Some idiot guy ran a Subseven server.....

[goodespeler]

Hey,

One of my idiot friends ran a subseven server.. now every time windows starts it run a file called freaky.wav( which it actually the file that disguised the server) hes delted the actual file that ran the server, hes deleted freaky.wav, and he went into regedit and deleted anything that had freaky.wav or subseven in it. THe stupid error still comes up about freak.wav every time windows boots. WHat can he do?

[Radical Dreamer]

As I like to mess with people alot with sub7 I have to say the easiest thing to do is just to use an upadated virus scan and it should get it all. If you want to do it by hand, it puts a file default named RunDll32 (can be name changed to whatever the infector wishes) in startup, also one in registry and it tells of some other startup methods, but it just gives them names and does not say how tehy are started.

Another thing that you could do is go to the site where it originates Sub 7 and get the program because in the program it tells you all of the ways that it starts up and that will give you a place to start. But, as I said, the easiest way to get rid of it is just to run updated virus scan and it will detect it as the sub7 backdoor trojan. Mods, I hope you will leave the link as it will help them with their problem by going here. But I will understand your reasons if you remove it.

Also, I believe there is a prgram on the net that is designed just for killing sub 7.

[MikeInOhio]

I had a similiar experience with Sub7...here's what I did and all is fine now. Good luck....

"The virus was actually 'Backdoor.Subseven22'. It changed and renamed 2 files of unknown origin in the windows folder to 'tvelwquped.exe' and 'bexqitdbeh.exe'. The 'tv*.exe' was picked up first by Norton Anti-virus. It could not be repaired, so I deleted it. I was then unable to open any application except I.E. 5.5 and Outlook E-Mail. This makes sense because the file change would effect applications yet the culprit with the interface on the other end would want the infected user on-line to take a look at the files on my system.

The second file 'bex*.exe' made the following happen: When I would go off-line, about 15 seconds later the modem would try to get me back on-line without my direction to do so. There were no open windows requiring information on-line or any other reason for this to happen. It would try four times consistantly to get on-line, even if I did not have automatic connect for the dialer. This file too was not repairable and was deleted. The above problem ended with the deletion.
I checked through regedit and sysedit a couple of files as directed by Norton to make sure they were clean, and fortunatly they were. I also had to re-install my Windows 98 so that the two files that were changed were back in the computer in correct status.

The re-install of Win 98 did not effect the rest of my files, so I ended up back in my original config. All is well now...."

[goodespeler]

Well, now I know. I thin one time I deleted that file and I couldnt open any exe files without an error. Well I appreciate the info. I will just have to see if there is someway I can find a file to replace that one. Thanks.

[Radical Dreamer]

Originally posted by goodespeler:
Well, now I know. I thin one time I deleted that file and I couldnt open any exe files without an error. Well I appreciate the info. I will just have to see if there is someway I can find a file to replace that one. Thanks.

I still think that you should try a search on the sub7 killer that I thought about. I would do it but I have been connecting at 16,600 for the past few days so it would take forever and a day