A Trojan virus is a piece of software designed to look like a useful file or software program but performs a possibly nefarious function once installed on a client computer. The virus takes its name from the “Trojan Horse” from Greek mythology setup outside of the city of Troy. Trojan horse viruses differ from other computer viruses in that they are not designed to spread themselves. Instead Trojan horse malware is either delivered as the payload of another virus or piece of malware or through manual end-user action by downloading infected files or inserting infected drives into a computer. Once a computer is infected with a Trojan virus, the malware can be designed to steal end-user information, perform destructive harm on the target computer, or even download additional computer malware. Trojan horse viruses comprised more than 80% of all computer malware detected in the world over the past year and the number continues to grow.
What are the Components of a Trojan Virus?
A Trojan virus will normally consist of a server and client component. The client component is the portion of the malware that infects the end-user’s computer. Once established or executed, the virus can be designed to establish a certain level of control over the infected computer. Based on the desired purpose of the malware author, the client Trojan can deliver additional malware components such as a key logger, spyware, or perform destructive features on the computer.
How Do Trojan Horse Viruses Spread?
Trojan viruses can infect client computers in several ways. One of the most prevalent means of infection is through email attachments. The malware developer will either use a broad email list to spam the virus to a large number of people disguised as a potentially useful attachment or even pornography. Once the user opens the file it will then infect their computer. More recently, targeted spam called spear phishing has been used to target high visibility personnel in business and in government. The same technique of spoofing someone they individuals may know or pretending to be a useful email attachment is used, just with a higher profile potential target set. Another common method used to distribute Trojan viruses is via instant messenger programs such as Skype or Yahoo Messenger. Finally, another well-known technique is to send copies of the virus to all contacts listed in the address book(s) found on the computer after infection.
What Type of Damage Can Trojan Viruses Do?
Typically a Trojan virus will be designed to provide some form of remote access to a hacker or criminal on an infected computer. Once the Trojan virus has been installed the hacker will be able to perform tasks on the computer based on the user’s account privilege level. Some of these actions could be: to steal the user’s login and password data, credit card information, or bank account data; using the computer to conduct a denial-of-service attack against another user, company, or organization; installing other software to include additional computer malware; download or upload files on the user’s computer, log keystrokes or take screen captures of sensitive websites; crash the user’s computer; and to web surf in an anonymous fashion. Hackers do not have to directly distribute Trojan viruses; however, as many of the better known malware is designed to infect a computing system and respond to remote commands from hackers who did not originally deploy the malware. The hacker can conduct a scan of computers on a target network and once finding computer’s infected with the desired Trojan virus issue follow-on commands to control the computer.
What Are the Types of Trojan Horse Viruses?
In recent years, Trojan horse viruses have significantly advanced in their complexity, methods of infection and payload. The categories currently used to define the different variants of Trojan viruses include: remote access, password sending, destructive, key loggers, password stealers (or senders), denial of service, proxy, FTP, software detection killers, and Trojan downloaders.
What Does a Remote Access Trojan Virus Do?
A remote access Trojan virus remains the most encountered Trojan in the wild. This virus will give the hacker/attacker full control over the targeted computer equivalent to the user’s permissions. Once access is gained to the computer, the hacker can then access any personal information the user has stored on their computer to include logins, passwords, credit card numbers, financial statements, and other personal information. Many times, this information can then be used to steal the individual’s identity or to apply for credit card/banking information in the person’s name.
How Does a Password Sending Trojan Virus Work?
When a computer is infected by a password sending Trojan virus, the malware will search for all cached passwords and copy those that are entered by the end-user. At preset or scheduled points the Trojan will send the collected information to a preset email or collection of email addresses. These actions are performed without the end-user’s knowledge and the Trojan is particularly dangerous for computers that are not running any type of antivirus software. All types of passwords are vulnerable to this attack to include secure websites, email services, FTP, and instant messaging programs.
How Do Key Logger Trojans Work?
Key loggers are a variant of Trojan virus that is designed to record the keystrokes on an infected computer and then send the log files to a remote server or email account. The more advanced key loggers are capable of searching for login and password data and other pre-programmed personal data in the log files to reduce the overhead of the information sent to the remote hacker. Some key loggers are able to record their information online, where the ones that are designed to send the data via email record information offline. To avoid detection, the offline recording Trojan key loggers will send information or daily or longer intervals based on the configuration set by the malware author.
What Do Destructive Trojan Viruses Do?
A destructive Trojan virus’s primary purpose is to delete or remove files on the targeted computer. They are designed to attack the computer’s core Operating System files but can also be programmed to remove data. The more sophisticated destructive Trojan viruses will be programmed to attack based on a certain date or logic requirement being met. They can be used in blackmail attempts, although this use is not widely reported (yet).
