Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:SubSeven, Sub7, Sub-7
Type:Worm 
Size:variable 
Origin: 
Date:08-22-2000 
Damage:Backdoor component 
VDF Version:6.20.00.00 
Danger:Low 
Distribution:Low 

Technical DetailsSubSeven is a Backdoor program (as for example NetBus, Back Orifice etc.), which allows a third party to have access to a system. The program consists in a Server- and a Client program, which enable remote access to network computers, i.e. using the Client, a hacker can penetrate an infected system with the Server (this is the actual Trojan).
The Server program, when activated, copies itself in Windows folder.
It makes entries in win.ini and in the register, to be stored in memory at every system start.

The registry entry is:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun


In WIN.INI the entry is made under "load=" or "run=".
Sadly, the name used by the Server in Windows folder is not a generic one, but usually it can be:

"Systrayicon.exe"
"window.exe"
"nodll.exe"

Açıklamayı yerleştiren Crony Walker tarihinde 15 Haziran 2004 Salı

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.