36 replies to this topic

[nguyen8]

just curious what is a trojan and what does it do

[Zero]

Depending on the type of Trojan, it can be more then one thing.

But first, a brief overview on how the term "Trojan Horse" came to use on computer systems. If you know or don't know Greek history (the trojans) had a spy amongst them known as 'Sinon' who offered trojans in the form of a wooden horse which was in fact hollow. The warriors hid inside the wooden trojan horse and when the city of Troy was unsuspecting they came out of the hollow horse and attacked the unsuspecting people. Thus they "backdoored" the wooden horse similar to that of an application on your computer which may be backdoored. It may have capabilities of doing things you are unsuspecting of on your computer.

A regular normal trojan (backdoor) may have the capabilities of doing harmless pranks on your computer, downloading/deleting files from your computer, getting your IP address, small DDoS attacks, etc. Pretty harmless for the most part and one of the lighter trojans (damage wise).

A IRC Bot is a backdoor trojan which the main purpose in most cases is DDoSing a person or a website. It will install itself to your computer and connect to an IRC server and channel and site there waiting for commands from the hacker. It can do such things as a normal trojans but it far more sophisticated DDoSing/pinging wise as you have full control over what it will DDoS, when, how many (packet wise), and how long. They are very bad and can result in you committing a serious crime.

A RAT (Remote Access Trojan) is the worst of them all. It gives a hacker FULL control over your computer. They have the option to view everything on your computer, delete anything, move anything and in a lot of cases, format your computer if they choose to do so, not to mention common keylogging of keystrokes to retrieve typed passwords.

In most cases, most normal, IRC and RATS can do common key-logging which makes a lot of them so nasty.

A small brief overview of a trojan.

[irelynnmisses]

How can you tell which is which ? like if you pick up a random named trojan, how can you tell if it's a RAT, IRC & etc....


thanks ZERO

[cnm]

http://www.google.co...q=define:trojan

A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as a .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer's funcionability. Scary, eh? You can read more about this here, on our Trojans, Viruses, and Worms reference page. Your best line of defense is to NEVER accept files from someone you don't know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.
www.ircbeginner.com/ircinfo/ircglossary.html

[Zero]

How can you tell which is which ? like if you pick up a random named trojan, how can you tell if it's a RAT, IRC & etc....

By the name the file starts with an the .exe file . Example if the startup name says [Winsock2 Driver] you can pretty much guarentee its the Spybot trojan (IRC bot)

[irelynnmisses]

Thanks CNM and Z.. I understand a buit more myself.. though trying to learn all this is mind boggling to sya the least.. :/

[Nirvana]

Isn't the whole idea of using the phrase 'Trojan', be it a virus or whatever contained therein, that it was allowed access by the user in the first place? As in the aforementioned story of Troy.

[irelynnmisses]

Hmmmmmmm I dunno... Zero & CNM???? :/

[Zero]

Yes. It is disguised as a "gift". Example, you are surfing the net and you see a link "Nero 6 full (works!!!)". You really think it is thjat particular software when in fact, it is just a trojan named that to fool the user.

Similar to what they did to Troy. They thought they were getting a giant wooden horse so they took it in, little did they know it was 'backdoored'.

Its why theyre callled 'backdoors'.

In more cases, a Trojan can be "binded" with a legitamate exe. So if you dio in fact download "Nero 6 full (works!!!)" it may work to show you nothing abnormal is happening, when the case is, you just ran two exe's. The software pack nero and a trojan.

[Moore]

Hi , Good explanations Zero

Here's some more info that might help people a liitle bit that I prepared earlier..

I hate trojans just as much as I hate spyware..

::Anti-trojan Guide::
http://www.bluetack....hp?showtopic=72

[jedi5]

Hi all.

Question as well on trojans...

It is possible to get a trojan from dowloading songs on Kazaa, correct?
At least I'm going to say yes.
Not saying that I have cause we all know it's against the law


Is it possible to also get a trojan from going to a site... let's say a porn site?
In other words, you go to site xxx and all these pop ups starting coming up so you close them out or ALT+F4 them to close them. Now you never really entered any site and you didn't click on any links of these pop ups. So, can you still get a trojan just by going to a site?

Thanks
Rafael

[Zero]

Yes and yes.

Downloading off of kazaa is like giving a hacker your computer. You can never really tell what you're about to run, the best option is to have an Anti-Trojan/Virus protector.

As for porn surfing; YES! You will definatly contract trojans/dialers/spyware. Guarenteed. Stay away....

