Computer Science Abstract
on the topic: "Trojan virus"
Completed: Pupil 9 "A" class
School number 50
Ryzhkov Maxim
Trojan horses, hidden administration utilities, intended viruses, virus constructors and polymorphic generators.
The history of the name "Trojan horse".
In the XII century BC. Greece declared war on Troy. The Greeks started a 10-year war against this city, but they could not take it. Then they went for a trick. On the advice of Odysseus, a huge wooden horse was built. Several heroes hid inside this horse, and the Achaean army, having embarked on ships, sailed to the island of Tendos. The Trojans decided that the siege had been lifted and, believing the words of the spy Sinon that the horse was left by the Achaeans in order to appease the goddess Athena, and possession of it would make Troy impregnable, they transferred it to the city, destroying part of the fortress wall. In vain did the priest Laocoon persuade the Trojans that this should not be done. At night, the Achaean warriors emerged from the horse's belly and opened the city gates to the army returning under cover of darkness. Troy was taken and destroyed.
That is why such programs are called "Trojan horses" - they run invisibly to the PC user, hiding behind the actions of other applications.
What is a Trojan Horse?
A Trojan horse is a program that provides unauthorized access to a computer to perform any action at the destination without warning the owner of the computer, or sends collected information to a specific address. At the same time, she, as a rule, pretends to be something peaceful and extremely useful. Some Trojans limit themselves to sending your passwords by mail to their creator or to the person who configured this program (e-mail trojan). However, the most dangerous programs for Internet users are programs that allow them to gain remote access to their machine from the outside (BackDoor). Very often, Trojans get onto a computer along with useful programs or popular utilities, masquerading as them.
The peculiarity of these programs, forcing them to classify them as harmful, is the absence of a warning about their installation and launch. When launched, the Trojan installs itself into the system and then monitors it, while the user does not receive any messages about his actions. Moreover, the link to the Trojan may be missing from the list of active applications or merge with them. As a result, the computer user may not be aware of his presence in the system, while the computer is open for remote control. Quite often, the term "Trojan" refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are aimed at obtaining confidential information and accessing certain computer resources.
There are various ways the Trojan can enter your system. Most often this happens when launching some useful program in which the Trojan's server is embedded. At the moment of the first launch, the server copies itself to some directory, registers itself for launch in the system registry, and even if the carrier program never starts again, your system is already infected with a Trojan. You can infect the machine yourself by running the infected program. This usually happens if programs are downloaded not from official servers, but from personal pages. Unauthorized people can also introduce the Trojan if they have access to your machine, simply by running it from a floppy disk.
Types of Trojans
At the moment, the most widespread types of Trojans are:
1. Utilities for hidden (remote) administration (BackDoor).
Trojan horses of this class are inherently quite powerful utilities for remote administration of computers on a network. In terms of their functionality, they are largely reminiscent of various administration systems developed by well-known companies - manufacturers of software products.
The only feature of these programs makes them classify as harmful Trojans: the absence of a warning about installation and launch.
When launched, the Trojan installs itself on the system and then monitors it, while the user does not receive any messages about the Trojan's actions in the system. Moreover, the link to the Trojan may be missing from the list of active applications. As a result, the "user" of this Trojan program may not be aware of its presence in the system, while his computer is open for remote control.
Modern utilities of hidden administration (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (the executor) and the client (the server's governing body).
A server is an executable file that is injected into your machine in a certain way, loaded into memory at the same time as Windows starts, and executes commands received from a remote client. The server is sent to the victim, and then all work is done through the client on the hacker's computer, i.e. commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After launching the server side of the Trojan, a specific port is reserved on the user's computer, which is responsible for communication with the Internet.
After these actions, the attacker launches the client part of the program, connects to this computer via an open online port, and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, you can control the remote computer almost like your own: reboot, turn off, open the CD-ROM, delete, write, change files, display messages, etc. On some Trojans, you can change the open port during operation and even set an access password for the "owner" of the Trojan. There are also Trojans that allow a "rogue" machine to be used as a proxy server (HTTP or Socks protocols) to hide the hacker's real IP address.
