After break-in hackers will upload Trojan backdoor; in order to make sure the uploading Trojan will not be found, they will try all sorts of methods to disguise them. As a victim, how should we see through the disguise and clean up Trojan in the system Trojan?
1. File bound detection
It’s always a common means of Trojan disguised attacks to tie Trojans with normal program. Here let us look at how to detect the file bundled Trojans.
You can use “FearlessBoundFileDetector” to clean up the Trojans bound with programs. After the
program run you are required to select a program or file to be detected, and then click the “Process” button in main interface, when analysis is completed and then click "CleanFile" button to clean up the bound Trojans.
2. Detect suspicious DLL backdoors
Compared with Files bound Trojan, DLL insert Trojan is more advanced, which includes features of no process and no open ports, average computer users will hardly be aware of it. Hence procedure of clean-up is relatively complex.
End of the Trojan process
Since this type of Trojans is embedded in other processes, while they themselves won’t generate specific projects in process viewer, so we need to judge whether we system is infected DLL Trojan if the system is found abnormal.
Here we can use IceSword tool, this tool can automatically detect all running programs on the system, right-click on the suspicious process, select "Module Information", and then you can check all DLL modules in the pop-up window. If you find there are items with unknown sources, click on "Uninstall" button to remove it from the process.
3. A thorough Rootkit Detection
No one can check every port, registry, files, services in the system all the time to see if there’s hidden Trojan. At this time we can use some special tools for testing.
For example, RootkitDetector is a Rootkit detection and removal tools, which can detect multiple Rootkit in Windows, which includes the famous hxdef.100.
The method is very simple, directly run program called "rkdetector.exe" at the command line. After the program runs, it will automatically complete a series of hidden items detection, finding out running Rootkit program and service in the system with red reminder, and then trying to clear it up.
For people who want to protect important files on computer, it’s better to carry out methods above to check whether your computer’s been invaded by Trojan; besides, you need to password protect folders on computer to avoid unauthorized access.
Keylogger which is like trojan but not a trojan. If you want to know more about it, please visit this website.
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
No comments:
Post a Comment