Backdoor/SubSeven - Why does this happen?



What's the deal with these Norton security alerts:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.
Protocol: TCP (inbound)

All I can find is a brief description stating that someone is attempting to gain control of my system.

I want to know more.

Does this happen to everyone, or does my new system have some sort of beacon that attracts misfits?
What can be done to prevent these attacks (beyond just blocking them), and where could one report such a crime?
I believe many many people get this message if they use Norton IS (if they check their logs/alerts).
Norton alerts users that someone is scanning their ports to see if there is an open port that will accept a connection from the trojan.
There's nothing to worry about unless you know that your computer is infected with a trojan. If it is, you should seek to remove it ASAP before any damage could be done.
Thank you for the information.

Should I assume that such ports are kept secure by N.I.S. (using the highest setting), or are there further steps that could be taken to ensure this?
Yah, what ming said :cool:
Firstly to ensure this kinda warning doesn't become a threat.
Give your PC a complete Anti-viral scan.
Once it's definitely free from trojans, NIS is doing it's job. It's letting you know that
someone tried to get in through a port, or scanned for a port, but the packets were dropped/refused.

Never open unsolicited emails, or click willy-nilly on attachments unless you know
exactly what you're opening and who it's from.
Keep all defininitions and firewall rules up to date, and you shouldn't be at risk from
trojan activity.

If you wish to look at what ports are open on your system, download activeports from
the NTFS front page. It'll tell you what ports are open what's controlling them, and
offers links to a comprehensive list of known ports, and trojans that utilise the said

I'd also recommend reading the following to get a better scope on PC security in general, and other users personal recommendations...
NTFS Firewall Poll
NTFS Anti-Virus Poll
Enyo's Security Links Thread

Hope this helps ;)
Since getting broadband it happens all the time to me, mostly always the sub backdoor/sub seven combo but sometimes others.
i used to get that back in the dial up AOhelL days, its was AOL sending there wierd and wonderfull info to see if your still online.
As I have mentioned in earlier threads there is nothing to worry about as long as you are sure your machine has not been infected with the trojan.
If uncertain of this, do find out how to remove it by visiting:

The only thing that is bugging most of you is the alerts that you are getting more than anything. This is true for me, I hate seeing the alert pop up in my face. :p

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Latest member