The archive of such a Trojan usually contains the following 5 files: a client, an editor for the server (configurator), a trojan server, a file packer (glue), documentation files. It has a lot of functions, among which the following can be distinguished:
1) collection of information about the operating system;
2) definition of cached and dial-up passwords, as well as passwords of popular dialers;
3) finding new passwords and sending other information to e-mail;
4) downloading and launching files at the specified path;
5) closing windows of known antiviruses and firewalls upon detection;
6) performing standard operations for working with files: viewing, copying, deleting, modifying, downloading, uploading, launching and playing;
7) automatic removal of the Trojan server from the system after a specified number of days;
8) managing CD-ROM, enabling / disabling the Ctrl + Alt + Del key combination, viewing and changing the contents of the clipboard, hiding and showing the taskbar, tray, clock, desktop and windows;
9) establishing a chat with the victim, incl. for all users connected to this server;
10) displaying all pressed buttons on the client's screen, i.e. there are keylogger functions;
11) taking screenshots of different quality and size, viewing a specific area of the screen of a remote computer, changing the current resolution of the monitor.
Covert administration Trojans are still the most popular. Everyone wants to become the owner of such a Trojan, because it can provide exceptional opportunities to control and perform various actions on a remote computer, which can scare most users and bring a lot of fun to the owner of the Trojan. Many people use Trojans to simply mock someone, look like a "super hacker" in the eyes of others, and also to obtain confidential information.
2. Postal (e-mail trojan).
Trojans that allow you to "extract" passwords and other information from files on your computer and send them by e-mail to the owner. These can be provider logins and Internet passwords, mailbox password, ICQ and IRC passwords, etc.
To send a letter to the owner by mail, the Trojan contacts the site's mail server using the SMTP protocol (for example, at smtp.mail.ru). After collecting the necessary data, the Trojan will check if the data was sent. If not, the data is sent and stored in the register. If they have already been sent, then the previous letter is extracted from the register, and it is compared with the current one. If there have been any changes in the information (new data has appeared), then the letter is sent, and fresh data on passwords is recorded in the register. In a word, this type of Trojan is simply collecting information, and the victim may not even know that his passwords are already known to someone.
The archive of such a Trojan usually contains 4 files: a server editor (configurator), a trojan server, a file packer (glue), a manual for use.
As a result of the work, the following data can be determined:
1) the IP address of the victim's computer;
2) detailed information about the system (computer and user name, Windows version, modem, etc.);
3) all cached passwords;
4) all settings for telephone connections including telephone numbers, logins and passwords;
5) passwords from ICQ;
6) N last visited sites.
3. Keyboard (Keylog-gers).
These Trojans write everything that was typed on the keyboard (including passwords) into a file, which is subsequently sent to a specific e-mail or viewed through FTP (File Transfer Protocol). Keyloggers usually take up little space and can disguise themselves as other useful programs, which makes them difficult to detect. Another reason for the difficulty of detecting such a Trojan is that its files are called system files. Some Trojans of this type can extract and decrypt passwords found in special fields for entering passwords.
Instructions
Today it is customary to call a Trojan horse a malicious one that penetrates a computer disguising itself as harmless and even useful programs. The user of such a program does not even suspect that its code contains hostile functions. When the program is launched, it is introduced into the computer system and begins to create in it all those outrages for which it was created by the attackers. The consequences of a Trojan infection can be very different - from annoying, but completely harmless freezes, to transferring your data to fraudsters and causing you serious material damage. The Trojan's difference lies in the fact that the Trojan is not capable of self-copying, which means that each of them was introduced into the system by the user himself. Antiviruses can track Trojan horses, but special programs do a much better job.
Moreover, almost all anti-virus vendors offer free utilities for catching Trojans on their websites. Eset NOD, Dr. Web, Kaspersky - any of these vendors can offer the freshest version of the program that can catch your uninvited guests. At the same time, it is very important to use fresh ones, because the army of Trojans is replenished every day with new, more cunning representatives, and the day before yesterday the program may simply not recognize them. Sometimes it makes sense to have several programs and run the system through them. In addition to utilities produced by antivirus companies, you can also find anti-trojans from less well-known manufacturers on the Internet, but they are no less effective in searching. For example AntiSpyWare, Ad-Aware, SpyBot and many others. If independent attempts to cure the computer do not bring the desired result, then it is better to refer the computer to a specialist who can take more serious measures.
But, as you know, the best treatment is prevention. As mentioned above, Trojans do not materialize out of nowhere; users download them to their computers themselves. This can happen when downloading unknown files, clicking on dubious links, opening files with unknown content. Cracked programs are especially dangerous in terms of potential infection. The core of such a program will turn out to be 99% infected with a Trojan virus, alas, there is no free cheese. Therefore, vigilance and caution - these two qualities will be more reliable than any antivirus. And antivirus, with new databases, regular special programs will close the last hole through which a Trojan horse could sneak up to you.
Sources:
- Trojan virus how to remove
Among the malicious programs of the modern virtual world, Trojans viruses are among the most common. And although they do not directly harm the computer, they can bring a lot of problems. After all, they are designed to open access to the computer for the author of such a virus, which can have different purposes, from stealing personal information to using your computer for their own tasks. At the same time, antivirus programs often fail to detect Trojans. viruses.
