question about trojans
Results 1 to 9 of 9

Thread: question about trojans

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    4

    question about trojans

    ok, newbie question. i'm 90-100% sure that i had a trojan on my system before. i have since then formatted, but i'm not sure if that is adequate. i've ran several anti-trojan/cleaning programs, and each of them came up with nothing, but if the person i got it from wrote his/her own code, this would mean nothing, correct? my cable l.e.d. for activity runs pretty consistently, and i'm not sure what kind of background noise this could correspond to. any help would be much appreciated.

    --also, how do i get netstat to keep the window open. when i run it the window pops up and then disappears before i can see anything.

  2. #2
    Member
    Join Date
    Nov 2003
    Posts
    71
    If you've reformatted there is a pretty good chance that everything is ok... i may be naive but i'm pretty sure that a backdoor could not hide in a bootsector. However if you are still paranoid you could always go through your registry and look for suspicious entries. I mean if the person coded it themselves you really are kinda on your own as far as AV's go.... HOWEVER... what I and everyone else that's going to reply would strongly recomend is a FIREWALL. I'm sure someone will give a list of decent ones... I would but I don't want to point you in the wrong direction... hope this helps.

  3. #3
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    665
    which Trojan removers have you used have you tried MooSoft the Cleaner..

    also, how do i get netstat to keep the window open. when i run it the window pops up and then disappears before i can see anything.
    yes checking with netstat is a good option, in windows Cilsk Start-->Run-->Command and at the prompt type netstat and netstat -a to check all the active connections and all the listining ports respectivaly.

    Close all Browser windows and then run Netstat see it there are still some active connections. If there are then there might be some trojan trying to connect to some remost host.

    Type Netstat -a and you will be able to see al listining Ports you can then use google to see more info on that port and possible services running on it

    --Good Luck--

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    HOWEVER... what I and everyone else that's going to reply would strongly recomend is a FIREWALL.
    Firewalls are a must-have but they will not protect you from getting a trojan on your system. A firewall will warn you if the trojan is trying to send something over the net--like information back to its owner's computer.. but if it's just modifying/deleting files, a firewall can't do much about that.
    I'm sure someone will give a list of decent ones...
    Try here
    --also, how do i get netstat to keep the window open. when i run it the window pops up and then disappears before i can see anything.
    I assume you're trying to run it from the "run" dialog box. Instead of typing "netstat" into it, type "cmd" or "command" (depending on which version of windows you're using). Then from the DOS prompt type netstat.

    Later,

    mjk

    edit: Damnit, Swordfish!! Beat me while I was typing!

    Oh, I also just realized that "command" will work in Win 2k as well... But "cmd" will not work in 95/98/ME

  5. #5
    Junior Member
    Join Date
    Mar 2004
    Posts
    4
    is there a tutorial anywhere of what to look for? like what ports to watch for...other things to look for...etc

    thanks for the help guys

  6. #6
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    665
    Type Netstat -a and you will be able to see al listining Ports you can then use google(Put the port number in the google.com) to see more info on that port and possible services/Trojans running on it .

    Check all the running processes you can also use a third party Process Viewer like this one and if you find some suspesious process use google again .

    Again the same question have you tried MooSoft The Cleaner, It's not very easy to find a trojan on your own. As you have stated that it might be a new one so i agree cleaner wouldn't be able to detect it using its signature, but it's resident shield might be able to detect trojan like suspecious activity like some process trying to connect to a remote host etc as far as i remember Cleaner does that .

    Hope these links help


    --Good Luck--

  7. #7
    Junior Member
    Join Date
    Mar 2004
    Posts
    4
    thanx swordfish, yes i have tried the cleaner, nothing came up, but i'm gonna check all the listening ports and established ports anyway. it appears that i have some ports established even when i have nothing running. not sure what that's about.

  8. #8
    Junior Member
    Join Date
    Feb 2004
    Posts
    12
    Maroni,

    I respect your paranoia, but I don't think you have anything to worry about. Viruses can live on a boot sector, but this a rather old school approach. Furthermore, they don't have any network level capabilities from that layer. Typically, these types of viruses will copy themselves to the boot sector of other drives, but the functionality is usually limited to modifying/deleting files. Formatting a drive may not erase a boot sector virus but it will definitely eradicate a trojan that requires an operating system to exist.

    I suspect you are on a broadband connection that uses a shared medium such as Comcast's cable internet service. If so, your traffic LED is constantly flashing because the physical medium is shared with everyone in your general area. In this case, you will see a lot of broadcast traffic i.e. arp broadcasts and netbios broadcasts.

    You should also keep in mind that everybody knows the IP space of the major broadband networks and they are heavily targeted. Very few home users take the steps to properly secure their systems, which makes these networks a hot spot for attackers looking for zombies etc. Port scanners are constantly running on this IP space, which will generate a fair amount of traffic to your computer (hence causing your traffic LED to blink a lot). The LED on my cable modem blinks even when my PC is off! This is why you should be sure to install a firewall of some sort. I’ve used the free version of ZoneAlarm and have been relatively satisfied with it. Keep in mind that any locally installed firewall will interfere with IPSEC/PPTP VPN connections. You can also use Microsoft’s integrated Internet Firewall if you use Win 2K or XP.

    http://www.zonelabs.com/store/conten...id=zadb_zadown

    Hope this helps,
    _TOMDAQ

  9. #9
    Junior Member
    Join Date
    Mar 2004
    Posts
    4
    thanx tomdaq, appreciate the info.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides