#1  
Old 03-25-2008, 03:51 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Exclamation Trojan protection.

1st what are trojans?

Quote:
In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such malware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user .

It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.

In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.


Trojan infections are at the highest now because they're the most popular method used to take over a user's computer,and are responsible for over 75% of compromised machines.

2ndly ..how to protect yourself?

The most obvious place to start is having a router and/or a software firewall that will block outgoing traffic.

Online Armor with it's Program Guard is a very good firewall,my personal choice.
http://www.tallemu.com/

and another is ,Comodo ,probably the 2 best right now.

http://www.personalfirewall.comodo.c..._firewall.html

After installing one of these,check to see how secure you are:

https://www.grc.com/x/ne.dll?bh0bkyd2

Now to the security programs that will protect you :

First and foremost is to use a safer browser than Internet Explorer that has some scripting defenses in place.

Firefox with the Noscript extension is the best place to start.

Along with Opera ,they both have excellent options to stop or warn you of backdoor or dangerous downloads.

With FF ,you still have to be aware of extensions from malware sites and only install from recognized sites like:

https://addons.mozilla.org/en-US/firefox/browse/type:1

Once you get your browser configured properly ,there are a few other applications that will help greatly:

Antivir and Avast are arguably the 2 best free anti-virus,with extra protection.

http://www.free-av.com/
http://www.avira.com/en/support/kbdetails.php?id=95.......Manual updates.

http://www.avast.com/eng/download-avast-home.html

Threatfire [a new program] is a very good program to run in conjunction with your present anti-virus and adds more protection than just having a normal free one running.

Quote:
Threatfire affords far greater protection than BOC...

1- It is a behavior blocker

2- It has a full-range of daily-updated malware signatures (blacklist) to use as a double-check against its behavior blocker findings

3- It has a large & active *community data base* of white/black apps

4- With user-developed advanced rules, it can also serve as (a) a file protector, (b) a registry protector, (c) and outgoing connection monitor

http://www.threatfire.com/g.

Edit:there is also a compatibility problem with Avg [what a surprise]


SuperAntiSpyware will scan for and cleanup most malware.

http://www.superantispyware.com/


Malwarebytes Anti-malware
http://www.malwarebytes.org/mbam.php

All of these run quite well together with no conflicts and should secure your machine,Threatfire may slow some setups,so it's probably best to install this last to see if it does.

But the smartest and most secure way to keep clean is to learn what runs and starts on your computer and to be smart about what you download,what email attachments you open and what sites you visit.

Some programs to check and stop the processes if you know the name,also.

Autorun

Process Explorer



Some test sites:

http://www.windowsecurity.com/trojanscan/

http://www.pcflank.com/art17d.htm

http://www.auditmypc.com/freescan/re...t_scan_fyi.asp

http://security.arnit.net/tplarnit.php?page=tscan

And a trojan simulator......test your defenses.
http://www.misec.net/trojansimulator/


Other sites with info on the malware ''Antivirus 2008'' and it's variants and removal instructions.

http://feeds.feedburner.com/~r/Spywa.../~3/324120249/
http://www.2-spyware.com/remove-antivirus2008.html
http://www.xp-vista.com/
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #2  
Old 03-25-2008, 04:16 PM
ratt's Avatar
ratt ratt is offline
Resident Rodent........
 
Join Date: Feb 2005
Location: Tasmania, Australia
Posts: 1,594
Cool

Cheers for that, mate....must be about the longest post you have ever done........
Reply With Quote
  #3  
Old 03-28-2008, 02:58 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Bump.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #4  
Old 03-29-2008, 01:53 AM
winston3338's Avatar
winston3338 winston3338 is offline
Member
 
Join Date: Jan 2006
Posts: 1,216
Nice, Thanks again Harley
Reply With Quote
  #5  
Old 03-29-2008, 05:17 AM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Thank You Harley, your a life saver, or should I say computer saver.
The guy from Dell told me to get a AntiSpyware, I wasn't sure which ones to get, he had to install my 2 cd & dvd player drivers and the web he got them from added something, boclean warned me about that, I removed it from the Dell folder what ever it was, haven't had any problems since.
Thanks again.
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #6  
Old 04-02-2008, 06:07 AM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Harley

Good Morning Harley
Had a little trouble this morning, (see attachment) keep popping up so I had to uninstall the SuperAntiSpyware software. The detection name was not in that folder so uninstalled the program.
Attached Images
File Type: jpg Real-time Virus Protection.jpg (43.4 KB, 668 views)
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #7  
Old 04-02-2008, 09:25 AM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Exclamation

Quote:
Originally Posted by JohnF
Good Morning Harley
Had a little trouble this morning, (see attachment) keep popping up so I had to uninstall the SuperAntiSpyware software. The detection name was not in that folder so uninstalled the program.
Thats a false positive.

Security programs sometimes detect signatures from others and flag them.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #8  
Old 04-02-2008, 11:00 AM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Thanks Harley
Thought that may have been what it was, but couldn't do anything with that on top of everything, weird took PC-cillin 4 days to warn me.
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #9  
Old 04-02-2008, 12:19 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Quote:
Originally Posted by JohnF
Thanks Harley
Thought that may have been what it was, but couldn't do anything with that on top of everything, weird took PC-cillin 4 days to warn me.
You could check PC-cillin to see if it has an option to exclude programs or files from the scan ,if you want to reinstall SAS again.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #10  
Old 04-02-2008, 03:32 PM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Quote:
Originally Posted by HARLEY
You could check PC-cillin to see if it has an option to exclude programs or files from the scan ,if you want to reinstall SAS again.
I downloaded the install again.
I reinstall the program twice, Couldn't add to exception because its not in the SUPERAntiSpyware folder, Quarantine Management catch it before it was done installing so I couldn't add the SUPERAntiSpyware.exe to the exclude program, tried to clean it and restore it wouldn't let me.

