Detection - How to find a Trojan
By their very nature trojan horses virus are difficult to find but how to remove trojan is not too hard. Unlike viruses they will not corrupt files or delete things you might notice, they do their best to stay out of sight and avoid detection. That said, they are pieces of software and no software can run on any computer without leaving some trace of its existance. Below I will cover three basic trojan removal tools that will uncover the presence of the majority of trojan horses. None of these costs any money, in fact two of them are already installed on every windows computer!
Netstat
All trojans need to communicate. If they do not do that they are useless for their intended purpose. This is the second major weakness of most trojan horses, their communication leaves a trail you can follow to remove the trojan.
The Netstat command lists all the open connections to and from your PC and are great to remove trojans. To use it, open a DOS box and enter the command netstat -an this will list all the open connections to and from your PC, along with the IP address of the machines on either side. If you see a connection you do not recognise, you need to investigate it further and track down the process that is using it. For this you need the third tool in the armoury, TCPView.
TCPView
TCPView is a free utility by Sysinternals which not only lists the IP addresses communicating with your computer, it tells you what program is using that connection. Armed with this information you can locate whatever program is sending data out of your machine and deal with it. I recommend renaming the offending file then rebooting - that way if you make a mistake you can put it right easily.
0 comments: