Malware, trojans and threats
Most PCs are now connected to the Internet and networks, making easier the spread of malicious software (malware), which includes trojans (also known as trojan horses), viruses, worms, spyware, adware, rootkits and other malicious or unwanted programs.
Like spyware and adware, trojans can get onto your computer in a number of ways, including from a web browser, via e-mail, or in a bundle with other software downloaded from the Internet. You may also inadvertently transfer malware via a USB flash drive or other portable media. It is possible that you could be forced to reformat your USB flash drive or other portable device in order to eliminate the infection and avoid transferring it to other machines. (After all, you don't want to be the one who infected your network at work because you were bringing in some music to listen to, do you?)
Unlike viruses or worms, trojans do not replicate themselves but they can be just as destructive. On the surface, trojans appear benign and harmless, but once the infected code is run, trojans kick in and perform malicious functions to harm the computer system without the user's knowledge.
For example, waterfalls.scr is a waterfall screen saver as originally claimed by the author, but it can be associated with malware and become a trojan to unload hidden programs and allow unauthorized access to the user's PC.
Some typical examples of threats by trojans are as follows:
- Erase, overwrite or corrupt data on a computer
- Help to spread other malware such as viruses (by a dropper trojan)
- Deactivate or interfere with anti-virus and firewall programs
- Allow remote access to your computer (by a remote access trojan)
- Upload and download files without your knowledge
- Gather e-mail addresses and use them for spam
- Log keystrokes to steal information such as passwords and credit card numbers
- Copy fake links to false websites, display porno sites, play sounds/videos, display images
- Slow down, restart or shut down your computer
- Re-install themselves after being disabled
- Disable the task manager
- Disable the control panel
To minimise the threats, most PC users will need an effective anti-malware program to remove trojans along with other malware.
Anti-malware and anti-trojan programs
As more computer security developers are extending their product capabilities to address more than one type of malware, the boundary between different types of anti-malware programs is no longer clear-cut and has become blurred.
For example, an anti-virus program such as AVG Anti-Virus covers not only viruses, but offers protection against spyware, adware and others. An anti-spyware program such as SuperAntiSpyware not only detects spyware, but removes trojans, rootkits and other threats. Likewise an anti-trojan program can offer to remove viruses, spyware and other types of malware.
More appropriately, these security products are to be classified as anti-malware programs rather than to be grouped by the name of the products.
In this respect, anti-malware products which are designed to detect and remove trojans more effectively than the others will be reviewed in this category.
Emsisoft Anti-Malware is a good choice to scan and remove malware, especially trojans, from your PC. It removes the trojans containing backdoors, keyloggers, diallers and other destructive pests that make it dangerous to surf the web.
Other than trojans, it also can be used to recognize and remove spyware, adware, tracking cookies, worms, viruses and rootkits from your PC.
Designed for ease of use, this program combines Emsisoft Anti-Malware and the Bitdefender Anti-Virus engine to cut down on unnecessary double detection routines for one and the same malware. Prior to version 7.0 Ikarus was employed, but this has now been replaced by Bitdefender because of the former's tendency to produce false positives.
Any suspicious file/s can be uploaded to Emsisoft for analysis: www.emsisoft.com/en/support/submit/and also, you may find their forums helpful: support.emsisoft.com/
Features such as quarantine, online updates and heuristic scan for unknown malware are included.
From the Emsisoft website, 'By default Emsisoft Anti-Malware installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode. The freeware mode still allows you to scan and clean infections, but it doesn't provide any real-time protection to guard against new infections'.
In other words, the free version does not provide other features such as file guard, behavior blocker and surf protection.
|
Malwarebytes' Anti-Malware (MBAM) is an on-demand scanner which can be used to find and remove trojans, along with other malware such as viruses, worms, rootkits, diallers and spyware.
While it will never win any prizes for its user interface, the program is intuitive and simple to use.
As there are daily updates, always ensure the software has been updated prior to scanning your PC. For those of a forgetful nature, you can set the program to warn about the database being outdated.
MalwareNET, which is an online database, revealed that nearly 20% of the total objects detected by MBAM were related to trojans.
Other features include: multiple-drive scanning; quick scanning; ignore list; quarantine (to hold threats prior to deletion or restoration) along with various settings to enhance performance of the program. FileASSASSIN is also included to enable deletion of locked files.
Another plus point is that MBAM rarely causes any conflicts with other anti-malware utilities. If you encounter problems that are not covered in the help section you can visit the Malwarebytes forum:forums.malwarebytes.org/ |
SUPERAntiSpyware (SAS) is worth a try as well. In addition to its focus on detecting and removing spyware infections, this program deals with trojans and other types of threats such as diallers, keyloggers, worms, rootkits, etc.
It supports a quick scan, complete system scan or custom scan with trust items and exclude folders. The program also provides an option to check for latest definition updates before scanning to protect you from the newest threats. SAS also has a Trojan Threat List shown here. There are 100 examples of different dll and exe files, all of which should not be allowed to run on your PC. Clicking on any of the items in the list will give you a more detailed description of that particular threat.
Among other features, it includes Hi-Jack Protection which prevents other applications (excluding Task Manager) from terminating the program.
FAQs and help with false positives can be found over at: forums.superantispyware.com/
On the down side, the free version of this program does not support real-time blocking, scheduled scanning and some other features.
|
Comodo Cleaning Essentials (CCE) contains an on-demand scanner and is portable ie it can run from a USB stick, or a CD/DVD and doesn’t install itself on your hard drive. It employs both heuristic and signature-based scanning and can detect trojans, rootkits and other forms of malware.
I prefer to run CCE. exe from a shortcut on my desktop, but whichever method you choose will work fine.
There are 3 scanning modes in CCE:
The GUI is very clean and straightforward and during a scan there is a rotating green dial that appears and resembles a radar screen. In the midst of a scan, any malware that is detected can either be cleaned/quarantined, or reported as a false positive to Comodo, or simply ignored if you are fully confident that it is benign.
There is an excellent online help section that can be launched from within the software and is also available here: http://help.comodo.com/topic-119-1-328-3516-Introduction-to-Comodo-Cleaning-Essentials.html
Anybody requiring further help can also take a look at the forums: http://forums.comodo.com
One thing I should draw your attention to is that my CPU temperature rose from 38⁰C to a peak of 58⁰C when scanning my system. Even though an increase in CPU usage, and therefore temperature, is perfectly normal when running security scanning software, some users might find the aforementioned increases rather alarming; you have been warned!
Under Options you’ll find plenty of choices to tweak CCE. Other features include MBR scanner, Virus scanner, CAMAS - Comodo Automated Malware Analysis System (hence the acronym!) and Settings.
From within the Tools section you can access Quarantined Items, Manage Trusted Vendors (whitelist), Import Virus Database, Browse Logs and Check for Updates (manually).
(Also included in CCE are KillSwitch and Autorun Analyzer and both are beyond the remit of this review: suffice to say that the former is similar to the Task Manager in Windows and the latter shows programs and services which run on start-up.)
*Smart scan took just 1m 24secs and when it reached 100% it stated, Your computer will now be restarted in order to scan for hidden services. For more info on hidden services please click on the following link:http://help.comodo.com/topic-119-1-328-3568-smart-scan.html
In conclusion, CCE has become a welcome addition to my security toolkit and, aside from the aforementioned CPU issues, I recommend folks to at least give it a try. After all, you don’t even need to install the application!
|