x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

397731

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:397731
Technical name:Trj/Sub7.21.Gold
Threat level:Low
Type:Trojan
Effects:   It allows to get into the affected computer. It does not spread automatically using its own means.
Affected platforms:

Windows XP/2000/NT/ME/98/95

Detection updated on:July 29, 2003
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Trojan.Sub7.21.Gold is a Backdoor Trojan belonging to the SubSeven family of viruses. More exactly, this is the 2.1 version of the famous Trojan SubSeven virus created by Mobman. This Trojan is widely used by hackers, as it offers a great number of services. This is considered to be one of best Trojans along with NetBus.

It consists of four files. The server, the client, a dynamic link library and another program used for configuration of the Trojan. The server program is installed on the victim computer. The client and the setup program must be installed on the attacking computer. The server program prepares and carrying out the services requested by the client program.

The Trojan is capable of carrying out the following actions on the affected system: it creates a new entry in the Windows Registry, opens the TCP 27374 port, opens and closes the CD-ROM tray, moves the mouse pointer about the screen, hides the task bar and the Start button...etc. Although these functions are not dangerous, they can get to be very annoying. However, the Trojan is capable of carrying out other actions that pose a greater risk such as accessing users' confidential data.

The Trojan reaches the systems in the form of an apparently inoffensive executable file. When the user loads the file the trojan proceeds to install itslf on the system. This is the reason why it copies itself to the C:\WINDOWS directory with the following name: MSREXE.EXE.

Visible Symptoms 

    

Once the client-server connection has been established, the malicious users will be able to carry out a number of annoying actions on the victim system. The Trojan needs to open a backdoor in order to be able to carry out these actions. The fact that this backdoor is open could pose a high risk to confidential user information.