Recently I had to deal with a Trojan that managed to infest various parts of my computer. Fortunately my firewall (Outpost) notified me of the activity of this trojan as it attempted to modify Firefox (my browser) whilst I was using it to browse the internet. It was trying to modify Firefox in memory so that it could then carry out its dirty work on the net whilst I was happily browsing. All its activity would have gone unnoticed and unchecked by the firewall because I grant Firefox access to the net and it would have all appeared to have been coming from Firefox (which the trojan had compromised).
Anyway…the firewall has a warning system for programs that are modified whilst running in memory so that was not a problem per say…removing the beast was, however, another matter entirely. Many hours later I pass on the following tips.
The first thing to do is take a read of the information at The Parasite Fight (at Aumha). You should be able to find out most of what you require here.
The tools I used were:
Trajan scanning / removal tools
- HiJackThis (free)
- Ewido Anti-Malware (free for 14 days –> buy)
- Trojan Remover
- Advanced Process Manipulation (Free)
- Trojan Hunter (Trial –> buy)
Trojan prevention tools
- Many of the removal tools above also have prevention systems in them should you wish to implement them
- DiamondCS Process Guard - is a stand-along prevention application that I am running at present to test it out.
Resources
- The Parasite Fight (at Aumha)
- Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
- Aumha forums
- Geeks to Go! -> Malware Removal - HiJackThis Logs Go Here
Other helpful sites include:
- http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Advice
I advise reading the information at The Parasite Fight (at Aumha). Follow the directions there. The most useful applications I ran were Ewido Anti-Malware and HiJackThis (if you want to get a scan of your computer and then submit the results to Aumha forums or Geeks to Go! -> Malware Removal
I would suggest downloading Ewido first and following the instructions found at CastleCops CCSP Ewido Install and Scan Instructions
If you still appear to have an infection then go onto a more precision approached by using HiJackThis and getting someone at one of those forums to review your log file.
Happy hunting…
2 Responses to “Trojan and malware removal”