You will need
- Computer, SUPERAntiSpyware Trojan and Spyware Removal Utility, Internet Access, Basic Computer Skills
Instructions
Run the program. Select "Scan You Computer" to start scanning. Select the type to be produced. Quick Scan is a quick scan, only system scan is scanned. Complete Scan - in-depth scanning with verification of all information on the selected disks, takes quite a long time.
After the scan is completed, click the "Next" button, and all detected Trojans and spyware will be removed. After completing all the described operations, you must reboot. It is advisable to check it regularly. Before starting it, update the anti-virus databases of the utility.
Related Videos
Sources:
- SUPERAntiSpyware in 2019
- remove trojan virus in 2019
Trojan virus Is a malicious program distributed by hackers to perform spyware actions, for example, stealing documents, blocking access, penetrating your personal computer.
You will need
- - antivirus;
Instructions
Ovs that spread on their own. Install anti virus new software to your personal computer. Be sure to use the licensed version so that you can receive updates from the manufacturer's website.
virus ov, if it contains a Trojan horse, it will also be detected. This malware can have different names, for example, Adware Sheriff, Alpha Cleaner, AntiVirGear, Back Orifice, Brave Sentry, NetBus, Pest Trap, Pinch, Prorat, SpyAxe, SpyShredder, SpyTrooper, SpywareNo, SpywareQuake, Trojan.Genome.BUY Trojan.Winlock, Vanda, Zlob, CyberGate, Wishmaster.
After anti virus has detected a Trojan horse, click the Disinfect All button.
A sign that this malicious program has appeared on your personal account is the fact that the contents of folders disappear or are replaced with extraneous files. Check this folder anti virus ohm. If virus and the folder does not contain important files, it is recommended to delete or quarantine it.
For removing virus Use System Restore. Go to "Start" - "All Programs" - "Standard Programs" - "System Tools" and select "System Restore." Specify a rollback point and click OK. After this operation virus will be deleted.
Trojans can cause both moral and financial damage to the computer user. Antivirus programs and firewalls block the main stream of malicious software, but new versions of Trojans appear every day. Sometimes a PC user finds himself in a situation where the antivirus does not see the malicious code, then he has to deal with the malicious program on his own.
Instructions
One of the most unpleasant types of Trojans is backdoors, which allow a hacker to remotely control an infected computer. True to its name, backdoor opens a loophole for an attacker through which any action can be performed on a remote computer.
The backdoor consists of two parts: the client, installed on the hacker's computer, and the server, located on the infected computer. The server side is always waiting for a connection, "hanging" on some port. It is on this basis - the occupied port - that it can be tracked, after which it will be much easier to remove the Trojan horse.
Open Command Prompt: "Start - All Programs - Accessories - Command Prompt". Enter the command netstat –aon and press Enter. You will see a list of your computer's connections. Current connections will be indicated in the Status column as ESTABLISHED, pending connections are marked with the LISTENING line. The backdoor waiting to be connected is in the listening state.
In the first column, you will see the local addresses and ports used by the programs making the network connections. If you see programs in your list in a pending connection state, this does not mean that your computer is certainly infected. For example, ports 135 and 445 are used by Windows services.
In the very last column (PID), you will see the process ID numbers. They will help you find out which program is using the port you are interested in. Type tasklist in the same command line window. You will see a list of processes with their names and identifier numbers. By looking at the identifier in the list of network connections, you can use the second list to determine which program it belongs to.
There are times when the process name doesn't tell you anything. Then use the program Everest (Aida64): install it, run it and see the list of processes. Everest makes it easy to find the path where the executable file is located. If you are unfamiliar with the program that starts the process, delete the executable file and close its process. During the next boot of the computer, a warning window may appear stating that such and such a file cannot be started, and its autorun key will be indicated in the registry. Using this information, delete the key using the registry editor ("Start - Run", the regedit command).
If the process under investigation really belongs to the backdoor, in the "External address" column you can see the ip of the computer that connected to you. But this will most likely be the address of the proxy server, so you are unlikely to be able to figure out the hacker.
Sources:
- backdoors virus
Trojan virus or a Trojan horse is malicious software that is designed to disrupt your business, lock your PC, and steal files from your system.
You will need
- - antivirus;
- - LiveCD;
Instructions
In order to deal with the Trojan virus ohm, install anti virus new software. Enter the license key to be able to activate your anti virus on the manufacturer's website. Download and install the updated databases. Reboot your operating system for all changes and updates to take effect.
