Saturday, August 22, 2009

How to find Trojan Horse

1) Open the System Information Utility (msinfo32.exe). You will find it at: C:program filescommonmicrosoft sharedmsinfo. This program shows you all the processes running on any windows system, even those that are hidden from the task list that you normally use to look up the running processes on your PC. Now look for task listings which you do not recognize. Check the filenames and paths. Open your virus scanner and run the executable or .dll through it.

2) Open your antivirus software (If you don't have one, download AVG Anti-Virus Free Edition 7.5. It's pretty good and free). Run a virus scan. After the scan delete the value that was detected from the registry (first back up the registry!):

A) Click "Start > Run" B) Type "regedit" C) Click "OK" D) Go to the subkey:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices

E) Now delete any value in the right pane that was detected during the scan F) Exit the Registry Editor

3) If the steps 1) and 2) didn't help, download the free program HijackThis. It shows all the processes running on your system. Once listed, you can manually select and delete the fishy processes.

The problem is you have to know which processes are normal and which maybe caused by a trojan. If you delete the wrong ones - if the worst comes to worst - you won't be able to restart your system. To avoid this, you can post your hijack log on some internet forums and wait for help. This can take a lot of time - and get on your nerves as well. Once, it took me more than 2 weeks to completely cure my PC from a trojan attack. Nothing seemed to help, the anti-spyware programs on my system got stuck, the internet browsers didn't run like they should and there were no ominous processes in the hickjack log. Finally, in despair I tried the NoAdware Program - it was for free. It found 14 infections and after the files were deleted, the system worked like before. I don't know if it will solve your problem, but I wish, I had this program on my system from the beginning and could save all the time I wasted - and the bad emotions. You can download it here
P.S. This may also help: Restart your computer with your Boot-CD and run an antivirus program.

No comments:

Post a Comment