Jump to content


Photo

whats a trojan


  • This topic is locked This topic is locked
36 replies to this topic

#1 nguyen8

nguyen8

    Member

  • Full Member
  • Pip
  • 76 posts

Posted 09 June 2004 - 03:05 PM

just curious what is a trojan and what does it do

#2 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 09 June 2004 - 09:02 PM

Depending on the type of Trojan, it can be more then one thing.

But first, a brief overview on how the term "Trojan Horse" came to use on computer systems. If you know or don't know Greek history (the trojans) had a spy amongst them known as 'Sinon' who offered trojans in the form of a wooden horse which was in fact hollow. The warriors hid inside the wooden trojan horse and when the city of Troy was unsuspecting they came out of the hollow horse and attacked the unsuspecting people. Thus they "backdoored" the wooden horse similar to that of an application on your computer which may be backdoored. It may have capabilities of doing things you are unsuspecting of on your computer.

A regular normal trojan (backdoor) may have the capabilities of doing harmless pranks on your computer, downloading/deleting files from your computer, getting your IP address, small DDoS attacks, etc. Pretty harmless for the most part and one of the lighter trojans (damage wise).

A IRC Bot is a backdoor trojan which the main purpose in most cases is DDoSing a person or a website. It will install itself to your computer and connect to an IRC server and channel and site there waiting for commands from the hacker. It can do such things as a normal trojans but it far more sophisticated DDoSing/pinging wise as you have full control over what it will DDoS, when, how many (packet wise), and how long. They are very bad and can result in you committing a serious crime.

A RAT (Remote Access Trojan) is the worst of them all. It gives a hacker FULL control over your computer. They have the option to view everything on your computer, delete anything, move anything and in a lot of cases, format your computer if they choose to do so, not to mention common keylogging of keystrokes to retrieve typed passwords.

In most cases, most normal, IRC and RATS can do common key-logging which makes a lot of them so nasty.

A small brief overview of a trojan.

#3 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 09 June 2004 - 10:04 PM

How can you tell which is which ? like if you pick up a random named trojan, how can you tell if it's a RAT, IRC & etc....


thanks ZERO :p
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 June 2004 - 10:12 PM

http://www.google.co...q=define:trojan

A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as a .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer's funcionability. Scary, eh? You can read more about this here, on our Trojans, Viruses, and Worms reference page. Your best line of defense is to NEVER accept files from someone you don't know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.
www.ircbeginner.com/ircinfo/ircglossary.html


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 09 June 2004 - 10:43 PM

How can you tell which is which ? like if you pick up a random named trojan, how can you tell if it's a RAT, IRC & etc....


By the name the file starts with an the .exe file . Example if the startup name says [Winsock2 Driver] you can pretty much guarentee its the Spybot trojan (IRC bot)

#6 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 10 June 2004 - 12:39 AM

Thanks CNM and Z.. I understand a buit more myself.. though trying to learn all this is mind boggling to sya the least.. :/
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#7 Nirvana

Nirvana

    In Bloom

  • Emeritus
  • PipPipPipPipPip
  • 1,614 posts

Posted 10 June 2004 - 12:40 AM

Isn't the whole idea of using the phrase 'Trojan', be it a virus or whatever contained therein, that it was allowed access by the user in the first place? As in the aforementioned story of Troy. :whistle:
"Computers are useless. They can only give you answers." Pablo Picasso

Please help to keep the forums alive with a small donation

#8 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 10 June 2004 - 01:32 AM

Hmmmmmmm I dunno... Zero & CNM???? :/
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#9 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 10 June 2004 - 07:19 AM

Yes. It is disguised as a "gift". Example, you are surfing the net and you see a link "Nero 6 full (works!!!)". You really think it is thjat particular software when in fact, it is just a trojan named that to fool the user.

Similar to what they did to Troy. They thought they were getting a giant wooden horse so they took it in, little did they know it was 'backdoored'.

Its why theyre callled 'backdoors'.

In more cases, a Trojan can be "binded" with a legitamate exe. So if you dio in fact download "Nero 6 full (works!!!)" it may work to show you nothing abnormal is happening, when the case is, you just ran two exe's. The software pack nero and a trojan.

