gatsa
вот что пишут на сайте symantec.com
Backdoor.SubSeven is a Trojan Horse, similar to Netbus or Back Orifice. This Trojan enables unauthorized people to access your computer over the Internet without your knowledge.
When the server portion of the program runs on a computer, the individual who is remotely accessing the computer may be able to perform the following:
Set it up as an FTP server
Browse files on that system
Take screen shots
Capture real-time screen information
Open and close programs
Edit information in currently running programs
Show pop-up messages and dialog boxes
Hang up a dial-up connection
Remotely restart a computer
Open the CD-ROM
Edit the registry information
When BackDoor.Subseven is run, it makes the following changes to the system:
Drops (adds) a copy of itself and a randomly named executable file, such as Eutccec.exe, to the \Windows or \Windows\System folder.
Adds the dropped file to the load= and run= lines of the Win.ini file.
Adds the dropped filename to the shell=explorer.exe line of the System.ini file.
Creates the WinLoader value and sets it equal to the dropped filename in the registry keys below.
Modifies the (Default) value from "%1" %* to, for example, eutccec.exe "%1" %*, in the following registry keys:
HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
вот сатья целиком
http://www.symantec.com/avcenter/ven....subseven.html