What Is a Denial of Service Attack Trojan Virus?
A denial of service (DoS) attack Trojan virus will be designed to use the infected computer as a bot to attack another web server or computer. Combined with other computers that are infected, the Internet connection for the attacked computer can become too busy to allow regular users to make use of the site. A variation of this Trojan is the Mail Bomb Trojan virus which is designed to infect as many computers as possible while sending potentially malicious emails to all addresses found on the targeted machines.
How Does a Proxy Trojan Work?
A proxy or Wingate Trojan virus is designed to make the infected computer act as a Wingate or proxy server. As a result of the infection, the targeted computer can then be used by other to surf the Internet in an anonymous fashion. This is normally used to conduct other illegal activities such as using stolen credit cards to access pornographic websites, shop online, or purchase other websites or domain names.
What is a FTP Trojan Virus?
A FTP Trojan virus is one of the most basic Trojan viruses in the wild and is one of the most outdated. The primary purpose of the malware is to open port 21 on the infected computer. Once opened, anyone can then connect to the computer using the FTP protocol. For the more advanced versions of this variant of Trojans password protection is enabled so that only the hacker can gain access to the infected machine.
What Are Software Detection Killer Trojans?
A software detection killer Trojan virus is commonly used in conjunction with other computer malware such as scareware. The purpose of this variant of Trojan virus is to disable known antivirus and computer firewall programs. Not only will they disable installed versions of known computer security software, but the Trojan will also preclude installation of new security programs that are well-known. Once they are active, other computer malware can be bundled with the Trojan in order to perform additional malicious tasks.
What is a Trojan Downloader Virus?
A Trojan downloader virus is a fairly recent development over the past several years. This version of Trojan is designed to infect a target computer in a similar manner to other Trojan viruses. The sole job that a Trojan downloader does on the infected computer is to download additional computer malware onto the infected computer. Some Trojan downloaders can also be used to grant remote access to the target machine to a remote server or individual as part of their work.
How to Remove Trojan Viruses
One of the most frustrating tasks a home computer user will have to do is recover from a Trojan virus infection. The following steps are general in nature, but intended to help the average computer user recover from a Trojan and other computer malware infection.
Step 1 – Gain access to a non-infected computer that allows you to save files to a CD-R or memory stick. Then, launch the computer’s web browser and download the RKill process killer application produced by Bleeping Computer and save to the portable drive or place in a temporary folder to burn to CD.
Step 2 – Download the free version of the Malwarebytes antimalware application. If using a portable drive, copy the install file to the drive. One thing to consider is copying two version of each file with the second version being a unique file name such as your first name or something that does not have anything to do with computer security since some Trojan viruses will prevent RKill or Malwarebytes from being installed. If burning a CD, wait to burn the CD until you have renamed the second version of each file
Step 3 – Restart the infected computer in Windows Safe Mode if the computer will allow you to do so.
Step 4 – Copy the files on the memory stick or CD onto the desktop of the infected computer.
Step 5 – Run the RKill application by double clicking either the primary or alternatively named file icon on the computer’s desktop. RKill should stop all known computer malware processes from executing on your infected computer. Note that RKill can take a few minutes to execute.
Step 6 – Once RKill finishes executing, turn off Windows System Restore on your computer. To access the System Restore properties, right click the “My Computer” icon and then select the “Properties” menu option. Select the “Turn Off System Restore” menu choice and choose the default menu prompts to complete the action.
Step 7 – Run the Malwarebytes installation file that you have already copied to the computers desktop. Note that you may need to run the renamed version of this file based on the Trojan virus that has infected the computer. Accept all default menu prompts and then run a complete antivirus scan of your computer’s drives.
Step 8 – After Malwarebytes has completed running, ensure you select the menu options to remove all infected files discovered.
Step 9 – Restart your computer after the infected files are deleted and the Trojan virus will be removed.
Step 10 – After the computer has restarted, turn Windows System Restore back on.
Step 11 – If you were not running a commercial antivirus program prior to the Trojan virus infection, consider purchasing one from Malwarebytes, Avast, AVG, Norton, or McAfee to prevent future infections.
