A friend of mine bought a new computer last year. (A Compaq, she didn't listen...)
Within a month or so she had a trojan that Dr Solomon and another program never found.
She ended up formatting the drive(s) and starting over. Got hijacked again and just replaced the drive altogether. Happened again anyway!
I think she finally listened to me when I told her about ZoneAlarm and the grc testing site.

I am still wondering just how it happened just for my own info. She's very careful about any downloads. (I think I am too, but she downloads less than 1/10 what I do.)

Anyway, it seems to me her weak spot must have been ports she knew nothing about that were open. But I wonder... could Sub7 or any other trojan/virus survive a regular format of an entire drive? Could it have gotten into the bios chip and been summoned later?

She seems to be ok at this point. I think she exchanged the danged thing for a new one, so the question remains...

Ideas?

Depends on if it can get into the boot sector. A regular format doesn't erase the boot sector. When I format, I fdisk the boot drive and clear out all the junk there. It's also called the master boot record.

Although some virus's have been known to do such things as stay in memory, infect the boot sector, or write themselves onto the boot floppy to survive a format, I have never heard of a trojan like sub 7 doing so. (Note- I could be wrong).
I think a more likely reason for it to keep re-appearing would be that maybe she is unknowingly re-infecting her computer by installing it after a re-format. Possibly she is installing programs or utilities that she had backed up on disks during the re-install. I don't want to discuss how it is done, but sub 7 can be added to working utilities, can be "hidden" in a zipped up format, and can be "disguised" as things other than .exe's.

Another possibility I hate to mention would be that someone with access to her computer may be installing it. An overprotective boyfriend or a real nosey friend, roommate.

Dave