BitDefender Antivirus

Hacker Control

There are some Trojan viruses that allow their makers to hack into other people's computers and use them for their needs.

Anti-Virus Viruses

A strand of Trojan virus can spread to your anti-virus program and disable its functionality or delete it altogether.

Privacy Infiltration

Trojan viruses can hide in registered software programs and steal private information. This can result in identity theft.

Denial of Service

A popular Trojan virus causes users denial of their own Internet services. Along with that goes every application that is contingent upon using the Internet.

System Wipes

Trojan viruses can wipe operating systems clean. They embed into the systems, and when they are released, they delete all of a computer's applications.

Background

Viruses are programs designed to do some sort of damage to your computer or network.

History

The Trojan Horse virus is named after the mythological attempt by Greek soldiers to infiltrate and destroy the city of Troy by hiding inside a giant wooden horse that was given as a gift to the city of Troy.

Function

The Trojan Horse virus is triggered, or starts to do damage, when the host program or file (for example, a Word document) is opened normally.

Features

A Trojan Horse virus can hide inside an application program file, like Microsoft Word; or it can hide inside a document file, such as an Excel workbook.

Time Frame

With most Trojan viruses, there is no time limit on how long the virus can remain dormant, waiting for the file or program to be opened and executed.

The Trojan Horse

The Trojan horse, named after the Greek myth in which the Greeks used an enormous wooden horse to gain secret entry into the fort of their enemies in Troy, is a malicious computer threat. Like their namesake, these unwanted programs -- sometimes referred to as malware -- present themselves to the user as something desirable. This may be a computer game, a screen saver or a new program. Whatever the case, it is merely masquerading. Once the user installs the new program, it in fact turns out to be a Trojan horse, and the trouble begins.

How Trojans Get In

Trojan horses typically get on a user's computer through an accidental download. Unlike spyware and adware (two irritants that are often mistaken for their more serious cousins, viruses and Trojan horses), Trojans can't enter the computer simply through visiting the wrong website or clicking on a pop-up ad (unless the pop up ad is designed to initiate a download). This is why file-sharing programs such as Limewire are often havens for Trojan horses and viruses. Particularly dangerous are executable files (.exe), which should never be downloaded without running them through an anti-virus check first. Unlike viruses, Trojan horses do not replicate themselves once inside a computer.

How Trojans Work

While there are forms of Trojan horse payloads that are not designed to do harm, most of them are created and dispersed with malicious intent. Typically, this intent is to steal information from the unsuspecting user. Trojans come in a variety of categories, including "downloaders," "data destruction" and those designed to give the Trojan creator remote access to the infected computer. The point of any of these activities may be to wreak havoc for simply the sake of it, but more often than not, the creator intends to use the Trojan to make money or gain access to information he otherwise would not be able to obtain like personal financial information and website passwords.

Purpose

The purpose of the Trojan horse FakeAlert is to scare a user into purchasing unnecessary anti-spyware programs. The Trojan does this by displaying a fake system scan that lists infections that have been found. The object is to trick the user into purchasing an anti-spyware product to remove the listed infections.

Symptoms

Symptoms of a Trojan horse FakeAlert infection include new icons appearing on the desktop for porn sites as well as a new windows background with a warning message about spyware that has been detected. Additional symptoms include pop-up alert messages, advertisements and browser redirects.

Infections

The Trojan horse FakeAlert can infect a system by surreptitiously downloading and installing an infected file. The most common way to get this infection is by visiting an infected or compromised website that will then download the Trojan to the user's system. A user can also click on a link that is provided in a spam email that opens an infected page in the user's browser.

Removal

The Trojan horse FakeAlert can be removed by using an anti-virus product such as McAfee or an anti-spyware product such as Malwarebytes Anit-Malware (see Resources). Malwarebytes Anti-Malware will scan your system to find and then remove any malware threats such as the FakeAlert Trojan horse.

Prevention

Preventing a Trojan horse infection such as FakeAlert can be accomplished by using an anti-spyware program that blocks sites that contain malicious code. One such product is called SpywareBlaster (see Resources). Another way to prevent an infection is to use a real-time anti-virus scanning program such as Windows Defender from Microsoft (see Resources). Windows Defender scans files in real-time and performs a scheduled system scan daily.

Significance

Once a hacker has created a Trojan Horse program that affects a user's system, the hacker can gain access to the computer. The purpose of creating the program is to give the hacker the ability to steal the user's personal information, such as credit card numbers or passwords that the user enters. Hackers can also modify files locate on the user's computer.

