February 16, 2008

A crackdown on Trojans

What is a Trojan?
------------------------------------------------

A destructive program that masquerades as a benign application.
Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Trivia:
The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.


------------------------------------------------
Removal
------------------------------------------------

(1) System Scan by an Anti-Spyware:
The simplest solution is a software which scans your computer to detect malwares.
eg: Avg Antivirus
Though with new types of malwares emerging regularly , its estimated only 70% of malwares can be detected.

(2) HijackThis:
Hijack this is a well known free tool which quickly scans a user's computer (less than 10sec) , creates a list of differences from a known spyware-free environment and allows the user to decide what from the list needs to be removed.

Only Advanced users should remove unwanted settings or files via HijackThis.

Others can post the HijackThis report generated here and i will tell you how to proceed

Download Hijackthis
------------------------------------------------
Some Solutions:
------------------------------------------------

There are some common problems that might be caused by a few trojans

(1) Problem: Task Manager disappears in Windows 2000/XP

Sol:
Click Start
Click Run
Enter gpedit.msc in the Open box and click OK
In the Group Policy settings window
Select User Configuration
Select Administrative Templates
Select System
Select Ctrl+Alt+Delete options
Select Remove Task Manager
Double-click the Remove Task Manager option
Since the policy is Remove Task Manager, by disabling the policy, you are enabling the Task Manager.


Problem: Registry is not Accessible

Users type regedit in Start, Run dialog to launch the Registry Editor. But, if both Regedit.exe (legitimate) and Regedit.com (Trojan) are present in your Windows or System32 folder, the file with the .COM extension takes precedence. As a result, regedit.com process launches.

Sol:

This ones kinda complicated just post the hijack this report here and ill guide you through.

(3) Problem: Control Panel or Date Panel Not Accessible due to tampering of Admin Rights by a Malware.

Solution:

The most troublesome problem of them all.
Used SDFix software which scans the registry & fixes the problem while the computer is in Safe Mode.

->Download SDFix (1.1mb) from here
->Extract it to a folder.
->Restart your computer in Safe Mode.
->Double click on the 'RunThis' file . It will take around 10-15min now.
->After the scanning/fixing is done u can restart the comp by pressing any key.


In my case, a trojan called printer.exe was found in my C drive.
There are many tools which fix registry. SDFix is just 1 of them.

--------------------------------------------------------
Note: Just like a mathematic problem can be solved using various methods, similarly a software problem can be solved using other ways.
(eg: manually editing registry,using other tools etc).
So be Innovative tongue.gif


A universal solution to all these problems is to download Trojan Remover and scan the pc periodically.

Important Links:
Difference Between a Virus, Worm and Trojan Horse
Malware - Its Abilities & its Types

References:
http://www.webopedia.com/TERM/T/Trojan_horse.html
http://www.windowsnetworking.com/kbase/Win...sXPHomePro.html
http://windowsxp.mvps.org/ToolsQuit.htm

No comments: