Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Undetectable Trojans???

  1. #1

    Question Undetectable Trojans???

    Is there a such thing as an "undetectable" trojan? Or, can they all be found via regedit, netstat, win.ini, etc.?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    I've never heard of something not being able to be removed from your system without some digging. Usually you don't even need to worry about finding it yourself. If you have an Anti Virus scanning program, and is kept up-to-date, it should find anything that's out there. If you are a big Peer-to-Peer user, then you might get hit with one brand new. But the AV people have employee's working around the clock to keep ontop of anything that's new on teh market virus/trojan wise. That's why I have my system update the virus scanner every night, and then afterwards scan all my hard drives. Because incase one gets by, then you are usually ok if you do a scan and pick it up. The AV should be able to remove it, or at least tell you what it is so you can go online and search for a removal tool.
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hmmm, removing is one thing, but detection is another thing. It also really depends on which trojan and which OS. There is a trojan for unix/linux which is very hard to detect. As far as i'm aware, theres only one tool to find that specific trojan. Its a very rare trojan, actually its a lot more than a simple trojan. It does not sit and listen on a port like other trojans, it does not show up on any process listing, it only shows up with its antidode. This trojan is called KIS (kernel intrusion system) made by 0ptyx. Its by far the most advanced trojan tool i have ever seen. It acutally sits inside the kernel itself. Even IDS cannot pick up the setup of this trojan. On the other hand, normal users have nothing to fear, since the trojan KIS is used very rarely and its target is mainly very high security boxes. I have never heard of this trojan infecting a home user, or even a small private company.

    For the normal common trojans on windows systems, there are some excellent tools to remove them. I always recomend a look at www.moosoft.com aswell as getting adaware. Netstat is also helpful, since it shows which ports are in state Listen. On the other hand, on windows it normally takes user error to get infected by a trojan, as in lack of antivirus, lack of knowledge, by just clickin on files where you have no idea what they are etc.....

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    I've got a few ideas for an (almost) undetectable trojan/backdoor.

    Simply setup a website on some free server somewhere holding your backdoor's plugins.

    Compile a program that you'll shoot off to the victim to open. Time passes, he opens the file, making an open connection to his computer, you connect to his computer with your backdoor client.

    But here's the thing. When you want to do something real lame (ex. eject /dev/cdrom), you give the command to his pc to download a plugin from the website (on the same port - so the server will have to be quite lenient...), you play around, he gets annoyed, you disconnect, and the plugins are deleted from his computer. So tomorrow, when he scans, he'll find nothing "malacious," ... a specific port, however, will remain open on his computer - for you to connect to his PC.


    Blah... i'm just rambling now, though. It was just an idea anyways... *grin*
    ...This Space For Rent.

    -[WebCarnage]

  5. #5
    there are some wintrojans that few antiviruses detect and not just older ones but ones like netbus or back orifice every updatable antivirus i know of can detect them

  6. #6

    Question Trojan Guarder 3.87 found Blazer 5?

    Ok...here's the deal. I just downloaded and installed Trojan Guarder 3.87 and when I launched it, it found two files right off and identified them as trojans - igfxtray.exe , hkcmd.exe . In addition, when I clicked the "Network" button on the main window, I notice there's an entry under "Local Port" that reads 5000:Blazer 5 . Is this a trojan? If so, how do I get rid of it?

    P.S. - Is there a way to determine where a trojan came from?

  7. #7
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by jaxxofdeath
    there are some wintrojans that few antiviruses detect and not just older ones but ones like netbus or back orifice every updatable antivirus i know of can detect them
    What the heck are you talking about? I would consider back oriface and netbus to not only be one of these 'older ones'... infact they both are (exstreamly) old, indeed. And besides that you act almost surprised that they are very detectable. I'd highly feel sorry for any AV that couldn't detect those... any AV that doesn't catch on to that would be beyond lame.

    http://www.pestpatrol.com/PestInfo/db/b/blazer_5.asp
    In this URL I didn't see info on the regkey and futher info on it but im sure you can find/destroy it if its even really in your box.

  8. #8
    I don't believe any trojan is "undetectable" there is always some way to detect it. Its like sayin that something is impossible or something. Most anti virus's detect trojans now adays, but maybe there is a new trojan that no anti virus can detect yet. Well keep lookin man maybe ull find what you need. Great question by the way.

  9. #9
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    Seventh Angel: Here's some info about the "trojans" that were found:

    Intel Graphics Tray. System Tray icon which gets installed with the drivers for onboard VGA cards based on the Intel 81x graphics chipset. Double-clicking on it enables you to quickly change the display resolution, save your current Display Scheme, or configure your onboard graphics card. You can also configure keyboard hotkeys (shortcuts – this is handled by another background task called HKCMD). You can access the same features through the "Intel Graphics Technology" icon in the Control Panel.

    Recommendation :
    Although great in theory, on some PCs we have found that whenever IGFXTRAY and HKCMD are running, Windows Explorer is prone to hanging and showing as "not responding" in the Task List. Our recommendation, therefore, is that you should not have this tray icon running, and that you should also not use the hotkey facility that comes with it. Disable both IGFXTRAY and HKCMD with Startup Manager.
    The info came from http://www.answersthatwork.com/Taskl...tasklist_i.htm

    AJ

  10. #10
    Thanx a bunch for all the great responses. Still waiting for someone to give "the new guy" some insight on what to do about this "Port 5000/Blazer5" issue ...lol. Maybe I should do a system restore...which I HATE, by the way...lol.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •