Did he post you any files? You could have got a trojan in one of them (a trojan is a little Exe inside another file) I knew a guy who used to do that sort of thing, (he was a <snip - Edited for language by James>) he'd just persuade people to get files off him and he'd hide backorofice in there and then he could do all sorts, you're lucky your machines still working with some of the stuff these guys can do.

[Edited by James on 06-14-2000 at 03:18 PM]

I did pull the plug, I ran my trojan scanner, and my norton virus scan, Nothing (*Phew*) Is it really that easy to do that to someone?

If you can get a trojan in you can do anything, a good enough hacker can reset the clock on your VCR by short circuiting your chips and creating spikes in the mains voltage, which can reset it, in theory it's possible to reprogram another computer that's connected to the same mains supply as your machine, that's better than most hackers can do, but with the right software it's not that hard to reprogram the BIOS etc and destroy your motherboard.

update your scanner NOW!
that happened to me twice, it is the subseven trojan, possibly another one similar,
you may have the subseven server on your computer, go to win.ini and look for the line
run=

it should be blank, if not, post what it says...
I think subseven was written in VB.... it looks like it, it uses winsock, and the MStabstrip control
and some other stuff...

oh 1 question

did it say

---------------------
|"matrix build 1.45" |
|....................|
|....................|
|--------------------|

and was the writing green?
I dont mean dark green, I mean lime green.....?

[windows]
load=
run=MSREXE.exe



Is that what you meant? that is the first part of it (I think) It didn't say :

---------------------
|"matrix build 1.45" |
|....................|
|....................|
|--------------------|

It just said "Hello Steve, Welcome To The Matrix" And yes the color was a lime green on a black screen. Thanks for all of your help guys!

He said he had control over everything, so I pulled the plug.

Norton found:
Backdoor.Subseven2
Backdoor.Subseven2gld
PWSteal Trojan

It couldn't fix the files, I had to quarentine all but WinDos.exe

What should I do to get RID of these? I thank you all very much for helping me with this, I got this new computer in february and I would get killed if my parents found it had 3 viruses on it!

check with Norton and McAfee, I don't know the urls but they should provide fixes.

delete msrexe from the run line...
ok, the image I had is the default, I have used the subseven client, and you can change the caption....
ok...
glad you fixed it....
he doesnt have control over everything, only lamerz use subseven......
well some good hackers may use it just for fun, but chances are if he uses subseven, he doesnt know much....
:)
although he may...know alot...



delete all the trojans.....
I got my computer in feb too.....
except mine stopped working for a few months because a trojan....
I had to get it repaired at a shop...

oh, change yourr dial up password, your webmail password, etc.. he know has all your PW's.... well him, and possibly 500 other lamers on IRC.....

[Edited by denniswrenn on 05-15-2000 at 09:51 PM]

I can't open up any files now! Im on my old computer writing this. It says can't find WinDos.exe, and something else about MSREXE.exe So I delete MSREXE.exe from the line that says run? Thank You So Much Dennis! If I still have problems I will email you. THANKS!

Subseven and BackOriface (splelling?) are really easy to get and dennis your correct they are for "script kiddies." Some friends of mine were attacked that same way...lets just say that I cashed in some favors from online friends of mine :) Dont worry I'm not evil ;)

If you get any more weird effects from anything:

Try This:

While Logged On get a port scanner and run it on your self. Using your IP found by running "winipcfg". If you have only those progrs running (no server progs or anything) you should only have port 80 and...one other..labelled "mail" open (i forgot the number sorry.)

If others are open...scan your self for trojans...Look in the Windows Directory from out of place things...etc

Good Luck!

Good news, I can open apps through links that lead to them. So I can open vb, how do you make a link in vb? I want to make an app that leads to me CD Writer app so I can back up my vb files.


I will also need that program to open that port scanner. Where can I get one?

Well you obviously can use the internet so search for hacking tools under yahoo or something simialr. That should lead you to some...I will also look, if I find one I'll edit this post and make a link. Once again good luck!

PS: I dont understand what you meant in your last post. Do you mean you can only open programs that have a shortcut?

What I Meant was: That I can't open VB directly, I need to open a project first. Or I need to open a text file to get to notepad, I get an error when trying to open any application directly.

wierd... look in your registy editor(start|run|regedit)
look at the file associations, etc.

if you notice anything really odd... then post it here, I may not be able to help you, but I am sure there are other people that can.

:D

its really no problem helping you..
I used to use the subseven client...
I would go to IRC, and find people with the server, well I would send them to a few bad websites.. send a few messageboxes saying
"you shouldnt open files from other people" then delete the server off of there computer..
I dont anymore.. its too hard to find a working "victim" on IRC.. I dont really like to be mean to them. I just freak them out, as kind of a "you opened a file you shouldnt have dumbass"
like using the matrix thing... then before they can hangup I delete the server.. I hate trojans...

I dont have windos on my computer, and i dont need it.
oh.. yes, delete msrexe from the run line..
also look for anything odd in the startup menu
click on start|programfiles|startup
if there is anything odd, delete it...
then go to start|run, then type msconfig
and then click on the startup tab..
if there is anything odd, remove it, and reboot.

now, go to start|run, type regedit
and look under all the hkeys...
look for

hkey yada yada\software\microsoft\windows\current version\run

and look for anything odd....

if its odd, delete it... but MAKE SURE ITS NOT SUPPOSE TO BE THERE..
just to be sure, save the setting...
write it down, write down where it is located, the name of the key, and the value..
write it in notepad on your old computer...
I am glad to help... I like helping people...
even if I hated helping people, I would if it came to virii and trojans, because I HATE virii and trojans... I absolutely HATE THEM, they give good(not necessarily good coders, I mean good hearted :D ) programmers like most of us BAD names.
and what I really hate are non programmers, that want their programmer friends to make viruses for them...

Those things you mentioned, like msconfig, and regedit can't be opened because it can't find windos.exe Im getting a copy of it soon from my other computer (when I have the time), I'll tell you what happens.

I really do hate people that want me to make viruses for them. My friend actually asked me today to make one, so Im just going to give him an evil looking chat program (he's clueless, he knows nothing about computers except games.)

what is windos.exe?
I dont have it on my computer.... and mine works fine...
is your win 95 or something?
where is windos.exe supposed to be located?
what is windos.exe for?

Sorry I didn't tell you earlier, i just fixed my computer. THe virus made windows think i needed the file, thats why you didn't have it, it doesn't exist. I got the registry fixed though. Thanks all!

A few months ago, I found a site grc.com that I skeptically trusted to test my vulnerability on the net. I've come to trust the site and use a free firewall that it recommended at "http://www.zonelabs.com/downloads/zonalm21.exe".
It alerts you (and blocks) attempts to get into your pc AND attempts to get out of your pc.
I found a program that had no business "calling home" whenever I connected (trying to send info out). You can read more about it at http://www.zonelabs.com or if you fail the grc.com tests, it should direct you to firewalls and you will see this free one.
BlackIce logs intrusions, but it isn't free. It's nice to have both (or more) report on each other's activities.
grc.com is a good education. It also shows your internal network (if you have one) untill you put your "Shields UP".

Good Luck.
There was a pleasant side-effect for a while (when running a firewall)--NetZero wouldn't automatically disconnect. They've since upgraded.

567456132475645641431231374878964564564687897654564567
786984654123487898797464789797456465496879875643541564
897564548678645645641324(<O>|<O>)879564132132486456464
09864357430980979857098-6095468-0976508-80-=8346532094
534765435438543098540375847643657435985443543058098540

yeah, we think you're cool because you posted that.

:rolleyes: