nsbuttar
May 4th, 2003, 08:00 PM
well as most of you asked to address some question to removing Trojans etc. i have come out with this continuation, here i have addressed 5 more questions. You can look at the whole document at http://navtejonline.gq.nu/articles/trojans.html or see the tread http://www.antionline.com/showthread.php?s=&threadid=243229
hey guys, help me to improve this FAQ ask any question if you feel is unaddressed here
----------------- FAQ Continues------------------------
What is the motive behind installing a Trojan?
The most prominant motive is to let your PC be controlled remotely, or install a backdoor in your box after a hacker has successfully entered it so that he has an ensured access to your box. It let a hacker to carry out his tasks from your IP, thus covering the hacker. Any reason you can think of, why would someone like to control your PC remotely, to see your private life or anything else, is the motive for installing a Trojan on your PC.
What is the difference between a Trojan and a virus?
Well, there is clear distinction between a virus and a Trojan. The distinction is, Replication. Replication is the first and the foremost requirement for a program to be categorized as virus. Even if a program is totally harmless but if it has the property to replicate itself, it is a Virus. But Trojans don't replicate, they basically let someone else control your box from someother computer without your knowledge.
Can a Trojan do harm to any Data on my PC?
By itself, usually no. Because the Trojans are usually not written with destructive payloads, but technically it not impossible to write such Trojans. So there are minimal chances that a Trojan by itself will so any harm to your data unless the hackers explicitly asks the Trojan to do it or a person has created a variation of the original Trojan to do so.
How Do I Know I Am Infected?
Under certain circumstances it may be very difficult. Though we have tools that claim to detect and remove Trojans including anti-viruses, but in reality these tools can only detect and remove only a fraction of existing Trojans. Secondly the source code some of the Trojans is free on net, ready to be compiled. This makes the scenario more worst. As this allows a lot of variations of the Trojan to be created with varied signatures. As most of anti-viruses and other tools rely on Signatures of malicious program, as stated by Anti-Trojan on this FAQ page http://www.anti-trojan.net/en/faq50001.aspx "Anti-Trojan works with a Trojan signature database. ", so the recompiled variations may go unnoticed. Then we have some softwares which are produced by reputed software companies called RAT tools, can be used in place of Trojans as i explained in What Are The Various Methods To Deliver Trojans?
But i won't ask you to abandon these tools wholly, because most of the newbies won't try to recompile these programs or do some tampering with the executable.
So what is the best way to know if you are infected. I would say port scan yourself if you find any suspicious ports open probably you have Trojan installed on your box. A comprehensive list of know ports used by common Trojans can be found here: A port list of common Trojans and a comprehensive list of Trojans can be found here http://www.anti-trojan.net/en/trojanlist.aspx
How I can get rid of Trojan If I am infected?
If you are infected with a Trojan, first of all run a good anti-virus like Norton,Macfee or AVG etc. and/or a Trojan cleaner tool, you may be lucky if it detects and remove the Trojan.
But if you are unlucky, then in Windows XP/2000/NT from task manager select process viewer tab and try to locate if any unusual file is running. In windows 98, you can use a tool called 'psview' or 'process viewer' it is a freeware which allows you to see processes are running, even those which don't show up in the 'end program' box also allows you to change the priority of any running process as well as let you see the open files, an indispensable tool for 98 users. Also get a tool which can tell you which application is listening on which port, this may give you the filename of the Trojan, kill the suspicious process and get rid of the file. Or try to locate which processes are started automatically from 'msconfig' or registry key ' HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run', you may figure out Trojane executable file.
hey guys, help me to improve this FAQ ask any question if you feel is unaddressed here
----------------- FAQ Continues------------------------
What is the motive behind installing a Trojan?
The most prominant motive is to let your PC be controlled remotely, or install a backdoor in your box after a hacker has successfully entered it so that he has an ensured access to your box. It let a hacker to carry out his tasks from your IP, thus covering the hacker. Any reason you can think of, why would someone like to control your PC remotely, to see your private life or anything else, is the motive for installing a Trojan on your PC.
What is the difference between a Trojan and a virus?
Well, there is clear distinction between a virus and a Trojan. The distinction is, Replication. Replication is the first and the foremost requirement for a program to be categorized as virus. Even if a program is totally harmless but if it has the property to replicate itself, it is a Virus. But Trojans don't replicate, they basically let someone else control your box from someother computer without your knowledge.
Can a Trojan do harm to any Data on my PC?
By itself, usually no. Because the Trojans are usually not written with destructive payloads, but technically it not impossible to write such Trojans. So there are minimal chances that a Trojan by itself will so any harm to your data unless the hackers explicitly asks the Trojan to do it or a person has created a variation of the original Trojan to do so.
How Do I Know I Am Infected?
Under certain circumstances it may be very difficult. Though we have tools that claim to detect and remove Trojans including anti-viruses, but in reality these tools can only detect and remove only a fraction of existing Trojans. Secondly the source code some of the Trojans is free on net, ready to be compiled. This makes the scenario more worst. As this allows a lot of variations of the Trojan to be created with varied signatures. As most of anti-viruses and other tools rely on Signatures of malicious program, as stated by Anti-Trojan on this FAQ page http://www.anti-trojan.net/en/faq50001.aspx "Anti-Trojan works with a Trojan signature database. ", so the recompiled variations may go unnoticed. Then we have some softwares which are produced by reputed software companies called RAT tools, can be used in place of Trojans as i explained in What Are The Various Methods To Deliver Trojans?
But i won't ask you to abandon these tools wholly, because most of the newbies won't try to recompile these programs or do some tampering with the executable.
So what is the best way to know if you are infected. I would say port scan yourself if you find any suspicious ports open probably you have Trojan installed on your box. A comprehensive list of know ports used by common Trojans can be found here: A port list of common Trojans and a comprehensive list of Trojans can be found here http://www.anti-trojan.net/en/trojanlist.aspx
How I can get rid of Trojan If I am infected?
If you are infected with a Trojan, first of all run a good anti-virus like Norton,Macfee or AVG etc. and/or a Trojan cleaner tool, you may be lucky if it detects and remove the Trojan.
But if you are unlucky, then in Windows XP/2000/NT from task manager select process viewer tab and try to locate if any unusual file is running. In windows 98, you can use a tool called 'psview' or 'process viewer' it is a freeware which allows you to see processes are running, even those which don't show up in the 'end program' box also allows you to change the priority of any running process as well as let you see the open files, an indispensable tool for 98 users. Also get a tool which can tell you which application is listening on which port, this may give you the filename of the Trojan, kill the suspicious process and get rid of the file. Or try to locate which processes are started automatically from 'msconfig' or registry key ' HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run', you may figure out Trojane executable file.