Monday, January 18, 2010

Removal instructions for older versions of Backdoor.SubSever

CAUTION: Follow these instructions only if the instructions in the previous sections did not remove the Trojan.

To remove this Trojan, you need to do the following:
1. Restart the computer in Safe mode.
2. Remove the following registry key that was placed there by the Trojan:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Traylcon

3. Restart in MS-DOS mode, and then delete the \Windows\Systemtrayicon.exe file.
4. Restart Windows, and then rename the Watching.dll file.
The details for each of these steps follows:

Restart the computer in Safe mode
Before you edit the registry, you need to restart Windows in Safe mode. This can take several minutes.

NOTE: In Safe mode, Windows uses default settings: VGA monitor, no network, Microsoft mouse driver, and the minimum device drivers required to start Windows. You will not have access to CD-ROM drives, printers, or other devices.

Questions n Answers about subseven

How does the Trojan get on the computer?
SubSeven is usually sent as a program that you think you want. It almost always has an .exe extension, and it will often be disguised as an installation program, such as Setup.exe. When this program runs, it will usually just return a "Failed" error message, but it can sometimes do something, such as play a game or appear to install the software. We strongly recommend that you only install programs received from trusted sources.

How does someone else know that this is on the computer?
Backdoor.SubSeven can be configured to email your IP address, and the port on which the server is running, to the person who sent it to you. It can also send out an alert through some messaging programs.

What are some of the symptoms of a computer that is infected with the Backdoor.SubSeven Trojan?
Any of the following symptoms will occur only while connected to the Internet:
· CD-ROM drive opens at random times
· Wave (.wav) files play for no reason
· Strange dialog boxes appear
· Internet downloads are very slow
· Files appear or disappear

No comments:

Post a Comment