[jedi5]

As for porn surfing; YES! You will definatly contract trojans/dialers/spyware. Guarenteed. Stay away....

Stay away from all porn or just some porn?

Yeah, my folks computer got hit with some MSLIB32 trojan.
I still haven't had a chance to stop by and take a look
or even post a log file.

The last time they got hit, I posted a log file and was able fix it for them
(of course with the help of everyone here too!! )

Anyway, the reason I asked is because I'm almost sure my younger brother went visiting sites he shouldn't have been to.
It could have been a song too but leaning more towards porn sites.

Rafael ;D

[illukka]

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe.. just be sure that your computer is set to show all extensions..a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways

it is very easy to change the exe icon to a mp3 icon, to make it look like mp3, but the extension will reveal

[Zero]

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe..

For the most part yes, HOWEVER, there are exploits to cover the "hidden" extension though its rarly used in songs, it is possible.

a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways

Norton and Mcafee yes, the two most over hyped pieces of crap on the market.

NOD32, eTrust, AVG, Panda, Kaspersky - they all have a VERY well constructed database of trojans AND viruses.

[illukka]

well we could argue about this forever, lets just say that i wouldn't rely on some on the av's you mentioned for trojan protection.. a good anti trojan (with a memory scanner) outperforms ANY antivirus, the possible exceptions are kaspersky and dr web

[Zero]

Which ones? Because, Haha, I'll admit it, I have no life, I have put each and every one of those anti-viruses through extensive virus/trojan tests, 40 trojans/40 viruses.

Each one did 80% or better on detection rate.

NOD32/eTrust got perfect. Their heuristics caught all the "unknown" trojans.

[cnm]

mneale, Your post has been moved to a thread of your own.
http://forums.spywar...wtopic=6555&hl=

[bigjamesgti]

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension, even when binded with other files, the resulting file is always an .exe(pif, com etc). like bundle.jpeg.exe..

For the most part yes, HOWEVER, there are exploits to cover the "hidden" extension though its rarly used in songs, it is possible.

a word of warning here: most anti viruses are vulnerable to binded executables, if you want to live dangerously on the net use a good anti trojan to back up your anti virus..
most antiviruses have a very poor trojan detection anyways

Norton and Mcafee yes, the two most over hyped pieces of crap on the market.

NOD32, eTrust, AVG, Panda, Kaspersky - they all have a VERY well constructed database of trojans AND viruses.

does this mean that AVG is a good anti-virus program ??

Or have I mis-read and it actually means that AVG puts viruses and trojans ONTO your PC ???

[cnm]

AVG is fine.

[illukka]

well i wouldn' call a 40 trojan test trustworthy.. test with 4000 trojans,or better with 14000. preferably different ones.. and exclude the non-malicious stuff from the test, the editservers and clients.. the results might surprise you..

or to make it more difficult and real-world like, pack some samples of each trojan with different packers/crypters.. then execute that trojan on your system and check if your av detects and removes it

[Trilobite]

illukka,
If you are interested in how certain AV software performs in the detection of Trojans, you could take a look at the results of a small test I did. Granted it’s not 4000 trojans, but it’s a start. I should have access to a much larger collection shortly. When I do, I will rerun my tests.

downloading mp3's is pretty safe, trojans /backdoors ALWAYS have an executable extension

Take a look at the test files that I used in the AV test. None of the extensions have been modified and not all of them are executables. Edit: AV test example no longer valid. The format of my tests have changed.

Edited by Trilobite, 02 October 2004 - 01:39 PM.

[shadowl33t]

Who makes All these Trojans.. Does someone know? or is it a untracable hacker that have made it and he can never be tracked..
One more question..
Where have they learned to make trojans?

[bluelight]

How can you tell which is which ?  like if you pick up a random named trojan, how can you  tell if it's a RAT, IRC & etc....


thanks ZERO 

Since reading info on trojans in this post I had a 2 trojans found. would anyone know any info about P2E.A found in C/ windows system 32 egauth.dll and P2E.A C/ windows system 32 p2esocks_1014.dll...what type of trojan is this and what can it do. YOu mentioned RAT and IRC types...does anyone know what type of trojan this is ...thanks

[veensneetz]

all your "what is" available here http://www.linuxsecu...rse-virus.shtml

[lowsparker]

what should I do given that I believe I have a trojan file or two on my computer? Norton was only able to quarantine... should I get nod32?

[auctionhugh]

what should I do given that I believe I have a trojan file or two on my computer?  Norton was only able to quarantine... should I get nod32?

