What is a Trojan Horse? How does a person block it?
Like any other virus-like code, it’s better to delete the infected file than to block the port.
A trojan horse is an otherwise perfectly good file which holds a dark secret-- it gives someone else access to and control over your computer.
Most trojans are easily detected by the major antiviral software packages, so use a couple of those, and keep them updated.
A good firewall can also help keep you safe.
-David
In computer terms a trojan horse is a small program that runs on your computer, often in a way that is hard to detect, and (often) either:
-enables remote access to resources on your machine
-sends information about your machine (keypresses which may include credit card numbers that you are netering into a secure page) back to the person responsible for it.
-modify parts of your system software
-disable security features
-deploy a virus program
Most good antivirus programs will also detect and disable trojans.
Check out www.grisoft.com for free installable virus software and http://housecall.antivirus.com/ for a one-off (but rather more thorough than grisoft) scan.
Trojan horses named after the real McCoy: something that looks harmless on the outside with a deadly payload inside. They are always programs, perhaps utilities with some uses. There are however always some hidden routines that can be triggered to do a number of things, From destroying your files to enabling remote control of your computer.
And beware of Greeks bearing disks.
Even more so, beware Geeks bearing disks.
Trojan horses are most common, by the way, in pirated software. Think about it: You’ve got people who don’t mind breaking the law, modifying software to suit their own ends, and then distributing it anonymously. Why should you trust them?
My brother’s entire computer contents were recently destroyed by a Trojan Horse. He had to reinstall everything.
I tried to set up a printer on another computer. The computer told me to go online and download an update before installation could be complete. I downloaded it, then my firewall blocked access when it was time to upload and it told me not to grant access. With what happened to my brother, I was afraid to get the update. Of course, now the printer does not work, but I can live with that. I have Zone Alarm.
I appreciate your opinions.
While that can be done, it is not the fastest or easiest way of spreading trojan horses.
Think about it: all you have is the binary. The only way to embed a trojan is do it like what old fashioned viruses do. Most people lack the skill and knowledge to do that. Those who can, most likely have better things to do with their time.
Why are there any good old fashioned hand crafted viruses out there anymore? All we get now are those low grade stuff. Blah.
What, then, would you argue is the fastest way of spreading them? A trojan horse is, by definition, embedded in something the user would want. The only way to get that is for the person distributing the horse to either write the useful program himself, or modify an existing program. The latter is much easier. And who modifies existing programs on a regular basis? The folks removing the copy protections.
Fastest way of spreading? People that open email attachments without scanning them. People that open email attachments without knowing who it’s from. People that open email attachments called ‘annakornikova.exe’ (or anything named *.exe) I’ve yet to run into any ‘pirated’ software that has been exploited or modified to include any virus or trojan. I refuse to accept any executable file attachment on my mail server, your network admin should be doing the same. At home, a good virus scanner, a good firewall, and some COMMON SENSE is your only defense. Stock up on all 3 and you’re golden.
Norton Antivirus told me I have the Backdoor SubSeven Trojan horse virus. However, it wont allow me to fix it, quarantine it or repair it. Ive even tried deleteing the file manually but it cant be deleted. Any ideas? (aside from a full format and reinstall?)
You guys might find the paper “Testing Times for Trojans” interesting:
Jayrot: detailed instructions on removing subseven linked, although I recommend you searching Symantec yourself to make sure the variant you’ve got is a match. There are slightly different routines for removal depending on the version of the virus. good luck:
http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html
Although from my point of view, the only removal tool for any compromised box is fdisk.
Not sure about that. I submit it is much easier to write a program of some utility from scratch then dealing with debuggers and hex editors. It’s not that hard to turn out a program that does bulk file renaming in VB, Java, or some other RAD. Games even.
Yes, most often they don’t remove the copy protection, they just bypass it. Much easier that way.