Thread: wow sub 7? remote?

  1. #1
    Unleashed
    Join Date
    Sep 2001
    Posts
    1,765

    wow sub 7? remote?

    Sort of in conjunction with the recent hacking threads, I just got hit with either a remote or a sub 7 or some type of trojan. You know the type that the victim has to have running?

    Something that a "hacker" probably spet weeks setting up I removed in less than 10 minutes.
    The world is waiting. I must leave you now.

  2. #2
    $null
    Guest

    Re: wow sub 7? remote?

    Originally posted by Shadow
    Sort of in conjunction with the recent hacking threads, I just got hit with either a remote or a sub 7 or some type of trojan. You know the type that the victim has to have running?

    Something that a "hacker" probably spet weeks setting up I removed in less than 10 minutes.
    weeks lol your ignorance amuses me... in fact he isnt a hacker hes a script kiddie and he probably sent you some file recently that you executed and bingo he got in... wow that was hard... no skill required

  3. #3
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    What port?
    Blue

  4. #4
    Caffienated jinx's Avatar
    Join Date
    Oct 2001
    Posts
    234
    Check here to see if it was indeed s7. If not probably the back orfice, dolly, satellyte, or hackman, among many others. Dang script kiddies anyhow.
    Weeel, itss aboot tieme wee goo back too Canada, eeehy boyss.

  5. #5
    Unleashed
    Join Date
    Sep 2001
    Posts
    1,765
    Ok, I removed the files and stuff yesterday. I am getting no unsual activity what-so-ever. However, the files I was removing all started with Win. One of them was Winkit.exe or Winhit.exe, I am not sure. The executables resided in my windows\system folder. I simply went to dos, went to the folder, removed all it's attributes, and deleted it. This one would make copies of itself, and rename itself so it may once again load into memory in the background while windows was running. It would run while offline. I did ctrl+alt+del to see what programs were running, everytime I knew something was wrong, the file's name was all jibberish or pointless lettering not even in the hacker mumbo jumbo. So, I opened msconfig.exe and sure enough, another exe file was set to load everytime windows started. I went to dos, removed THIS NEW ONE'S attributes, then deleted it. The reason I went straight to dos, is so I could have full access of the file. Otherwise, I could not have deleted it in Windows because "windows was using it".

    Everytime I found entries in the windows\system folder with MsConfig.exe and they were always executables.
    Everytime I suspected strange behavior, I found a new program in the close programs dialog box (ctrl+alt+delete).

    Symptoms: My computer would slow down terribly, and my "connected to the internet light" would stay a solid light. 2 major slowdowns when nothing was going on. This was my indication that I was not the only one using my computer.

    I just said the heck with it and deleted windows....that's all I needed to do because my computer is fine now. If I need to take extra measures ( I'm pretty sure I don't )....I'll just reformat.

    BTW, I got it as an e-mail. The program downloaded immediately, and installed itself just by clicking on it. I'm going to tinker with my "on hard-drive" mail program to turn on some saftey precautions, and also whip up a quick program to remove, then re-install my mail program ( sort of like backing up stuff incase something happens ).
    The world is waiting. I must leave you now.

  6. #6
    Unleashed
    Join Date
    Sep 2001
    Posts
    1,765
    weeks lol your ignorance amuses me... in fact he isnt a hacker hes a script kiddie and he probably sent you some file recently that you executed and bingo he got in... wow that was hard... no skill required
    Oh, and $null - find better things to do with your time. You sure know all the terms don't you.

    I just fix problems with a computer, or I purposely create them. That's all there is to it.
    The world is waiting. I must leave you now.

  7. #7
    >>"on hard-drive" mail program

    Oh boy. Even worse than IE for getting viruses.

    I've manually deleted my fair share of viruses from friends computers as they either didnt own virus scanners or in two cases, their virus scanner refused to fix the problems (McAffee and Norton respectivly actually). It pays to know how to do this kind of thing. Just consider it as useful experience, Shadow.
    "There's always another way"
    -lightatdawn (lightatdawn.cprogramming.com)

  8. #8
    Unleashed
    Join Date
    Sep 2001
    Posts
    1,765
    I did take it as a learning expierence.

    I look at it like this though:
    I've received my fair share of viruses, and I've removed them all. This was the first time I got a trojan I believe - or one like this. Anyhow, with time I could've figured out how to manually remove it out of the system with some research, and the same goes for the viruses I've encountered. Myself though, I have a fairly quick deleting / formatiing routine. It works best for me this way.

    BTW, when I build my ultimate emulation PC pretty soon here...it ain't touching the outside world. Infect the computer that's connected to the internet all you want. It's the lesser quality one. If it goes, oh well, I aint missing much.
    The world is waiting. I must leave you now.

  9. #9
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,868
    >>I got it as an e-mail. The program downloaded immediately, and installed itself just by clicking on it.

    You mean opening the _email_ gave you a trojan or opening the _attachment_?

    It was probably a bot in the email. Then it was logging on to a chat room to tell its master it was up and running and get a RAT (remote access trojan).

    A poor one at that if it does not wait for keystrokes/internet traffic to hide the fact it is using your modem. (hard to type and watch the modem lights at the same time)
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  10. #10
    Unleashed
    Join Date
    Sep 2001
    Posts
    1,765
    > You mean opening the _email_ gave you a trojan or opening the _attachment_?

    I went to click on it to delete it, and away it went. I have configured some options to get rid of that though. I'm going to look into stuff that's similar to friends lists for messengers. Block all these address, if this e-mail isn't this, yadda yadda, then simply delete it no questions asked.

    It was a forward also, it had the subject of honey, it had an attachment. I simply clicked on it ( single click.....to delete it ) and away it went.
    The world is waiting. I must leave you now.

  11. #11
    Caffienated jinx's Avatar
    Join Date
    Oct 2001
    Posts
    234
    Something I've found useful is a thread manager. One virus I had had the attribute of System file, and I culd not delete it, and when I tried to go in thru winfile.exe (C:\windows\...) It froxe my box. I deleted its sys thread, shift+del'd it, zappo!

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Remote debug not working in Visual Studio 2003
    By Bassquake in forum Tech Board
    Replies: 12
    Last Post: 08-22-2008, 12:11 PM
  2. Howto make own application for remote control handling
    By s-men in forum Windows Programming
    Replies: 16
    Last Post: 08-16-2008, 04:22 PM
  3. Visual Studio remote debugging
    By George2 in forum Windows Programming
    Replies: 1
    Last Post: 07-08-2008, 12:26 AM
  4. Remote thread problem
    By RubbeR DuckY in forum C++ Programming
    Replies: 6
    Last Post: 08-08-2006, 12:24 PM
  5. DLS and Remote Terminals and ISP's
    By squid in forum A Brief History of Cprogramming.com
    Replies: 0
    Last Post: 06-09-2003, 10:01 PM