How to Protect Your Computer from Trojan Horse Virus Infection
The best way to defend against Trojan viruses is to take countermeasure to never get your computer infected. To prevent future infections there are a number of prudent measures that you can take to minimize your risk. First, never open unsolicited email attachments contained in received mail. This is one of the most used methods by hackers to infect targeted computers. Next, do not click links that you did not solicit. An increasingly popular method by hackers is to send malicious links out in spam email vice attachments since more users are becoming educated to the threat that email attachments play. If you have not purchased antivirus software and leave it running, you are long overdue. Additionally, ensuring that you run regular updates for your computer’s operating system, installed programs, and leaving the default firewall turned on is another must in today’s threat environment.
Emerging Trends with Trojan Horse Viruses
One of the emerging trends with Trojan viruses is the bundling of Trojans with computer scareware. Scareware is designed as a payload of Trojans or Trojan downloaders. Once installed on the target computer it will disable the computer’s antivirus software (if installed), and then proceed to display fake infection warnings to the user. When the warnings are selected, a fake virus scan will be conducted that then entices the user to pay money to download the commercial version of the scareware. If/when they do, the credit card information is then used for nefarious means, money charged, and additional computer malware is downloaded onto the computer. The number of scareware packages numbers in excess of 15,000 and has seen a greater than 500% increase in the past three years. Some scareware will even go as far as to mimic the look and feel of known computer virus programs. Users must use their best judgment in detecting scareware and be leery of any application that tries to charge you money to do its job!
AVG identified a trojan horse, but when I say to remove it the system warns me that removing could make my system crash. I don’t know if it is safe or not. I thought maybe it says that for every find no matter what it is. How can I decide if I should remove it or not?
Can you get the file name of the said file?
I will see and get back to the post with it. Thanks
“”;”C:\Program Files\SIFXINST\VISTAMHDC4.5.EXE”;”Trojan horse Generic4_c.ALZA”;”Infected”
Hello,
I just found this same problem on my computer “C:\Program Files\SIFXINST\VISTAMHDC4.5.EXE Trojan horse Generic4_c.ALZA Infection”.
Right now my AVG Anti-Virus Program has it stored in the “Virus Vault”. In fact when AVG found it my computer froze during the computer scan.
I found your website while doing a search via Google and read this post.
This is the first time I have ever had any problem with trojan horses, virus’, etc. ad I do not know what to do about it.
Did you by any chance figure out what this is and how to get rid of it.
Thank you for any information you have on this.
Paula
email me this info please!
mendez2619@sbcglobal.net
emails per your request
Hello,
I just found this same problem on my computer “C:\Program Files\SIFXINST\VISTAMHDC4.5.EXE Trojan horse Generic4_c.ALZA Infection”.
Right now my AVG Anti-Virus Program has it stored in the “Virus Vault”. In fact when AVG found it my computer froze during the computer scan.
I found your website while doing a search via Google and read this post.
This is the first time I have ever had any problem with trojan horses, virus’, etc. ad I do not know what to do about it.
Did you by any chance figure out what this is and how to get rid of it.
Thank you for any information you have on this.
Paula
Has anyone found out how to remove this trogan without damaging your computer? If so please email me back.
Thanks
kbirkholz69@gmail.com
Hi, I have a Trojan Horse Hider.mpr (vddqduhj)
and have no idea how to get rid of it. It’s making my laptop incredibly slow, and won’t let me run msn. When I try to move it to the virus vault (avg), it says the file is inaccessible. Any help in getting rid of it would be really appreciated :/
Ok, make sure your AVG’s database or it is at its latest version. Try to scan again, and if the AVG can’t remove it, just let me know
Help please. My AVG detected this
File Name c:/windows/assembly/GAC_MSIL/Desktop.ini
Threat Name Trojan Horse BackDoor.Generic14.AVBQ
Since then every time I use any search engine, I am redirected to
another site. The address raresearchsystem.com is something I commonly see at the bottom.
Also since then. AVG has acted goofy. It is detecting components of AVG as viruses and even my photoshopelementsfileagent as a threat when it has been on my computer for a long time. This all started when the mentioned trojan was detected and when I chose to place the trojan into the AVG vault.
In desperation, I purchased the AVG 2012 and now it won’t install. My current one won’t install either. I tried removing all old components and nothing works…
This may be coming late but it may help someone else.
Trojan Horse BackDoor.Generic14.AVBQ does more than redirect. Check your internet connection. You’ll probably find that the Status indicates you are uploading megabytes of info. Ie. Someone is stealing your critical data eg. banking info.
I found I couldn’t erase c:/windows/assembly/GAC_MSIL/Desktop.ini (even though I could replace other infected files) and leaving it on appeared to result in the re-infection of the other replaced files.
Try this: Download tdsskiller from Kapersky. Run it. It found redbook.sys and sptd.sys to be infected and took care of them.