I will try program again when this AV times runs out the end of July.
Thanks a million
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #11  
Old 04-02-2008, 04:15 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Exclamation

Quote:
Originally Posted by JohnF

I will try program again when this AV times runs out the end of July.
Thanks a million

No problem.

If you wanted to take it a step further,you might want to ask SAS support what the problem is.

I'm sure Nick would be interested in why its being flagged.

http://www.superantispyware.com/csrcreateticket.html
Reply With Quote
  #12  
Old 04-03-2008, 05:31 AM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Quote:
Originally Posted by HARLEY
No problem.

If you wanted to take it a step further,you might want to ask SAS support what the problem is.

I'm sure Nick would be interested in why its being flagged.

http://www.superantispyware.com/csrcreateticket.html
Thanks Harley, will let you know what they say.
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #13  
Old 04-03-2008, 11:09 AM
JohnF JohnF is offline
Uber Member
 
Join Date: Aug 2002
Posts: 6,360
Quote:
Originally Posted by JohnF
Thanks Harley, will let you know what they say.
SUPERAntiSpyware.com Replied:
Hello,
There is NO TROJAN - TREND MICRO is incorrectly detecting our software - this is their error, not ours - they said they fixed the problem, you have to update the Trend Micro Definitions and then it won't prevent SUPERAntiSpyware from running/installing.
SUPERAntiSpyware.com Customer Service

Installed OK today.

Thanks again.
__________________
~Dell XP SP3~
JESUS Is LORD
Amos 8:11 Behold, the days come, saith the Lord GOD, that I will send a famine in the land,
not a famine of bread, nor a thirst for water, but of hearing the words of the LORD.
Reply With Quote
  #14  
Old 04-03-2008, 12:05 PM
Crash Override's Avatar
Crash Override Crash Override is offline
Forum Moderator
 
Join Date: Oct 2002
Location: New York's Capital District
Posts: 6,533
Thumbs up

Very useful. Thanks Harley. Admin should make this a sticky.
__________________
Regards,
Crash Override
25+ years as a Computer System Administrator and Technician. (Yeah, I know stuff...LOL)
Da Rules, Learn 'em and Live 'em!
Mike's free security tools
Registry Cleaners are Unnecessary!!!
Reformatting is your last course of action.
System Restore, Don't use it!
Just because it is on Youtube, does not make it true!
Spes mea in Deo est
Reply With Quote
  #15  
Old 04-03-2008, 12:40 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Quote:
Originally Posted by Crash Override
Very useful. Thanks Harley. Admin should make this a sticky.

They just did..cool.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #16  
Old 04-03-2008, 06:53 PM
Lady A Lady A is offline
Epic Member
 
Join Date: Jan 2005
Posts: 1,443
Question

Do these "test" sites only detect Trojans or remove them as well ?
Reply With Quote
  #17  
Old 04-03-2008, 08:26 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
Exclamation

Quote:
Originally Posted by Lady A
Do these "test" sites only detect Trojans or remove them as well ?
No ,they usually recommend what to download and how to clean them,if anything is detected.


Spybot and Sas are probably the 2 best trojan detectors now,that should clean up most trojans.

If there's a stubborn variant,then running through Crockett's thread is probably another option,other than asking for help.
Reply With Quote
  #18  
Old 04-28-2008, 05:17 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
http://feeds.feedburner.com/~r/Esecu...880090/3742751

another article about trojans.
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
  #19  
Old 05-14-2008, 08:10 PM
David G.'s Avatar
David G. David G. is offline
Senior Member
 
Join Date: Sep 2002
Location: Maine, USA
Posts: 540
Harley, My wifes PC just picked up a Trojan, AVG and Spybot stoped it from running. These are the file names: ctfmona.exe, ctfmonb (a bitmap image) and blackster.scr
I am atempting to remove them. I supose it is not recomended to just delete the files, right? I will try removal with Spybot SD. Any pointers?
__________________
Home Built, Raygo Mid-tower, 450 watt PS, Asus Mother Board, 4 GB Memory, AMD Athlon II X4 630, 1.5 TB HD, Windows 7 64 Bit OS, Asus Monitor.
If we didn't have computers, what would we do to waste our time?
Reply With Quote
  #20  
Old 05-14-2008, 08:41 PM
HARLEY's Avatar
HARLEY HARLEY is offline
 
Join Date: Aug 2002
Location: MONTREAL~
Posts: 30,187
You should be able to delete the *bmp and *scr,but you'll probably need to go into safemode to stop the exe.

Dl this startup program and delete ctfmona.exe from the run menus.

http://mlin.net/StartupCPL.shtml

then run this even if you've run Spybot:

http://www.superantispyware.com/

When you get clean,I suggest you run through my original post and install either Threatfire or Boclean and a good antivirus instead of AVG.

Here's a free one for 6 months ,that is excellant.

http://forum.worldstart.com/showthread.php?t=124022
__________________



DVD help

Photofiltre Graphic Editor



Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:29 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc