Thread: Trojan Horse Removal

What is a trojan?

Trojan horse removal is essential. But first lets define what a trojan horse is in the computer world. A trojan horse is an executable program that is designed to disrupt or hijack applications on your computer. The reason why these programs are developed are often to initiate other attacks from more advance malware such as spyware. In essence, trojan horses are used to break down security to make your computer more vulnerable to attack. A good AntiSpyware program can be an easy step for trojan horse removal.

5 Trojan Horse Removal Steps

Trojan horse deletion can sometimes be as easy as using a spyware removal program. These programs can identify the trojan by name or behavior. This should be your first step before moving on to more difficult removal procedures.

Step 1:Identify the Trojan

If you know the trojan you have you can move on to step 2. Before you begin trojan horse removal, you must be able to identify the malware. Luckily your computer will have already given you clear signs that you have a trojan horse infection. When you have a trojan horse your computer will often send you an error message that an abnormal process is occurring in an application. This error is called a DLL error. This dll process is linked to an specific trojan. So, if you can identify the dll, you can identify the trojan. There a tons a places on the net that will help you identify the dll process. Just copy and paste the error dll error into one of the websites like www.processlibrary.com. It will then give you all the info you its a malware or normal process. If its a trojan it will give you the name of exe file.

Step 2:Display Hidden Files

Hidden files can make manual trojan horse removal impossible. It is often necessary to search the hidden contents of your computer to unearth malware. Most good anti-spyware programs can search through your hidden files automatically. You will need to need take a few steps to display all hidden files and folders.

In XP

1. Close all programs
2. Click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. Select the View tab in the new window.
5. Check Display the contents of system folders.
6. Under the Hidden files and folders, select Show hidden files and folders.
7. Uncheck Hide file extensions for known file types and Hide protected operating system files.
8. Click Apply button and Restart



In Vista

1. Close all programs so that you are at your desktop.
2. Click Start button.
3. Click Control Panel.
4. In the control panel, Click on the Appearance and Personalization.
5. Click on Show Hidden Files or Folders.
6. Under the Hidden files and folders section select Show hidden files and folders.
7. Uncheck Hide extensions for known file types and Hide protected operating system files.
8. Click Apply button and restart.


Step 3:Stop the Trojan's Processes

Before attempting to purge your system of a trojan, the first step is to Load your PC into SAFE MODE and stop all processes related to the trojan.

1.In Safe Mode, open up the task manager by pressing CTRL-ALT-DELETE.
2.Highlight the process by clicking it.
3.Click the End Process


Step 4:Edit the Registry

In order for the trojan to be completely removed from your system, you need to remove its registry entries. This way it will not be able to re-install itself. The Trojan is a "exe" process so you can find int the RUN folder of your registry. The registry key: HKEY_LOCAL_MACHINE> SOFTWARE>Microsoft>Windows>CurrentVersion>RUN

This action will help you eliminate and chance of it reinstalling itself. Here is how:

1. Click Start
2. Click Run
3. Type regedit
4. Find this registry key:

HKEY_LOCAL_MACHINE/
SOFTWARE/
Microsoft/
Windows/
CurrentVersion/
RUN/

5. In the right section click the process. For example is the trojan is "rusvdgpo". Delete all exe and dlls associated with the trojan names .
6. Delete the value.


Step 5:Check your Startups

1. Open your Start menu.
2. Click Run
3. In the command screen type"msconfig.exe"
4. In the "system configuration utility",click "startup" tab
5. Uncheck any process that is associate with the trojan.
6. Click "OK"
7. Restart


Source

very useful and informative information I am sure that you will be receiving many kudos on this one keep up the good work

Use the Excelent AV and great Fireall and scan every days for new virus.

If you are a windows 7 user, I'd suggest enabling the showing of file extensions as well. This is done by going into Folder options and unchecking (if checked) "Hide extensions for known file types" see pic below.

thanks i didn't know about this lil part no wonder why not all anti-virus except avira sometime detect hidden trojan so im gonna restarted since i just recently unclicked and show hidden files. i hope i get more viruses/trojan/spyware to be removed from this laptop.

It's really amazing tricks... Thanks for sharing.

combofix automates alot of trojans for those who wanna use it..

I usually end up screwing up my computer more when I try to remove them. I just reinstall OS and be more careful in the future.

i also use the safe mode to remove any trojan or virus that open at startup

and i think it is safe to use safe mode