Viruses

How to Get Rid of Trojan Horse Malware

If you remember your Greek literature, the Trojan horse was used as a clever ploy to get within the heavily guarded and defended city of Troy. Disguised as a gift, the Trojan horse had soldiers hidden within, and once it was pulled in the city, the soldiers inside got out and destroyed the city.

In computing, the trojan horse is a type of malware, often disguised as a useful software application or game, that includes a payload that compromises a computer. Once this seemingly innocent file is executed, the payload, either containing a keylogger or a remote access code, is then run into the memory, infecting the computer.

A trojan horse can:

Trojans are not only limited in doing these activities. A crafty trojan programmer can create a trojan that can do almost anything; these are just some of the common examples.

Common Sources of Trojan Horses

A trojan horse needs to be run before it can infect and compromise a computer. The Internet is the most common source of this type of malware. In most cases, this malicious code is downloaded from the Internet, posing as a legitimate computer application. It can also come as an email attachment.

Some trojans also copy themselves to removable devices like diskettes and USB flash drives and when executed in a different machine, will lead to its infection. Most modern trojans exploit the autorun feature of removable drives, inserting code in the “autorun.inf” or creating the file if it is not present, instructing the computer to automatically run the malware once it is inserted into the computer.

Signs that your Computer is Infected by a Trojan Horse

There are a lot of telltale signs that your computer is infected by a trojan. If you find your computer acting strange, then it may possibly have a trojan. Here are some of the common signs that your computer is compromised by this type of malware:

  • CD ROM opens or closes
  • Screen changes resolution, color, or flips
  • Wallpaper is changed to something else
  • Documents print on their own
  • Pop-ups appear by themselves and your browser redirects to another website
  • Mouse buttons reverse: right button becomes left, and left becomes right button
  • Mouse moves by itself or disappears
  • Taskbar cannot be clicked or disappears
  • Shutdown command disappears
  • Suspicious dialog boxes, warnings, or errors often appear
  • Mysterious processes or programs are running in the task manager
  • Network or Internet activity even when computer is idle
  • Computer shuts down or restarts by itself
  • Chat dialog boxes appear on screen that chat with the developer of the trojan

Removing Trojan Horses

Removing a trojan horse is quite easy using antivirus software, or special software specially designed to remove certain types of trojans. However, some crafty cyber-criminals make their trojans block or disable security software, preventing repair or installation of such once the computer is compromised.

When this happens, you might think it is hopeless to have your computer fixed and you might think that you must have your computer reformatted. Surely reformatting your computer is an option, but you should treat it as a last resort, after you have tried these steps:

  • Check the currently running processes – this can be done using Window’s task manager or by using third-party software. The task manager can be run by pressing CTRL+ALT+DEL or by right-clicking the task taskbar and selecting task manager. Click on the “Processes” tab and view the running processes.
  • Research the running processes and determine which ones running are only Windows and other legitimate software processes. For example, if the process “iexpolore32.exe” says that it is a trojan, take note of it.
  • Kill the trojan processes by right-clicking it and selecting “Kill process”. If you get an “Access Denied” message, then you will have to disable the process from starting up. You can do that by either running msconfig [Start > Run > type “msconfig”] and go to the startup tab and disable the trojan process, or manually remove the entries from either the Windows registry or other Windows startup locations (startup folder, win.ini, etc.)
  • Sometimes, you may need to boot your computer in safe mode so that you can effectively disable the trojan process. In safe mode, only integral processes are run, which means the trojan process will not be automatically started when your computer is on. To boot your computer into safe mode, restart it and hold the F8 button until a menu appears. Select “Safe Mode” or “Safe Mode with Networking” if you need to have access to your network or the Internet.
  • After disabling the trojan processes from startup, search for the file and manually delete it. Make sure you completely delete the file, not just by sending it to the recycle bin. Check the recycle bin to make sure you have completely deleted the file.
  • Restart your computer normally and see if any of the symptoms appear. If they do still appear, you may have missed out some trojan processes. Try to double check the running processes again.

Some trojans “regenerate” by automatically adding themselves into the startup even after you remove them manually. Some may also use rootkits, a technique that completely hides their presence in the compromised computer. In cases like this, manual removal is almost impossible, unless you are an experienced user. If you encounter a trojan like this, the best thing to do is try to find out the name or type of trojan on the Internet and follow instructions on how to remove it. You can also download specialized trojan cleaners or removers that work for the type of trojan that you have.

Reformatting your computer is surely a last resort, but if you really have to, make sure that you backup all your files by putting it in a partition or burning it onto a CD or DVD. Remember that reformatting erases not only trojans but also your files.

Click here to for more information about how to get rid of trojan horse malware

About the author

Nicole Harding

Leave a Comment