#10 Moore

Moore

    LYER

  • Full Member
  • Pip
  • 55 posts

Posted 10 June 2004 - 10:46 AM

Hi :D , Good explanations Zero :thumbsup:

Here's some more info that might help people a liitle bit that I prepared earlier..

I hate trojans just as much as I hate spyware.. :evilgrin:

::Anti-trojan Guide::
http://www.bluetack....hp?showtopic=72

#11 jedi5

jedi5

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2004 - 11:34 AM

Hi all. :D

Question as well on trojans...

It is possible to get a trojan from dowloading songs on Kazaa, correct?
At least I'm going to say yes.
Not saying that I have cause we all know it's against the law :whistle: :whistle:


Is it possible to also get a trojan from going to a site... let's say a porn site?
In other words, you go to site xxx and all these pop ups starting coming up so you close them out or ALT+F4 them to close them. Now you never really entered any site and you didn't click on any links of these pop ups. So, can you still get a trojan just by going to a site?

Thanks
Rafael

#12 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 10 June 2004 - 11:40 AM

Yes and yes.

Downloading off of kazaa is like giving a hacker your computer. You can never really tell what you're about to run, the best option is to have an Anti-Trojan/Virus protector.

As for porn surfing; YES! You will definatly contract trojans/dialers/spyware. Guarenteed. Stay away....

#13 jedi5

jedi5

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2004 - 11:56 AM

As for porn surfing; YES! You will definatly contract trojans/dialers/spyware. Guarenteed. Stay away....

Stay away from all porn or just some porn? ;) :p

Yeah, my folks computer got hit with some MSLIB32 trojan.
I still haven't had a chance to stop by and take a look
or even post a log file.

The last time they got hit, I posted a log file and was able fix it for them
(of course with the help of everyone here too!! :D )

Anyway, the reason I asked is because I'm almost sure my younger brother went visiting sites he shouldn't have been to.
It could have been a song too but leaning more towards porn sites.

Rafael ;D

#14 illukka

illukka

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 105 posts

Posted 10 June 2004 - 06:40 PM

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe.. just be sure that your computer is set to show all extensions..a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways

it is very easy to change the exe icon to a mp3 icon, to make it look like mp3, but the extension will reveal

#15 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 10 June 2004 - 10:09 PM

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe..


For the most part yes, HOWEVER, there are exploits to cover the "hidden" extension though its rarly used in songs, it is possible.

a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways


Norton and Mcafee yes, the two most over hyped pieces of crap on the market.

NOD32, eTrust, AVG, Panda, Kaspersky - they all have a VERY well constructed database of trojans AND viruses.

#16 illukka

illukka

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 105 posts

Posted 11 June 2004 - 08:08 AM

well we could argue about this forever, lets just say that i wouldn't rely on some on the av's you mentioned for trojan protection.. a good anti trojan (with a memory scanner) outperforms ANY antivirus, the possible exceptions are kaspersky and dr web

#17 Zero

Zero

    Advanced Member

  • Emeritus
  • PipPipPip
  • 224 posts

Posted 11 June 2004 - 10:07 PM

Which ones? Because, Haha, I'll admit it, I have no life, I have put each and every one of those anti-viruses through extensive virus/trojan tests, 40 trojans/40 viruses.

Each one did 80% or better on detection rate.

NOD32/eTrust got perfect. Their heuristics caught all the "unknown" trojans.

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 June 2004 - 09:42 AM

mneale, Your post has been moved to a thread of your own.
http://forums.spywar...wtopic=6555&hl=

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 bigjamesgti

bigjamesgti

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 13 June 2004 - 10:44 AM

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe..


For the most part yes, HOWEVER, there are exploits to cover the "hidden" extension though its rarly used in songs, it is possible.

a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways


Norton and Mcafee yes, the two most over hyped pieces of crap on the market.

NOD32, eTrust, AVG, Panda, Kaspersky - they all have a VERY well constructed database of trojans AND viruses.

does this mean that AVG is a good anti-virus program ??