Run anti virus on your personal. Left-click on the shortcut. In the dialog box that appears, click on the link "Check for availability virus ov ". Select the virtual hard disk partition that you want to check. Check the box next to Deep Check. This procedure may take about 60 minutes (depending on the amount of files stored on the disk). After anti virus found "" on your computer, click the "Disinfect All" button.
There is a modification of the Trojan virus a, which is called “Trojan.Winlock”. This kind virus but blocks your PC. A banner appears on the desktop. Hackers to virus deactivated, require sending a paid SMS message.
Download the LiveCD program ( http://download.geo.drweb.com/pub/drweb/livecd/drweb-livecd-600.iso) from an uninfected computer. Burn it to a blank disc. Insert this disc into the CD or DVD-ROM of the infected PC. Restart the Windows operating system. The program will start automatically, it will find malicious files and eliminate them.
You can also delete virus using operating system recovery. Press the Ctrl + Alt + Delete hotkey combination and the Task Manager dialog box will open. Click the drop-down list "File". Then, with the left mouse button, click "New task (Run ...)". Enter the command cmd.exe and press the “Enter” key. The command line will be launched. Specify the following task:% systemroot% system32
estore
strui.exe. The "System Restore" option will start. Specify a rollback point and click Next. After the completion of the operation virus will be deleted from your personal computer.
Related Videos
This Trojan horse is designed to perform spyware actions on your personal computer and interfere with the proper functioning of your PC. Distributed personally by hackers.
You will need
- - anti-virus software;
Instructions
The Trojan horse is spread personally by hackers, unlike others viruses which are distributed independently. Install anti-virus software on your personal computer. Be sure to use the licensed version so that you can receive updates from the manufacturer's website.
Check your computer for viruses if it contains a Trojan horse, it will also be detected. This malware can have different names, for example, Adware Sheriff, Alpha Cleaner, AntiVirGear, Back Orifice, Brave Sentry, NetBus, Pest Trap, Pinch, Prorat, SpyAxe, SpyShredder, SpyTrooper, SpywareNo, SpywareQuake, Trojan.Genome.BUY Trojan.Winlock, Vanda, Zlob, CyberGate, Wishmaster.
After the antivirus detects the Trojan horse, click the Disinfect All button.
A sign that this malicious program has appeared on your personal account is the fact that the contents of folders disappear or are replaced with extraneous files. Check this folder with an antivirus. If no virus was found and the folder does not contain important files, it is recommended to delete it or move it to quarantine.
The Winlock Trojan must be removed manually, as it locks the desktop of the personal computer. Download LiveCD software ( http://www.freedrweb.com/livecd). This program is free. Burn it to a blank disc and insert it into the drive of the infected computer. Reboot your system. The search will begin for the Trojan horse and remove it.
Update your antivirus. Remember that for any security program to work properly, you need to constantly update its database in order for it to provide decent resistance to all malware. Trojan latest version? The question is not tricky and has a fairly simple solution. Update the databases of your Kaspersky Anti-Virus on the official website of its manufacturer. This is a simple operation that will not take long. Updating occurs in the mode or when working with a ready-made database file. Next, run the antivirus, select "Scan". Next, check the box for those local drives that you want to check for malware. Click Scan. This process will take some time. Its duration directly depends on the "clutter" of the disc. During the scanning process, information about the detected and neutralized viruses will pop up. At the end of the process, you will see a window with a full report.
A Trojan virus or simply a "Trojan" is correctly called a Trojan program. A Trojan horse is a type of malicious software designed to degrade the performance of a computer to the point of complete failure. Sometimes Trojans are also called Trojan horses. The name "Trojan" is associated with ancient warriors who previously lived in the country of ancient Troy and have been extinct for three centuries. However, the inhabitants themselves were called Teukras. They could quickly and powerfully strike the enemy with their swords. Many have heard the name "Trojan horse". If you believe the legends, this is not a living horse under the command of the Tevkras, but a specially built huge horse during the time of the great Trojan war.
The very name of the Trojan virus comes from this very Trojan horse - their methods of attack are almost identical. Legends say that it was because of the Trojan horse that Troy fell. As mentioned above, the Trojan horse uses the same goals - first it penetrates the computer and then tries to disable it, legally transfer information to another person, disrupting the computer's performance, or using computer resources for bad purposes.
What Trojans are there?
There are many names. Trojan. Malware, Trojan. Winlock, Pinch, TDL - 4. As a matter of fact, Trojans are not viruses themselves, but their family, which already includes the viruses themselves. But TDL - 4 is already a program.
