I have a DSL connection with Norton utilities, anti-virus and firewall installed. I have noticed in the past two weeks or so I am getting a LOT of blocks by my firewall of the SubSeven Trojan, seems like at least 2 or 3 each hour. 3 days ago there were 8 attempts in an hour. Any body know what is going on? Is this part of the Sobig or Blaster virus?:confused:

If ZA is blocking requests, that means the trojan is inside your machine already. It probably came as an email attachment called "server.exe" claiming to be an antivirus program.
http://securityresponse.symantec.com/avcenter/venc/data/sub.seven.20.html

I do keep my virus definitions up to date as recommended. I also have OE set to strip all .exe files. I ran a full scan last night and nothing is on my machine. Checked the norton firewall log and there has been 29 blocks just today. More of a pain in the a** than anything else.

Here's a good read on SubSeven. It can be difficult to detect.
F-PROT (http://www.f-secure.com/v-descs/subseven.shtml)

Quality program from real programmers this one can be signature 'enhanced' to avoid detection - Ive seen even computer pro's with it on their system running the latest av etc and still not realise it - the trick is in checking your process list and killing it before you remove it -------- has so many features not even possible on conventional remote apps lie pcanywhere , reachout etc you gotta admire it!!!

Norton Internet Security frequently identifies internet scans coming from remote infected machines as "backdoor/subseven" scans.

I don't know if it is actually identifying them correctly. The recent scans could be coming from the Blaster worm.

Depends what port - Sub usually uses port 1234 or 7777 or a few others.

Yep, norton firewall will give lots of false alarms.
Norton AV, however, turns a blind eye to some viruses/trojans.
You may have updated NAV, and scanned multiple times, but there's a good chance that norton was unable to find other threats hosted on your PC.

I recently found an infection of the backdoor.sdbot trojan on my laptop. norton detected and deleted the virus files...But then they reappeared 2 days later, on both partitions, on both the operating systems(dual boot).
The system is showing up clean now, several weeks later.

Here's an odd thing: During the virus removal, I found in msconfig, something named "Microsoft network daemon for win32" was listed in the startup group. It is linked to an executable "Netd32.exe".
This of course is not a command that is normally found in the system folder. Also an irc app called "worldchat" was found.

I deleted it of course, but I have to ask--Has anyone else seen something like this?

Yes its spyware and both are related!!!

It shares out your hard drive and connects to irc flood channels.

It appears it is related to the Spyware "Worldchat client".

Got hit by it once on my old system but the Sub7 remover tool did a clean job of removing it.

However, I'm certain I did not receive any email attachment with "server.exe" masquerading as an AV program like Ol'Tunzafun suggested. In fact, I don't even know what hit me! Or at least where it came from.

How can we protect ourselves from it? I run McAfee AV, Spybot and Spyware guard with latest definitions but still just want to be sure.

How can we protect ourselves from it?

Hope for the best and expect the worst.
I took every precaution to prevent these infections, advised my family not to use outlook express or download attachments, and still was hit. The only bulletproof system would have no nic, modem, optical or floppy drives.

My advice? Backup your files, crack open a beer, and roll with the punches. ;)

Simple - good security and vigilance.
Running a sandbox would ensure it doesnt happen.

I am using both norton av and firewall. I also scan once a week with Adaware 6.0. And for just that extra protection a scan once a week with the free scan on trendmicro's web site. It has picked up viruses that norton has missed. Here is the url:
http://www.trendmicro.com/en/home/us/enterprise.htm

Best of all Adaware and trendmicro are FREE!

I'll have to plead ignorance here. What's a sandbox?

It stops unauthorized software installing on your pc - part of a firewall package - Kerio has one.

TPF5 offers extremely good protection but is not free and not easy to use. There is a 30 day trial if anyone wants to try it.
http://www.tinysoftware.com/home/tiny2?s=5828148961105755114A1&la=EN&va=&pg=tpf5-download

If you try it out join the forum to get hints on how to set it up.