Or have I mis-read and it actually means that AVG puts viruses and trojans ONTO your PC ???

#20 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 June 2004 - 10:56 AM

AVG is fine.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#21 illukka

illukka

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 105 posts

Posted 14 June 2004 - 03:59 AM

well i wouldn' call a 40 trojan test trustworthy.. test with 4000 trojans,or better with 14000. preferably different ones.. and exclude the non-malicious stuff from the test, the editservers and clients.. the results might surprise you..

or to make it more difficult and real-world like, pack some samples of each trojan with different packers/crypters.. then execute that trojan on your system and check if your av detects and removes it

#22 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 08 July 2004 - 05:26 PM

illukka,
If you are interested in how certain AV software performs in the detection of Trojans, you could take a look at the results of a small test I did. Granted its not 4000 trojans, but its a start. I should have access to a much larger collection shortly. When I do, I will rerun my tests.

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension

Take a look at the test files that I used in the AV test. None of the extensions have been modified and not all of them are executables. Edit: AV test example no longer valid. The format of my tests have changed.

Edited by Trilobite, 02 October 2004 - 02:39 PM.


#23 shadowl33t

shadowl33t

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 October 2004 - 09:45 AM

Who makes All these Trojans.. Does someone know? or is it a untracable hacker that have made it and he can never be tracked..
One more question..
Where have they learned to make trojans? :unsure:

#24 bluelight

bluelight

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 October 2004 - 10:19 AM

How can you tell which is which ?  like if you pick up a random named trojan, how can you  tell if it's a RAT, IRC & etc....


thanks ZERO  :p

View Post

:hmmm: Since reading info on trojans in this post I had a 2 trojans found. would anyone know any info about P2E.A found in C/ windows system 32 egauth.dll and P2E.A C/ windows system 32 p2esocks_1014.dll...what type of trojan is this and what can it do. YOu mentioned RAT and IRC types...does anyone know what type of trojan this is ...thanks

#25 veensneetz

veensneetz

    Member

  • New Member
  • Pip
  • 2 posts

Posted 06 October 2004 - 01:31 PM

all your "what is" available here http://www.linuxsecu...rse-virus.shtml :cool:

#26 lowsparker

lowsparker

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 October 2004 - 09:08 PM

what should I do given that I believe I have a trojan file or two on my computer? Norton was only able to quarantine... should I get nod32?

#27 auctionhugh

auctionhugh

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 24 November 2004 - 08:21 AM

what should I do given that I believe I have a trojan file or two on my computer?  Norton was only able to quarantine... should I get nod32?

View Post


Frankly I think quarantining should be adequate in terms of removal. But if it told you what the virus was it quarantined, go to http://www.sarc.com and search for it. It should have complete removal instructions.

_______________________
Professional Web Design by AuctionHugh's Wife Kathleen
Artistic - Straightforward - EASY for You!
Examples and Pricing at Kallen Web Design

#28 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 25 December 2004 - 05:05 AM

Seems to me that the terms virus, worm, trojans describe how they spread rather than what they do.

Conversely terms like spyware, adware, rootkit, backdoor, keylogger, adware, browserhijacker,dialer etc actually describe what they do.

Worms spread automatically without needing human interaction. In the past it was through the network shares, these days it normally via email.

Viruses, like worms once executed have the capability to replicate by themselves. They however rely on a hosts file which is infected.

Trojans can't replicate themselves, they are disguised programs that trick the user into
running them.

Traditionally, most trojans are/were backdoors, keyloggers and rookits, though these days any combo might exist.

Some combo malware like Nimda are both a worm and a virus , while many combo malware these days also open backdoors but spread like worms.

Understanding all these distinctions are important, but almost as important as understanding what your security software covers and what it does not.

For example it would be a very bad mistake to think Adware or Spybot cover rootkits or most backdoors for example.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#29 Alpha_Blue

Alpha_Blue

    Malware Fyta

  • Full Member
  • PipPipPipPip
  • 417 posts

Posted 22 November 2005 - 10:22 PM

Correct. Even most anti-virus software cannot detect a full run of trojans...detection rates can range from 65 percent at a low to around 88 percent or so based on tests I have read...and those are the best AV's out there...meaning that you need extra anti-trojan software to be extra protected against them.