Function

A Trojan Horse can gain access to a computer by a user opening an e-mail that contains an attachment. Some hackers create fake e-mails and disguise it as a legitimate one in order to get users to click on it and download a Trojan Horse to their PC. Some free downloads located in file sharing networks also contain Trojan Horse programs that install without the user's knowledge. It can also disguise itself inside of a pop-up ad in an attempt to get the user to click on it.

Effects

A Trojan Horse can affect a user's computer by slowing down the computer's processor. Once this program has gained access to a user's computer, it is difficult to determine the full effects of the damage, and many users result to reinstalling their software to ensure that is it clean. Many anti-virus programs also work to remove the Trojan Horse program.

Prevention/Solution

If a computer is located on a network, the best way to prevent infection of a Trojan Horse is to activate the computer's firewall. Networked computers share resources, and being on the network allows one computer the ability to access another. Enabling a firewall secures the computer and prevents unauthorized access. Individual users can also connect routers to their computers. The router also allows a secure connection to the Internet and provides protection. It is also good practice to install a reputable anti-virus program.

Features

Most Trojan Horse programs have two parts. One part is called a server, and the other is the client. The server part is the one that actually infects and invades the user's computer. The client part of the program is the one that allows the hacker the ability to invade the infected computer. The hacker uses the client part to send requests when performing a scan on the Internet. When an infected computer is found, the server replies to the request, and the hacker links to the infected computer and invades it.

Security

Trojan dialers are aimed at Internet browsers, particularly through pop-up window advertisements and executable files. A user of a browser does not necessarily have to click on anything to accidentally download a dialer. Just visiting the wrong website without a proper antivirus running on the computer can be enough. Internet Explorer is perhaps the most easily attacked of the major browsers, due to easily cracked security and simply because, as the most popular browser, it is the most frequently targeted by malicious coders.

Active X

Internet Explorer uses a plug-in called Active X in order to properly display all content on various web pages. While it is an efficient way for IE to run, Active X is the most common format for malicious coders to attack when creating Trojan dialer spyware. To prevent this from happening, users should make sure their IE security settings are set at the Medium level (at least), and they should also be running a good, updated antivirus program.

Function

These Trojan dialers work by changing the registry on your computer. With these changes, the makers of the Trojan horse remotely control the computer, collect sensitive information, and even cause your computer to dial expensive toll numbers. The victim may not even be aware that this is happening until weeks later, when they receive an exorbitant phone bill, or have some other indication that their identity has been stolen.

Unsafe Surfing

Even with the best antivirus program, it makes sense to be careful when visiting certain websites. "Adult" websites are among the most notorious for hosting spyware, viruses, and trojan dialers within their pages. Also be careful when opening any email attachments, as well as scanning anything you download from the Web or a file sharing service before opening it.

Protection

Antivirus programs abound, but it's important to get one you can trust. AVG and Avast both make quality antivirus programs that are free and work well. If you fear you may already have a trojan dialer on your computer, there are several good, free spyware removal programs out there, like SuperAntiSpyware, and Spybot Search and Destroy.

Where It Hides

The Vundo Trojan hides as a file in the C:\windows\system32 directory. The file name the Trojan uses consists of eight random letters.

Dangers of This Malware Program

Symantec's virus definition website gives the Vundo Trojan Horse a low threat rating. The virus causes nuisance behaviors that do not harm computer data.

Difficult to Remove

AVG, Avast, Norton and McAfee cannot remove this piece of spyware. The user must manipulate the registry entries and delete the infected files manually.

Finding Removal Instructions

A computer user can find information all the .dlls, processes and registry entries associated with the Vundo Trojan at pctrheat.com. The user must kill the processes the Trojan runs, remove its files and edit out its registry entries.

When All Else Fails, Wipe the Hard Drive

Reformatting the hard drive and reinstalling Windows removes the Vundo Trojan when all other removal attempts fail. A computer user should save important data before reformatting his hard drive.

History

Trojan Horse programs were first discovered around the 1980's, when they first started affecting computers. The program is man-made and created by hackers, individuals who create infectious programs for the purpose of stealing a user's personal information. The Trojan programs were created to steal user passwords and other personal data. The first Trojan programs were created to attack Windows32 files, but have since migrated to infecting other areas of Windows.