Frankly I think quarantining should be adequate in terms of removal. But if it told you what the virus was it quarantined, go to http://www.sarc.com and search for it. It should have complete removal instructions.

_______________________
Professional Web Design by AuctionHugh's Wife Kathleen
Artistic - Straightforward - EASY for You!
Examples and Pricing at Kallen Web Design

[Paranoid]

Seems to me that the terms virus, worm, trojans describe how they spread rather than what they do.

Conversely terms like spyware, adware, rootkit, backdoor, keylogger, adware, browserhijacker,dialer etc actually describe what they do.

Worms spread automatically without needing human interaction. In the past it was through the network shares, these days it normally via email.

Viruses, like worms once executed have the capability to replicate by themselves. They however rely on a hosts file which is infected.

Trojans can't replicate themselves, they are disguised programs that trick the user into
running them.

Traditionally, most trojans are/were backdoors, keyloggers and rookits, though these days any combo might exist.

Some combo malware like Nimda are both a worm and a virus , while many combo malware these days also open backdoors but spread like worms.

Understanding all these distinctions are important, but almost as important as understanding what your security software covers and what it does not.

For example it would be a very bad mistake to think Adware or Spybot cover rootkits or most backdoors for example.

[Alpha_Blue]

Correct. Even most anti-virus software cannot detect a full run of trojans...detection rates can range from 65 percent at a low to around 88 percent or so based on tests I have read...and those are the best AV's out there...meaning that you need extra anti-trojan software to be extra protected against them.

[chrono_trigger666]

I got a question.

Which software or groups of software do you actually recommend?

many stand alone software designed specifically or one whole security suite software

[cnm]

People, please each post your own NEWTOPIC - in Malware Removal if you want help removing something. In this forum if you have a question about tools.

[franke1]

just curious what is a trojan and what does it do

Actually, malware is the term used to refer virus,worms and trojan.Computer viruses can replicate like biological virus , but, trojan is a malware that performs a malicious actions but can not replicate.It may arise as a harmless file. When a trojan is executed, you can experience unwanted system performances and loosing of valuable data.

Edited by franke1, 25 October 2006 - 09:21 AM.

[MoniK]

I wonder what is better in terms of my PC's protection Norton or AVG? Thanks

[PP3P]

A IRC Bot is a backdoor trojan which the main purpose in most cases is DDoSing a person or a website. It will install itself to your computer and connect to an IRC server and channel and site there waiting for commands from the hacker. It can do such things as a normal trojans but it far more sophisticated DDoSing/pinging wise as you have full control over what it will DDoS, when, how many (packet wise), and how long. They are very bad and can result in you committing a serious crime.

this 'makes sense' of the comment I frequently see on threads with back door trojans where the victim is advised to reformat and reinstall windows as the computer can never ever be fully trusted again; I presume because the invader can control the computer to his /her whim and fancy BUT it would appear to come from the owner and not the hacker , thus creating a criminal out of the owner ; I had not viewed the infection in this light before

[Trblestrife]

I'm using NOD and it's great, as is Kapersky. Not sure about the others, AVG is pretty low-tech.

[Amellia]

Trojans or spyware or malware are terms used for virus infections of your PC. they are many depending upon the harm they do t0o your computer and its data. and there are many ways by which Trojans enter into your PC like through any external device, internet or other.The thing which is important that virus does a lot of harm to your computer and its data. so it gets important to remove these Trojan plugging as soon as possible with the help of a good anti-virus. you an take the help of spywareremovalguide]spyware removal guide for searching the best suitable anti-virus for your system and problem,and enjoy working on computer

EDIT: To disable advertising link...

Edited by Budfred, 27 July 2011 - 05:11 AM.

[Budfred]

Trojans or spyware or malware are terms used for virus infections of your PC. they are many depending upon the harm they do t0o your computer and its data. and there are many ways by which Trojans enter into your PC like through any external device, internet or other.The thing which is important that virus does a lot of harm to your computer and its data. so it gets important to remove these Trojan plugging as soon as possible with the help of a good anti-virus. you an take the help of spywareremovalguide]spyware removal guide for searching the best suitable anti-virus for your system and problem,and enjoy working on computer

EDIT: To disable advertising link...

This definition is incorrect and the person posting it is noted to be a possible SPAMmer... The link was disabled to prevent rewarding this kind of SPAM and to protect the casual observer who might click on the link... Viruses are different from trojans which are different from spyware and so on... They have different names because they are different types of attacks... Anyone who wishes to check out guides for programs for protecting against malware can find many safe options through our forum or by checking well known sites through Google...