#30 chrono_trigger666

chrono_trigger666

    Member

  • Full Member
  • Pip
  • 19 posts

Posted 15 December 2005 - 03:44 AM

I got a question.

Which software or groups of software do you actually recommend?

many stand alone software designed specifically or one whole security suite software

#31 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 May 2006 - 10:42 AM

People, please each post your own NEWTOPIC - in Malware Removal if you want help removing something. In this forum if you have a question about tools.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#32 franke1

franke1

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 October 2006 - 10:20 AM

just curious what is a trojan and what does it do

Actually, malware is the term used to refer virus,worms and trojan.Computer viruses can replicate like biological virus , but, trojan is a malware that performs a malicious actions but can not replicate.It may arise as a harmless file. When a trojan is executed, you can experience unwanted system performances and loosing of valuable data.

Edited by franke1, 25 October 2006 - 10:21 AM.


#33 MoniK

MoniK

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 26 November 2007 - 10:01 AM

I wonder what is better in terms of my PC's protection Norton or AVG? Thanks

#34 PP3P

PP3P

    Advanced Member

  • Full Member
  • PipPipPip
  • 156 posts

Posted 26 July 2008 - 12:27 PM

A IRC Bot is a backdoor trojan which the main purpose in most cases is DDoSing a person or a website. It will install itself to your computer and connect to an IRC server and channel and site there waiting for commands from the hacker. It can do such things as a normal trojans but it far more sophisticated DDoSing/pinging wise as you have full control over what it will DDoS, when, how many (packet wise), and how long. They are very bad and can result in you committing a serious crime.


this 'makes sense' of the comment I frequently see on threads with back door trojans where the victim is advised to reformat and reinstall windows as the computer can never ever be fully trusted again; I presume because the invader can control the computer to his /her whim and fancy BUT it would appear to come from the owner and not the hacker , thus creating a criminal out of the owner ; I had not viewed the infection in this light before :techsupport:

#35 Trblestrife

Trblestrife

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 05 October 2010 - 12:54 PM

I'm using NOD and it's great, as is Kapersky. Not sure about the others, AVG is pretty low-tech.

#36 Amellia

Amellia

    Member

  • Banned
  • Pip
  • 1 posts

Posted 27 July 2011 - 05:40 AM

Trojans or spyware or malware are terms used for virus infections of your PC. they are many depending upon the harm they do t0o your computer and its data. and there are many ways by which Trojans enter into your PC like through any external device, internet or other.The thing which is important that virus does a lot of harm to your computer and its data. so it gets important to remove these Trojan plugging as soon as possible with the help of a good anti-virus. you an take the help of spywareremovalguide]spyware removal guide for searching the best suitable anti-virus for your system and problem,and enjoy working on computer :keybrd: :diablo:

EDIT: To disable advertising link...

Edited by Budfred, 27 July 2011 - 06:11 AM.


#37 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 27 July 2011 - 06:19 AM

Trojans or spyware or malware are terms used for virus infections of your PC. they are many depending upon the harm they do t0o your computer and its data. and there are many ways by which Trojans enter into your PC like through any external device, internet or other.The thing which is important that virus does a lot of harm to your computer and its data. so it gets important to remove these Trojan plugging as soon as possible with the help of a good anti-virus. you an take the help of spywareremovalguide]spyware removal guide for searching the best suitable anti-virus for your system and problem,and enjoy working on computer :keybrd: :diablo:

EDIT: To disable advertising link...

This definition is incorrect and the person posting it is noted to be a possible SPAMmer... The link was disabled to prevent rewarding this kind of SPAM and to protect the casual observer who might click on the link... Viruses are different from trojans which are different from spyware and so on... They have different names because they are different types of attacks... Anyone who wishes to check out guides for programs for protecting against malware can find many safe options through our forum or by checking well known sites through Google...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button