How To Find and Remove a TrojanHorse

sparksspace | Thursday, December 20, 2007 | 0 comments

The Task List You may be familiar with the Task List that appears if you press CTRL+ALT+DEL within windows. This is supposed to be a list of all the programs running on your computer at the second you pressed those keys - it is not. 

Less well known is the System Information Utility (msinfo32.exe) that hides in the C:\program files\common\microsoft shared\msinfo folder on your disk. This tool can uncover almost every process that is running on any windows system, even those that are "hidden" from the task list. To use this when hunting for trojans, look down the task listings for running tasks & services for any which you do not recognise. Check the paths and filenames. Check the file properties and run the executable or .dll through your virus scanner.

If you find nothing but still are not sure, use the Startup Programs editor in the tools menu to disable the process then reboot your machine (make a backup of your system files first!). If nothing complains, leave the process disabled for now and carry on looking at the others. Eventually you will have only those processes you really need running on your machine which will have the benefit of not only killing off any trojans but also making your PC seem more responsive and generally quicker to start up.

Netstat All trojans need to communicate. If they do not do that they are useless for their intended purpose. This is the second major weakness of most trojan horses, their communication leaves a trail you can follow.

The Netstat command lists all the open connections to and from your PC. To use it, open a DOS box and enter the command netstat -an this will list all the open connections to and from your PC, along with the IP address of the machines on either side. If you see a connection you do not recognise, you need to investigate it further and track down the process that is using it. For this you need the third tool in the armoury, TCPView

TCPView TCPView is a free utility by Sysinternals which not only lists the IP addresses communicating with your computer, it tells you what program is using that connection. Armed with this information you can locate whatever program is sending data out of your machine and deal with it. Downlaod : here

Removing a Trojan Horse

Each trojan has its own specific removal routine, see the Cleaners & Fixes pages for details on those. They do however all conform to the same basic patterns :

  • They usually insert a line in the run, run once or run services keys in the system registry. This is the principal startup method of most trojans including Back Orifice & Sub7. Removing the line from the registry and rebooting usually stops the trojan loading.
  • Some alter Win.ini, system.ini or plae themselves in the "Startup" folder. Again, removing the offending line usually stops the trojan running.
  • Some alter or replace system files. These need careful handling and are best left to experts or automated tools.
  • One in particular can modify a certain setting in the registry, causing it to be executed before ANY program you run. removing this line stops you running ANYTHING! Again, this is best left to experts or automated tools to deal with.

The steps involved in removing a trojan are simple:

  • Identify the trojan horse file on your hard disk.
  • Find out how it is being started and take the necessary action to prevent it being restarted after a reboot.
  • Reboot your machine and delete the trojan horse.
  • See the Recovering from a System Compromise pages for more in-depth help on what else you may need to do.

Trojan Remover 6.6.5.2504

Download:here Rapidshare :here or here Depositfiles: here Easyshare:here  or here

Useful Links:here ,here

Category: , , ,

Welcome to SparksSpace . This blog launched on Dec 2007 with a focus on Technology.You can find latest Computer Software, Tutorials, Tricks,Tips & Software promotions here!

0 comments