Ok, I have Norton Personal Firewall and Norton Antivirus 2002, both kept up to date weekly. About 3-4 times a week the firewall will pop up an alert saying someone is trying to connect to my PC via SubSeven trojan! However, virus scanning does not pick up and trojans on my machine during scans, does this just mean that the SubSeven installed on my PC is modified so the AV can find it? Its driving me nutz cause I try to run a secure system. So some script kiddie out there is scanning ranges of IPs and finding an open trojan port on my machine. Maybe I will download superscan and scan the loopback and check what ports I have open. Any ideas?

Go to the PC Fank website and run the trojan scan. If it is positive, get one of the anti-trojan programs from that site or wilders.org like TDS, Tauscan, trojan Hunter, Trojen Remover that are highly recommended and use it to remove the trojan. The are several other scans at PC Flank that you might also run, like the port scan. You might want to check out the firewall ratings, and perhaps select another firewall like Sygate, Zone Alarm or Kerio. Take care and all the best!

hi ralph, for more info on the sub 7 trojan go to www.thepublicworks.com security section and link to simovits consulting>trojan by name, by file, then for more info link to darkE, you may also want a free registry monitor, link to regprot and download their free registry monitor, from sysinternals download their free process and port monitors (process explorer, and TDImon). all the best, murve

This message does not mean that you are infected. But it would be a good idea to do a scan anyway. The sub7 trojan, and many others, have two parts: The client (which is installed on the target) and The Server (which the attacker runs on his machine). The attacker's part of the program has a function to scan a range of IP addresses and see if any Clients answer on the common Sub7 ports. If you are not infected, you have nothing to worry about. The error messages from firewall software are a little misleading in the respect, the trojans are not trying to force themselves in, but are checking to see if you are infected so the trojan can connect.

Dont worry. Norton simply tells you that it was trying to get in to your PC and blocks the trojan from doing so. so you are not infected, it simply tells you that it blocked a trojan that was trying to get into your PC.

wow, thanks for all the great info you guys. Have a happy new year!