by Monday night, I am going to low-format my hard disks and completely re-install everything. GROAN Link to comment Share on other sites More sharing options...
Blackhorse Posted March 18, 2001 Share Posted March 18, 2001 Originally posted by patboivin: I have a little utility which showed me last night that port 1411 was open for something called "Executor trojan", while ports 1412,1413,1414 were in "closing" state. Since they stayed in "closing" state for at least half an hour on my machine, obviously whatever server they were supposed to handshake with wasn't responding. I ask again, What is the utility and where did you get it? Link to comment Share on other sites More sharing options...
CJMello Posted March 18, 2001 Share Posted March 18, 2001 For more info on the subseven: http://vil.mcafee.com/dispVirus.asp?virus_k=10566& ------------------ Order, Counterorder, Disorder. - von Moltke Link to comment Share on other sites More sharing options...
zahl Posted March 18, 2001 Share Posted March 18, 2001 Reboot your system, connect to the net and run Netstat -an to determine your current tcp/ip connections. See which ports are being listened. Are you seeing port 1411 or similar ones on this list? Link to comment Share on other sites More sharing options...
rwcanuck Posted March 18, 2001 Share Posted March 18, 2001 I had my bout with Trojans two weeks ago. I now have the T Innoculate free virus scanner which is constantly updated and is very good at getting rid of viruses and worms. Also, Zone Alarm which was recommended to me on the CM chat has helped to keep my computer free of these nasty viruses RW Link to comment Share on other sites More sharing options...
Firefly Posted March 18, 2001 Share Posted March 18, 2001 patboivin, Before you do anything too drastic you might want to look at TDS from http://tds.diamondcs.com.au/ It's a commercail product, but there is a time-linited demo that might solve your immediate problem. Whether you go on to buy it is up to you. I have no connection with the company . Link to comment Share on other sites More sharing options...
Firefly Posted March 18, 2001 Share Posted March 18, 2001 Whoops, double post. Nothing to see here, move along please. [This message has been edited by Firefly (edited 03-18-2001).] Link to comment Share on other sites More sharing options...
Skott Karlsson Posted March 18, 2001 Share Posted March 18, 2001 Them damn Trojans... If they ain't stealing the most beautiful woman in the world then their invading our computer systems or forcing us to include them in our romantic activities. Whats up with that? ::laughs:: ~Skott~ Link to comment Share on other sites More sharing options...
patboivin Posted March 20, 2001 Author Share Posted March 20, 2001 Originally posted by Blackhorse: I ask again, What is the utility and where did you get it? It's called Jammer I think, or Tauscan. Can't remember which, although I would NOT configure either of these to start up when you boot your machine, be prepared to go get coffee, beer, snacks, go to the washroom, and a bring something to read before they have finished scanning your machine at startup. It may just be my machine here, some kind of timeout error that I can't track down... www.agnitum.com They are gloating today, but a few days ago their site pointed to the Security overview section. Click on the Security link in the left frame to go to it, it's a good read. Anyway I now have a copy of Windows95b, still transferring stuff to my laptop, will do a low-level format and re-install everything. It's a good excuse for me to clean up the computer. I can't install Windows2000, this is an old clunker of a PC with parts that are at least five years old. I am convinced now that if a non-teenager or twenty-something hacker organisation wanted to get into my PC, they could do it even if I have a firewall, plus McAfee or other commercial virus / trojan defence software. A system administrator I work with says he uses Black Ice too for his home LAN, but I'm too cheap I want to find something for free. I know I get what I pay for but I like the adventure. I took a crash course in computer security this weekend, and it was all a fluke -- if I hadn't had that Download Accelerator utilty running, I wouldn't have suspected anything. You can call me paranoid from now on, maybe I should change my CM Board username... I can still play CM though, so keep those PBEMs coming Kevin, Patrick and Stefan. I haven't been winning too many battles lately so I expect the PBEMs to keep coming... Link to comment Share on other sites More sharing options...
Subvet Posted March 20, 2001 Share Posted March 20, 2001 Originally posted by patboivin: A system administrator I work with says he uses Black Ice too for his home LAN, but I'm too cheap I want to find something for free. I know I get what I pay for but I like the adventure. Get ZoneAlarm. It's free, and arguably as good or better than Black Ice. I won't connect to the internet from my computers without it up and running. ------------------ Craiger All your victory flag are belong to me Link to comment Share on other sites More sharing options...
patboivin Posted March 20, 2001 Author Share Posted March 20, 2001 Thanks, I already have it. Link to comment Share on other sites More sharing options...
Guest Madmatt Posted March 20, 2001 Share Posted March 20, 2001 Okay, time to move this to the General Forum. Thanks! Madmatt Link to comment Share on other sites More sharing options...
Recommended Posts