Printable View
HI
Few days before i had a trogen in my comp. through some insecure site. My antivirus could not detect it and i removed it manually by backtracing it and removing its registry entries. I want to know whether my system is secure in this way of removal of trojans? as my antivirus scanner doesnt detects it at all.
Do Reply
What sort of antivirus solution do you have? Do you keep it updated?
I recently wrote a tutorial on cleaning up your PC. In it I talk about antivirus solutions as well as general cleanups. Hopefully it can help you.
My tutorial (click here)
My antivirus is Antivir and i update it when ever its latest patch is available.
Moreover i its virus registry doesnt have any such trojan enlisted in it (even after latest update patch). So is my way of virus removal secure??
Or else what other ways of manual virus removal are there??
Do you have any anti spyware programs? Those are made to remove trojans as well. I listed several good ones to use in my tutorial*
*sorry for the shameless plugging but I figure that tutorial pretty much has all links/answers there for this sorta thing.
I have a NOADWARE spyware but it isnt efficient either. \\\
When you say you removed its registry entries, are you saying that is all you removed? It may have attached itself to programs already on your computer, such as a web browser (as a plugin or toolbar maybe?) or system process. If this is the case it may be quite difficult to remove.
However, most trojans do not exhibit this type of behaviour, and merely place registry entries ensuring that they will be executed when the computer is booted. By deleting those registry entreis, you have likely ensured that they will not start when you reboot the computer. If you have not done so already, you should also delete any files which may be associated with this trojan, then reboot and make sure they haven't reappeared again. Also check the running process list (CTRL-ALT-DEL=>Task Manager=>Process List) and make sure it is not running. If you cannot remove it in this manner, reboot, enter safe mode, and remove it from there.
As for removal tools, don't just check your particular antivirus vendor's site for them. Check other sites, such as Symantec, McAfee, or Grisoft. As a matter of principle, they make removal tools free for download. Unfortunately, it may be difficult to find a removal tool for this trojan as you have not properly identified it yet. Try other virus scanners to see if they can identify the trojan for you.
If you cannot identify it, you have likely removed it by following the above steps, if you have not done so already.
Don't forget to submit the trojan to a few AV companies for research.
I suggest you go download some of the better known ones (Ad-Aware SE , Spybot:Search and Destroy , Microsoft Anti-Spyware [beta] ). Use one or more of those together to see if you can root this problem out. They're all free.Quote:
To answer the Question..
Manual Trojan removal can be as secure or more secure than an automated removal..
now The BUT....
when the trojan is not identified by any AV prog.. this also means your ability to identify ALL of its components will be very limited.
What was the executable that raised your awarness to you haveing a trojan.. what source of information did you use to identify the components..
If you only removed the Registry entries that pointed to that EXE then you have probably only half removed the trojan.
Next I would be very concerned about your current Anti Spyware solution...
http://www.webhelper4u.com/clones/noadware.html
Cheers
Virus:
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user.
Trojan:
Trojan Horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves.
Worm:
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file.
Source:http://service1.symantec.com/SUPPORT...99041209131106
Adware:
Adware is any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user. Adware has been criticized for occasionally including code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge.
Source:http://www.spywaredata.com/spyware/s...efinitions.php
Generally,most AVs and programs like Adaware dont remove trojans,they arent meant to do so you see..an AV usually can detect and remove the more popular trojans but they're meant to remove viruses..Adware's meant to remove different types of malware..it's recommended to use applications that are specifically meant to remove trojans for better results.Some programs you might want to look into if you want to make sure you're still infected:
1. TDS-3 from DiamondCS (http://tds.diamondcs.com.au/index.php?page=download)
2. TheCleaner (www.moosoft.com)
These programs generally get rid of most trojans just fine,however..what do you do if a friend managed to code a trojan of his own and kept it just for you?Use a firewall to see what programs have access to the internet from your computer.A few recommended firewalls would be:
1. Sygate (www.sygate.com)
2. Zonealarm (www.zonelabs.com)
3. Kerio (www.kerio.com)
There're several good threads on this site related to firewalls you could pick,try searching for them.
Well i also removed manually a 3 trojan and had problem with 2 virus this week
it was giving me such a pain...
i don't only scan with anti-virus programs
so i can say i have bit an experience with such stuff
what was the name of the registry entries, where u find them
maybe i know the trojan name and i can help u in that
how u did the search
u can pm me if u don't wanna share this info here, i will be seriously glad to help
I believe that The Renegade is pretty much on target with his classical definitions here. Most AV products are not very good at detecting trojans because they are not necessarily harmful, and they require user intervention to load.
As suggested you should use several products when it comes to dealing with spyware and adware.
With Spybot Search & Destroy, remember to use the "immunisation" facility that will block quite a few :)
With your AV, AdAwareSE and SpyBot, you should update them then reboot into SAFE MODE and run them from there. They will have a better chance of detection and removal that way as a lot of malware won't load in safe mode so will be dormant.
You might like to try Ewido as another product, it has a very comprehensive detection for around 100,000 nasties. OK it is only a 14 day trial with the interactive scan running, but it is free and updatable after that for manual scanning.
http://www.ewido.net/en/
You should get into the habit of emptying your browser cache, history and temporary files after an online session and before you re-boot. Don't forget to empty the Java cache...........in fact I usually disable the Java cache.
I see that TDS3 from DiamondCS has been mentioned. Whilst at that site get their free "RegistryProt"..............you might as well stop the damn things from landing in the first place :D
Also get Win Patrol (it is free)
http://www.winpatrol.com
Ok, from the EC member state of Austria allow me to introduce:
http://www.emsisoft.com/en/software/free/
A-squared is a very good (and free) anti-trojan tool
Please allow me to repeat, apart from Moosoft's "The Cleaner", you should run all this stuff in
safe mode
Good luck, and happy hunting :)