Results 1 to 8 of 8

Thread: SubSeven Trojan

  1. #1
    fyigmo Guest

    Default SubSeven Trojan

    I have been receiving a "Runtime Error 216 at (address)" at various times when booting up my computer. I then did a Google search found a Microsoft support page located at http://support.microsoft.com/kb/259279 that states this is due to the SubSeven Trojan. I have several questions then: Does ZoneAlarm have definitions for this trojan in it's AV definitions? If so, why did this trojan get by my frequent system scans? If not, does that mean that perhaps the SubSeven Trojan is really a false positive that Microsoft and other companies have incorrectly identified as a trojan? I'd appreciate any and all input regarding this possible security threat. Thanks.

    FYIGMO

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: SubSeven Trojan

    Dear fyigmo:

    I don't have ZAISS but its firewall should detect any outbound communication to the Internet and alert you. SubSeven is a remote administration trojan(RAT), which can be used for both constructive and malicious purposes. FYI, Version 2.2 has 53 files packed in a .zip file. Before speculating whether it is a false positive, I would scan it with another antispyware utility. You can download and install Spy Sweeper, a very good antispyware utility, fully functional for 15 days, from the link at the bottom of this webpage:

    http://www.webroot.com/consumer/prod...r/latestv.html

    I would also look at the processes that display in Windows Task Manager. The executables for SubSeven include EditServer.exe, server.exe, sin.exe, and sub7.exe. You can also search your hard drive for these using Search off the Start menu.

    Hope this helps.

    WATCHER

  3. #3
    fyigmo Guest

    Default Re: SubSeven Trojan

    Watcher,

    Thanks for your reply. I checked out the processes you posted and none of them are listed in Task Manager. I actively run not only ZAISS, but SpySweeper and SpywareDoctor on my system (one of those rare people that can run all three and get away without any problems). Anyway, I run virtually every other spyware and/or rootkit detector you can name on a regular basis, and none have ever detected SubSeven. I tend to suspect that it's a false positive, and to that end I've contacted tech support for SS and SD to check. SD has produced false positives before, but we'll see. I'll let you know what I find out. Sometimes I wonder if getting a Mac would be easier....

    FYIGMO

  4. #4
    watcher Guest

    Default Re: SubSeven Trojan

    Dear fyigmo:

    You're welcome. Good choice of antispyware utilities. I've used both in the past with no problems, along with some others.

    Let me recommend a free behavior-based antispyware utility that will complement the signature-based antispyware utilities you now have. It's called ThreatFire v.3.0 by PCTools. It detects only actively running spyware, not dormant, uses very little RAM, runs well with other security software, and has rec'd a good review in PC Magazine. It can be downloaded here:

    http://www.threatfire.com/download/

    WATCHER

  5. #5
    flyyourway Guest

    Default Re: SubSeven Trojan

    Try checking your memory,if you are not running enough and a MS program hogs what you have you can run into errors of this sort.

  6. #6
    fyigmo Guest

    Default Re: SubSeven Trojan

    Thanks for your response. I'm certain memory isn't the problem as I have 3GB installed and immediately after boot-up I typically have 2.3 GBs still available. I have yet to receive a tech support answer from SD or SS, but if I get anything solid I'll post it.

    To Watcher, thanks for posting the Threatfire URL. I'll download it and give it a whirl...every bit helps when combating malware.

    FYIGMO

  7. #7
    fyigmo Guest

    Default Re: SubSeven Trojan

    Here's a quick update for Watcher and others interested. I contacted Webroot/SpySweeper about SubSeven possibly on my system, and their suggestion was to download their latest version and install it. Thanks a lot, what a great help, said he, sarcastically! I then contacted PCTools/Spyware Doctor and they requested I run the Malware Scan tool they have included with the program, which analyzes your system and sends the data to them so they can attempt to locate and verify an infection for which they have no signature file at present. Now that's what I call real action as PCTools has always actually cared when they're contacted about tech support issues. Anyway, I'm waiting to hear what they have to say and will post it here.

    Just an additional personal note here. I run on a regular basis 15 different anti-malware programs, don't visit any risky sites except Limewire on rare occasion, and use nothing by Micro$oft except, well, my XP Pro O/S, and still these dang things get through. Makes me think more and more of getting a Mac for a strictly internet machine and being done with the headache. Any insights?

    FYIGMO

  8. #8
    flyyourway Guest

    Default Re: SubSeven Trojan

    There are many ways certain types of bugs or nefarious programs can get by,even when running 20 protective programs,a computer is never 100% secure wether you are surfing online nice websites or naughty ones.Limewire can give you a nasty little vermin even when running your AntiVirus that is up2date.I know from experiance things get by since I test in this area alot.I suggest you wipe your HD if you do feel you been infested and anti virus/spyware/trojan/maleware cannot detect it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •