Trojan: TROJ_SUB7.BONUS
--------------------------------------------------------------------------------
Aliases:
SubSeven.Backdoor

Description:
This Trojan enables a remote user to gain access to the infected computer via the Internet. It drops a copy of itself in the system folder to install itself. Then it modifies the Windows initialization so that the Trojan is run at every Windows start up. The Trojan is similar to the notorious Back Orifice Trojan and compromises network security by giving the remote user administrative privileges.

Solution:


Boot from a clean Windows bootable diskette
Go to Windows\System directory by typing the command CD\WINDOWS\ at the command prompt
Delete the dropped files by typing the command:
del expupdate.exe
Modify the system.ini and win.ini in c Windows directory by deleting the entry "EXPUPDATE.EXE"
Scan your system with your antivirus and delete all files detected as TROJ_SUB7.BONUS.

Alternatively, you can use a trojan cleaner to remove infection (recommended)

------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.