The goal of TDL - 4 is to destroy a computer, after which another user can use the Internet to control the infected computer. The similarity of actions resembles the Team Viewer program, but unlike TDL - 4, this program is completely legal and the user can see on the monitor what another user is doing at the moment. In addition, the connection can be interrupted if necessary.
Pinch is a very, very dangerous virus. It operates in three stages. First, he gets to the computer and downloads the files he needs to work. The virus size does not exceed 25 KB. Further, Pinch collects absolutely all information about the user's computer - where the files are stored, what the user's video card, sound card and processor have. It also collects information about installed browsers, antiviruses, a list of installed programs and data about the user's FTP client. All this happens imperceptibly. After collecting information, Pinch itself is packed into the archive and attached to it at the first letter. During the transmission of the letter, Pinch separates, heading for the hacker's computer. After that, the hacker can decrypt the information by means of the Parser program and further use this information for his own purposes.
In addition to Trojans and worms, there are several other classifications of malicious software (software), for example, rootkits (Root-kit). Their goal is to seize administrator rights on the user's computer and then use them for their own purposes.
How to get rid of Trojans?
In the same way as for all viruses - scan your computer for viruses. However, not every antivirus can see absolutely all viruses. Sometimes, in order for the antivirus not to find the "antivirus", it is enough just to change its name and standard location on the hard drive. Therefore, smart developers have come up with antiviruses specially designed for a particular type of virus. Antiviruses can detect and deal with many worms on the computer, but are completely useless against rootkits and vice versa.
The leading fighters against Trojans and other malicious programs are: Kaspersky Anti-Virus, Dr.Web, Eset (Nod32). Paid versions of which can be purchased.
One of the biggest troubles for an Internet user is a Trojan horse, a virus that is spread on the network by cybercriminals. And although anti-virus software developers are constantly modifying their programs to make them more reliable, the problem still remains, because hackers also do not sit still.
After reading this article, you will learn how to protect your computer from the penetration of a "Trojan", as well as learn how to remove this virus if it did end up on your device.
What is a Trojan Horse?
The name of this virus is borrowed from the legend, which says that the Greeks made a wooden horse, inside which the wars were hidden.
Then this structure was delivered to the gates of Troy (hence the name), allegedly as a sign of reconciliation. At night, Greek soldiers opened the gates of the enemy city and inflicted a crushing defeat on the enemy.
A computer virus works in a similar way. A Trojan horse is often disguised as an ordinary program by cybercriminals, which, when downloaded, penetrates your computer with malware.
This virus differs from others in that it does not multiply spontaneously, but gets to you as a result of a hacker attack. In most cases, you, unknowingly, download a Trojan to your device.
A Trojan Horse is a virus that can cause a lot of trouble for the user. Read on to learn about the consequences.
Signs of infection
If your computer was attacked by a Trojan, you can find out about it by the following changes in the computer:
- First, the device will start to reboot without your command.
- Secondly, when a Trojan horse penetrates a computer, the performance of the device is significantly reduced.
- Thirdly, spam is sent from your email inbox.
- Fourth, unknown windows open with pornography or advertisements for a product.
- Fifth, the operating system does not start, and if the download is still successful, a window appears with a request to transfer money to the specified account to unlock the system.
In addition to all of the above problems, there is one more - the loss of money from an electronic wallet or confidential information. If you notice that this has happened to you, then after removing the Trojan you need to immediately change all passwords.
Trojan horse (virus). How do I remove it from my computer?
Of course, the penetration of a "Trojan horse" can cause significant harm to the user (for example, financially), but since this is a fairly common type of virus, you can get rid of it using any popular antivirus (Kaspersky, Avast, Avira etc.).
If you suspect that your computer has been attacked by a Trojan, boot the device into Safe Mode and scan the system with an antivirus program. Quarantine detected malware or delete it immediately. After that, open the "Programs and Features" section and get rid of suspicious applications that you did not install.
Sometimes a Trojan horse also blocks an antivirus program. This virus is constantly being modernized, so there are such situations. In this case, you can use one of the special utilities, for example SuperAntiSpyware or Spyware Terminator. In general, find the program that suits you, and then use it to remove the Trojan.
Conclusion
So now you know what a Trojan horse is. The virus, which was discussed in this article, you can remove yourself if it gets to your computer.
Of course, it is better that such a nuisance does not happen to you, but for this you need to install a good antivirus program, regularly update its database, carefully monitor the program's warnings, and also not visit or download anything from suspicious resources.
Before unpacking any downloaded archive, be sure to check it with an antivirus. Also check your flash drives - they should not have hidden files. Remember: a Trojan can cause a lot of problems, so take all measures to identify it responsibly.