Features

When computer users open e-mails that can contain infectious attachments, this can cause a Trojan Horse program to gain access to their system. Hackers create fake e-mails and advertisements to trick the user into clicking on them and downloading Trojan programs to their PC. Some free shareware programs also contain Trojan programs. It best to practice caution before downloading any program to your PC opening an e-mail from an unreliable source.

Function

Once the Trojan Horse program has infected a computer, it slows the computer's processor speed. The user may also see delays in their browser speed or it may hang and not respond. The full damage to the computer may not be recognizable and the user may result to reinstalling their entire operating system.

Types

Trojan Horse programs are created in two parts. One part is called the server and the other part is called the client. The server part of the Trojan Horse program is the main part and is the part that is the most damaging. This is the part that gains illegal access into a user's computer. The server part of the program causes the infection on the computer. The client part of the Trojan Horse program is the part of the program that sends signals when performing scans on the Internet. The server replies to the signals and allows a hacker to link to the infected computer and steal information.

Prevention/Solution

In order to prevent infection from Trojan Horse programs, users should install a reputable anti-virus program or a firewall to block the Trojan Horse's access to the computer. Firewall prevents infectious files from illegally accessing a user's computer. A secured router can also work to prevent Trojan Horse access. Routers allow a secured connection to the Internet, while preventing unauthorized access by Trojan Horses. If a computer is located on a network, a firewall is also the best prevention from Trojan Horses since networked computers share files and the risk of becoming infected by another machine is greater.

Function

Trojan horses can function in many ways, such as corrupting data or creating advertisement pop-ups; the main feature of Trojans is that they are initially installed due to a voluntary action of the user.

Identification

If your computer becomes infected with malware right after you install a new program, there's a chance you have contracted a Trojan; antivirus scanners can identify the types of malware on your computer.

Misconceptions

Often all computer malware are dubbed "viruses," but viruses are distinct from Trojans in that viruses can spread on their own without the user accidentally installing them.

Prevention

Running an up-to-date antivirus program can prevent many malware attacks including Trojans; being careful about what you download online is also an important part of preventing Trojans.

History

Trojans are named after the legendary Trojan horse which was used to sneak soldiers into the city of Troy in ancient Greece; in a similar fashion desirable looking programs or files try sneak Trojan malware onto your computer which may remain dormant for a time before causing problems.

Considerations

Conducting regular system scans with an antivirus program as well as additional malware scanners can help detect and remove any Trojans present on your system.

Symptoms

Slow Internet browsing, a redirected browser home page, Windows instability, modified desktop wallpaper, and fake Dr. Watson security alerts are all symptoms of a Trojan horse infection. You can verify that your computer is infected by installing anti-virus software. Perform a complete system scan and it will indicate the presence of this virus by displaying "Trojan.name," "Backdoor.name," or some variation of those words where "name" is the name of the Trojan.

Removal

A Trojan is typically a polymorphic virus consisting of multiple files, which means it is constantly changing to avoid detection and removal. This also means that no two copies of the malicious files are the same; that can make a Trojan difficult to remove. The first step to get rid of this type of infection is to disable Windows System Restore. System Restore can actually back up the virus, making removal extremely difficult. Right-click on "My Computer" and select "Properties." Open the "System Restore" tab and check "Turn Off System Restore," click "Apply" and then "OK".

The next step in combating this infection is to install AVG's free anti-virus program. Download it from the AVG home page and install it, then click "Update now" to ensure you are using the latest AVG virus definitions. Select the tab that reads "Computer Scanner" and click the "Scan Entire Computer" button. The time it takes to scan your system depends on how fast your processor is and how much data is stored on your computer. After scanning has finished, the anti-virus software will display a list of files that are infected; these files comprise the Trojan virus. Select the option to "Move to Vault" and the files will be quarantined and permanently prevented from running. Reboot your computer and perform another entire system scan with AVG's anti-virus program. If the second scan shows no signs of infection, then the Trojan was successfully removed. If the Trojan is still present, you will have to attempt to remove it using a more specialized type of anti-virus software.

ParetoLogic is a software company that has written an anti-spyware program titled "XoftSpySE." While this software is not free, it is much more effective at removing Trojan horse infections. Download XoftSpySE from its home page and install the program. Run the program and from the main menu, check the box next to "Full Scan." Click the "Start Scan" button. After the program has finished scanning your entire system, click the "Clean" button to remove any malicious files. Reboot your computer and once again perform a full scan to verify that the Trojan was completely removed.