I then found that I could erase GAC_MSIL/Desktop.ini. And using a spare XP drive as my master, copied good files over the infected files.
AVG10 (AVG 2011) was used to detect the infected files but it itself showed infection. So I erased it and downloaded AVG 2012. Note: That I had to kill the infection before I could download AVG 2012 because it’s 60 MB in size and the virus while active takes uploading-downloading precedence.
Hi I ran a scan on my computer because it was hanging alot and certain things wouldn’t load. I have Clamwin and it detected trojan Horses in my java Web Start and 2 other areas. How do I remove these? I have been looking it up, I haven’t found anything useful. If you can help I thank you..
Hello to everyone, some days before i did a computer scan with my antivirus and a Trojan Horse Virus was founded. I hope to delete it but now when i download some praograms and i try to install them or to run them, it appeared an error:
ERROR
? s??ta??t?? ???μat?? a??e???,t?? ???μat?? ?ata????? ? t?? et???ta??
t??t?μ??e??a? esfa?μ???.
What’s going on here? Is that problem of virus or something else?
… a Trojan Virus?… Now, there are Trojan Horses and there are viruses, but there’s no such thing as a Trojan Horse virus. In fact, the very definition of each precludes any chance of there being such a thing. A Trojan does not replicate. Viruses do. That fact alone means there can never be a “Trojan Horse virus” or “Trojan Virus”. I am seeing people more and more calling a Virus a Trojan Virus.
this is what we call being too picky… what most everyone is trying to say is that some inconvenient program is on their computer. vernacular (especially if you are familiar with the issue’s properties) becomes nothing more than a trivial label when the proverbial crap hits the fan.
I have just had a warning on my anti virus about Trojan Horse Hider.OLM I cant find any information and when the HEAL option is initiated it states that it has been interrupted by user…………. Any ideas?
Hi! I have the same problem as Suzee :/ I’m using free AVG Anti-Virus. I can’t do anything with that Trojan Horse Hider.OLM. Could you please help me to remove the bastard from my comp?
looked at trying to remove the same Trojan Horse which was picked up by AVG ,can someone stear me/us in the right direction ?
any info on this trojan? Trojan:JS/Iframe.Z
i seem to have gotten rid of it by starting windows in safe mode,then running two separate antivirus programs,but im still leery. is it really gone,or is it just fooling my firewall?
It’s most likely gone if you have used to 2 AVs already to get rid of it. But hey, make sure to check for symptoms.
seems to be working fine so far…no lag,warnings,or popups. anything specific i should watch for?
hiya,
i dont want it taking my passwords and etc. since the day i found out i had the virus i was already logged into 3 different things. and i logged into facebook 3 minutes later[being unaware that i had the trojan virus] because i did not click on the notification box thingy when it first detected it because i did not know it detected a virus. so please please please please help me!
um well my computer recently got infected with a ‘backdoor trojan’.
I believe my computer got infected when i inserted my friend’s z-drive into my computer. I have a Norton Security thingy on my computer and it said that backdoor trojan was detected in my computer and right underneath it said to click a link that took me to a norton site and it said to download this thing that is suppose to find and kill this virus. However, after i downloaded it and ran it, it said that no trojan backdoor was to be found. I then did a full system scan with my norton security thingy and the only thing it found and removed were tracking cookies and some cloud thing. I then looked at the virus records and it said that it encountered trojan horse and backdoor trojan several times over the course of 4 months. Now im stuck trying to figure how this virus even got to my comp, after being frustrated that two of my securtiy systems arent detecting it, i downloaded another trojan killer[stopzilla]. After downloading it, it said it would run after restarting my computer. After i clicked restart my computer, the computer restarted halfway. It froze. So, i turned it off and turned it back on and it said that there was an error and it was most likely due to a new download. so then i click start windows normally and log in. I then wanted to see if this trojan horse is even in my computer since two of my security thingies didnt pick it up after i did two full system scans; so i clicked msn once and two internet windows opened. One window took me to my home page and the other was some ad that had a letter of the alphabet [C] with a picture of a car and the definition. I exited out of the ad one. I then went to google to see if the trojen horse is really still there and it redirected me to another ad site. finally after the 3rd try it took me to google. i searched something and clicked the link and it took me to the site i clicked on for a second or two and then on the url it said hop1, than it said hop2 and than, i find myself on ANOTHER AD SITE! i want this virus gone
My AVG 2012 has detected trojanhorsehider.ovf. I have looked online and not found anything about this. My AVG has not put in virus vault says it is whitelisted and should not be removed. Also I already had Malware installed on my laptop under a different name and ran that and it is not detecting it. Any suggestions? Please help!