Home What is a Trojan Horse? How we reviewed anti-trojans About us |
|
|
This useful paper is reproduced in full with the permission of the author. The original version of this article can be found at: http://www.frame4.com/content/pubs/comp_trojans.txtBy Dancho Danchev dancho.danchev@frame4.com
Part Three 15.Anti-Trojan Software -------------------- Here are reviews of the most popular Anti-Trojan packages. The list also includes various applications (freeware) to help you monitor your computer for ongoing Trojan activities. I suggest you visit the site of every product and decide which one best fits to your needs. Check the links section at the end of the paper to see various sites, providing reviews of the software below. -- TDS-3 -- Trojan Defence Suite (TDS) is a indispensable, must-have software package for protection against trojans. It has many unique functions never seen in other Anti-Trojan packages. The program has really advanced features and if you're a newbie, it will probably take some time before you are able to use the software at its full capacity (read the excellent help files). You can get TDS from http://tds.diamondcs.com.au/ -- LockDown2000 -- This is really good Anti-Trojan package that detects a LOT of trojans and other known as "hacking tools" programs. It will help you monitor your system files for changes, processes and registry modification. More info at its home page. You can get LockDown2000 from http://www.lockdown2000.com -- TFAK5 -- Trojans First Aid Kit is a trojan-scanner developed by SnakeByte. It has many other unique features; it could be used as a Client for various public trojans as well. Download TFAK5 from http://www.snake-basket.de/tfak/TFAK5.zip -- Trojan Remover -- Anti-Trojan software detecting 5468 trojans/worms (including variants) as at 15th August 2002. Systems files and registry monitoring functions are also implemented. More info at its home page: http://www.simplysup.com/tremover/details.html -- Pest Patrol -- A tool that scans for trojans as well as programs known as "hacking tools" and spyware. More info at its official page: http://www.safersite.com/ -- Anti-Trojan 5.5 -- Trojans detection package that is able to remove most of the public trojans out there. More info at its official page: http://www.anti-trojan.net -- Tauscan -- Trojan scanner that has unique features and is a must have. It's also able to detect new and never released to the public trojans. More info at its official page: http://www.agnitum.com/products/tauscan/ -- The Cleaner -- Very popular Anti-Trojan software, known by everyone. Check its home page at: http://www.moosoft.com/ -- PC Door Guard -- Trojan detection software, detecting a lot of trojans, and a monitor of files and directories is also included. More info at: http://www.trojanclinic.com/pdg.html -- Trojan Hunter -- Trojan detection package with a lot of functions. It's very handy. More info at http://www.mischel.dhs.org/trojanhunter.jsp -- LogMonitor -- Log Monitor is a file and directory monitoring tool. The program periodically checks a selected file's modification time and executes an external program if file's time was changed or not changed. For directories it handles such events as files change, addition or removal. I recommend this tool as it's vary handy and will help you a lot. Home page: http://logmon.bitrix.ru/logmon/eng/ -- PrcView -- PrcView is a freeware process viewer utility that shows detailed information about running processes. This information includes such details as the create date/time, the version and full path for each DLL used by a selected process, a list of all threads, memory blocks and heaps. PrcView also allows you to kill and attach a debugger to a selected process. PrcView runs on both Windows 95/98 and Windows NT platforms and includes Windows and command-line versions of the program. Get PrcView from http://www.xmlsp.com/pview/prcview.htm -- XNetStat -- GUI based netstat tool for Windows. It will help you monitor you machine for open ports. Download it from: http://packetstormsecurity.org/Win/netstat.zip -- ConSeal PC FIREWALL -- A really good firewall for advanced users using Windows having basic knowledge of TCP/IP and other protocols; this software will help you to secure your PC a lot. It has some major advantages over other Win based firewalls. For the full range of specifications, check its official web page at: http://www.consealfirewall.com/
16.After You Clean Yourself ------------------------ Your machine has been compromised and probably a lot of sensitive data stolen, files have been modified and illegal activities have been preformed on your computer. Here I'll give you recommendations about what to do after you are 100% clean of trojans. - Accounting Data such as ISP passwords, ICQ, mIRC, FTP, web site passwords, e-mail address passwords are definitely known to the attacker. Contact your ISP about changing your dial-up password if you're using such connection. Immediately change your ICQ, mIRC passwords of course if they're still the same. (Often attackers won't change any of your accounting data to fool you everything is OK so there is a big chance you will still be able to recover from the compromise). Change your web based e-mail passwords and do check your information stored there, as password retrieval services for various e-mail providers such as Yahoo and Hotmail use this info combined with a "Secret Question" for password retrieval. Attackers often change the info, the answer to the secret question and many other things that will get them easily back into your mailbox, whether you've changed your pass or not. - If you're taking advantage of the handy Address Book feature in your e-mail service, and have a list full of e-mails of friends, colleagues, etc. there is a real possibility that the attacker has sent them a trojan and possibly infected them too. Mail all of these people and ask them about receiving any files from your mailbox, inform them someone else might know your e-mail password so they'll be able to take appropriate actions like checking their machines for Trojans. Do the same with the people from your ICQ contact list as they might be targeted too. - Check your HDD for abnormal activities like a lot of free space missing etc. Search for warez software and, as I mentioned, kiddie-porn archives. - Think for a while about the sensitive information you had on your machine before the compromise, and if you are absolutely sure the attacker may know it too, then take appropriate action, like informing the any institutions the sensitive data belong to. - Scan your machine with Anti-Virus scanner, as the attacker could have placed some virus or infected macro documents on your machine to do destructive things even there's no access for him/her to your machine. - Monitor your processes BEFORE and AFTER connecting to the Internet, as some trojans start when they detect Internet connection. Don't get fooled again, be very suspicious. Click here for part four of this paper
Advertisements: The Best Backup Software: 18 backup programs reviewed and rated but only one get "Editor's Choice" Inkjet Printer cartridges: The best places to buy cheap inkjet cartridges. We looked at 47 seven sites but could only recommend eleven.
|