Spyware is a malicious type of software designed to display ads, collect personal information or change the configuration of your computer. Spyware usually infects your computer through email or infected websites. The term "Trojan Horse" describes a form of spyware that disguises itself as a legitimate program, such as an antivirus program. Spyware and Trojan Horses can slow your computer, decrease its available memory and cause the Windows operating system to freeze or crash.

Run an Anti-Spyware Program

Step 1

Open your anti-spyware program. If you do not have a anti-spyware program, several are available for free online.

Step 2

Update your anti-spyware program. Most anti-spyware programs have an "Update" or "Update Definitions" button. If you do not know how to update your anti-spyware program, visit the manufacturer's website for instructions.

Step 3

Scan your computer with the anti-spyware program. This could take up to several hours, depending on the size of your hard drive. The program should detect and remove most of the spyware infecting your computer.

Run the Windows Malicious Software Removal Tool

Step 1

Visit the Microsoft Windows Malicious Software Removal Tool website. Click "Start Download." Save the setup file to your desktop.

Step 2

Double-click the Malicious Software Removal Tool setup program.

Step 3

Follow the instructions for installing and running the Malicious Software Removal Tool. This program detects and removes any remaining traces of spyware on your computer. Microsoft recommends using the Malicious Software Removal Tool as a supplement to anti-spyware software, not as a replacement.

Definition

A Trojan horse is an "apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat. A Trojan horse does things that the program user did not intend," writes Rita C. Summers in her 1997 tome "Secure Computing Threats and Safeguards."

Although Trojan horses can't wreak havoc until their contents are installed, an unsuspecting user could easily run the program thinking it's something else; or, these programs can install themselves after gaining unauthorized access to a system.

Installation

Hackers may "entice or frighten" users to download Trojan horses, according to Carnegie Mellon University's Software Engineering Institute. In the former example, a user may click on a link to download malicious software advertised as a game; for the latter example, email or websites may simulate antivirus scanners and suggest that an unusually high number of bogus viruses exists on the system---which often spurs concerned users to authorize the download of a tool that supposedly will heal the computer.

A Trojan horse may be embedded in a Java applet, JavaScript, ActiveX control or other executable content, the institute reports.

Effects

Once installed, a Trojan horse's privileges match those of the affected computer user's. For instance, if the software is installed on an administrator's account, the Trojan horse can perform the same tasks as that administrator can, including deleting files, modifying files, and installing programs or viruses.

Cutting Connections

The first thing a computer user should do upon learning of a Trojan horse's presence is to disconnect from the Internet, according to Michael D. Durkota and Will Dormann, writing for the United States Computer Emergency Readiness Team, a division of the U.S. Department of Homeland Security. Trojan horses may have access to personal banking information and can transmit this data to the hacker's computer if an Internet connection remains. As long as the Internet is accessible, this software also can use your computer as a perpetual host for delivering viruses and other unwanted programs to other computers.

Back Up Your Files

Since viruses exist to manipulate data---and, often, to remove it, such as when malicious software wipes out a hard drive---the next step in recovery is to back up all programs, important documents, videos, images and Internet favorites. Durkota and Dormann suggest burning these files to a DVD or saving them to an external storage device.

Note: Although a virus may not have deleted your hard drive's contents, it still may have infected the backed-up files. Backing up is merely a preventive measure; you'll need to scan these files for viruses later.

Scan for Viruses

Use antivirus software to perform a deep search for malicious software on your computer. As Durkota and Dormann note, it's best to use antivirus software on a CD-ROM or through an Internet-based tool, as Trojan horses can affect existing antivirus software on the computer. Ideal antivirus programs (e.g., McAfee AntiVirus, AVG, Trend Micro) can scan a computer and remove or heal infected files.

Virus

A computer virus is a malicious set of computer codes intended to infect particular computers. It is commonly propagated via a computer program.

Worm

A worm isn't computer-specific. It generally travels through computer networks to cause havoc. A computer worm does replicate itself but, unlike a virus, a worm can usually propagate independently of other programs or human actions.

Trojan Horse

The chief difference between a Trojan Horse and a virus is that a Trojan Horse does not replicate itself. A virus does.

Misnomer

By definition, there is no such thing as a "Trojan Horse Virus." There's either a virus or a Trojan Horse but not a hybrid as far as we know. That could change.

Malware

This is a general term that refers to viruses, worms, Trojan Horses and other types of harmful computer software. Attackers will undoubtedly invent new types in the future.

Protection

There is software on the market to protect your computer from malware. Since malware producers are constantly creating new threats, anti-malware programs must be continually updated too.