System infected with probably backdoor / trojan


Recommended Posts

Symptom: Clipboard containing a likely legal though inappropriate URL; discovered through paste in IM

Actions taken: Local scan with Mcafee - no matches [software was loaded via cd from a trusted system]

Previous circumstances: Previously [likely] infected with an mIRC backdoor; AVG at the time caught it and subsequent scans with housecall.trendmicro.com showed no matches; a reformat of the system was completed though on a different partition with the original data on C:

What proactive actions can be taken to ensure that this does not happen again? The IM pass has been changed and I am still checking for possible damage.

Thanks :ninja:

Link to comment
Share on other sites

A firewall is not proactive, it's reactive. The firewall won't stop you from getting the trojan, but if you pay attention to what's going on line it can alert you to a possible trojan, and stop it from accessing the net, which is good, just not pro active.

Pro active solutions are:

Be damned sure what you're loading on your computer, and remember that a trusted computer is the one computer that can bring yours down. So practice safe habits.

Install a trojan specific program like tds-3, BOclean, or trojan hunter. I own tds-3 and boclean, and prefer boclean as an always on defense, but tds-3 can scan, while boclean cannot. BOclean stays in active memory and will remove any trojan it recognises within 10 seconds, but since it can't scan like you can with tds-3 you can't scan a cd to say it safe or stuff like that. TDS-3 also can protect you always if you egister it, and it will check evry exe at launch to see if it's a trojan. Both are good programs. BOclean is more user friendly and hands off while tds-3 has much more features.

Use an antivirus that has a good record at finding trojans. Most avprograms are generally weak in finding all but the most common trojans, but Mcafee is actually pretty good trojan wise, and I'm assuming that's what you own since that's what you did the local scan with. Another good choice is Kaspersky anti virus.

Run windows as a limited user instead of admin or power user. This will hinder trojans(and worms and virii) from placing themselves into OS protected files and modifying the registry.

That's all for now.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.