Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

· Premium Member
Joined
·
1,615 Posts
hey fonzbear , whats goin on?
hopefully following explanation might clear things up for ya..

subseven is a trojan that comes in two parts. Server and a remote. Server is the part that is sent to unfortunate victim via email or lets say ICQ. Once the victim opens up fake email or downloads fake file, server.exe is installed and the person on the other side can use remote to connect to server and manipulate victims machine. Third part of the trojan, EditServer.exe is used to setup server.exe before its sent out.

Here are some files to look for on an infected machine :

server.exe
rundll1.exe
systray.dl
Task_bar.exe
FAVPNMCFEE.dll
MVOKH_32.dll
nodll.exe
watching.dll

Now I think what happened to you is that norton on your machine removed Server.exe, otherwords, cleaned up your PC of the server part. When norton is saying that high risk inbound apps are trying to access your machine, its probably that same person trying to connect to the server they sent you....
Any of this makes sense ? Dont be afraid to ask...

hope this helps... :D
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top