Backdoor/SubSeven - Why does this happen?



What's the deal with these Norton security alerts:

Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.
Protocol: TCP (inbound)

All I can find is a brief description stating that someone is attempting to gain control of my system.

I want to know more.

Does this happen to everyone, or does my new system have some sort of beacon that attracts misfits?
What can be done to prevent these attacks (beyond just blocking them), and where could one report such a crime?


OSNN Advanced
17 Jun 2003
I believe many many people get this message if they use Norton IS (if they check their logs/alerts).
Norton alerts users that someone is scanning their ports to see if there is an open port that will accept a connection from the trojan.
There's nothing to worry about unless you know that your computer is infected with a trojan. If it is, you should seek to remove it ASAP before any damage could be done.


Thank you for the information.

Should I assume that such ports are kept secure by N.I.S. (using the highest setting), or are there further steps that could be taken to ensure this?


OSNN Veteran Addict
5 Mar 2003
Yah, what ming said :cool:
Firstly to ensure this kinda warning doesn't become a threat.
Give your PC a complete Anti-viral scan.
Once it's definitely free from trojans, NIS is doing it's job. It's letting you know that
someone tried to get in through a port, or scanned for a port, but the packets were dropped/refused.

Never open unsolicited emails, or click willy-nilly on attachments unless you know
exactly what you're opening and who it's from.
Keep all defininitions and firewall rules up to date, and you shouldn't be at risk from
trojan activity.

If you wish to look at what ports are open on your system, download activeports from
the NTFS front page. It'll tell you what ports are open what's controlling them, and
offers links to a comprehensive list of known ports, and trojans that utilise the said

I'd also recommend reading the following to get a better scope on PC security in general, and other users personal recommendations...
NTFS Firewall Poll
NTFS Anti-Virus Poll
Enyo's Security Links Thread

Hope this helps ;)


Political Access
28 Dec 2001
Since getting broadband it happens all the time to me, mostly always the sub backdoor/sub seven combo but sometimes others.


NTFS Stoner
4 Mar 2002
i used to get that back in the dial up AOhelL days, its was AOL sending there wierd and wonderfull info to see if your still online.


OSNN Advanced
17 Jun 2003
As I have mentioned in earlier threads there is nothing to worry about as long as you are sure your machine has not been infected with the trojan.
If uncertain of this, do find out how to remove it by visiting:

The only thing that is bugging most of you is the alerts that you are getting more than anything. This is true for me, I hate seeing the alert pop up in my face. :p

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Latest member