Detecting a Trojan that is not detected by antivirus and bypassed your firewall is sometimes not a trivial task. But not impossible - any action leaves traces in the system. The principle of detecting a Trojan is that. I warn you right away - there will be no easy and quick solutions in the article. Sorry that there will be few links to programs - there are a lot of names, you will have to search for them manually. And not all will be useful to you. I will show you how to find the Trojan. But detecting a Trojan does not mean curing it.

How to detect a Trojan? Let's check the open ports.

If there is a trojan, it is most likely needed to send some information to a hacker. Hence, he will need for this special channel , the entrance to which opens one of the system. And this port (most likely) will be one of those that are not used by the system, that is, from the number of reserved ones. Therefore, the task at this stage is simple: carefully examine the open ports and monitor the processes that use these ports and to which addresses the information is sent.

For the operating room Windows systems the team can quickly help you in this process netstat with flag -an(if you use a router to access the Internet, the search principle will be a little defective, but read to the end). Type it right now in the command console:

External address described by type IP address:internet port

However, more detailed information will be provided to you third party programs... I personally use utilities TCPView, CurrPorts and IceSword... This information is not always objective, since the process may linger for the time being, and it is not a fact that the port will open right now, but it is sometimes worth checking.

How to detect a Trojan? Check running processes.

• A utoruns
• KillProcess
• HijackThis
• PrcView
• Winsonar
• HiddenFinder
• Security Task Manager
• Yet Another Process Monitor

In general, often look in different ways.

How to detect a Trojan? Check the registry.

What's the first thing a Trojan will do? It needs to be launched, and in Windows there are several directories and settings for this. And all of them are reflected in the registry settings. Windows automatically executes the instructions defined by these registry keys:

Run RunServices RunOnce RunServicesOnes HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command

Thus, by scanning the keys and registry keys for suspicious entries, you can identify a Trojan infection: it can insert its instructions into these registry keys in order to deploy its activities. And in order to detect a trojan in the registry, there are also many utilities, for example:

• SysAnalyzer
• All-Seeing Eyes
• Tiny watcher
• Registry Shower
• Active Registry Monitor

How to detect a Trojan? It can be in device drivers.

Trojans are often loaded under the auspices of downloading drivers to some devices and use these very devices as a cover. This is the fault of obscure sources of "download drivers" on the net. Doesn't it look like anything? And the system often warns that the digital signature of the driver is missing. And for good reason.

So do not rush to install downloaded from the network and do not believe your eyes - trust only official sources. The network offers the following utilities to monitor drivers:

• DriverView
• Driver detective
• Unknown Device Identifier
• DriverScanner
• Double Driver

How to detect a Trojan? Services and services.

Trojans can launch some Windows system services on their own, allowing a hacker to take control of the machine. To do this, the Trojan assigns itself the name of the service process in order to avoid detection by the anti-virus. A rootkit technique is used to manipulate a registry key, which, unfortunately, has a place to hide:

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services

This means that we will have to stock up on utilities for monitoring running services. It:

• Smart Utility
• Process Hacker
• Netwrix Service Monitor
• Service Manager Plus
• Anvir Task Manager, etc.

How to detect a Trojan? Isn't it in startup?

What do we mean by autoloading? No, my dears, this is not only a list of entries in the folder of the same name - it would be quite simple. First of all, these are the following Windows sections:

• full list Windows services, issued by the console of the same name. console: Execute (WIN + R) – services.msc. I advise you to open, sort by Startup type and carefully examine all launched Automatically service.
• folder with auto-loading drivers: famous C: \ Windows \ System32 \ Drivers(there were times I checked each of the drivers manually)
• anything can happen, so take a look at the file (for Windows XP it is) for extraneous inclusions. The easiest way to do this is to call the System Configuration utility: WIN + R-
• and since you're here, go to the downloadable programs tab. In the Autostart tab, we often look for programs that slow down the system startup. However, you can also find a Trojan there.

msconfig in Windows XP (almost unchanged for other versions)

and here is the Config window for Windows 7

• and now check the folder (make sure that the system is ordered to display C systematic files and folders, and Hidden):

This is not a complete list of branches. If you want to know about programs that run with Windows, you can look at their list in the article ““. Among the utilities that can be used to monitor boot partitions, one can single out:

• Starter
• Security Autorun
• Startup Tracker
• Program Starter
• Autoruns

How to detect a Trojan? Check suspicious folders.

It is common for a Trojan to modify system folders and files. There are several ways to check this:

• FCIV - command utility for calculating MD5 or SHA1 file hashes
• SIGVERIF - Checks the integrity of critical files that have digital signature Microsoft
• TRIPWIRE - scans and reports changes in critical Windows files
• MD5 Checksum Verifier
• SysInspect
• Sentinel
• Verisys
• WinMD5
• FastSum

How to detect a Trojan? Check network activity of applications

There is no point in a trojan if it doesn't launch network activity... To check what kind of information is leaking from the system, it is necessary to use network scanners and packet sniffers to monitor network traffic sending data to suspicious addresses. A good tool here is Capsa Network Analyzer- intuitive engine will present detailed information to check if the Trojan is working on your computer.

Good luck to all of us.

Malware, Trojans and Threats

Most computers are connected to a network (internet, the local network), which simplifies the spread of malicious programs (according to Russian standards, such programs are called "destructive software", but because this concept is not widely used, the review will use the concept " malware"; in English they are called Malware.) These programs include Trojans (also known as Trojans), viruses, worms, spyware, adware, rootkits, and various other types.

Another plus is that MBAM rarely causes any conflicts with other anti-malware utilities.

Free SUPERAntiSpyware Trojan Scanner

... Besides spyware, this program scans and removes other types of threats such as dialers, keyloggers, worms, rootkits, etc.

The program has three types of scanning: fast, full or custom scan of the system. Before scanning, the program offers to check for updates to immediately protect you from the latest threats. SAS has its own blacklist. This is a list of 100 examples of various DLLs and EXEs that shouldn't be on your computer. By clicking on any of the items in the list, you will receive a complete description of the threat.

One of the important features of the program is the presence of Hi-Jack protection, which prevents other applications from shutting down the program (with the exception of Task Manager).

Unfortunately, the free version of this program does not support real-time protection, scheduled scans and a number of other features.

More programs

Other free Trojan scanners not included in the review:

• Rising PC Doctor (no longer available, you may still be able to find older versions on the Internet) is a Trojan and spyware scanner. Offers automatic protection against a number of Trojans. It also offers the following tools: startup management, process manager, service manager, File Shredder (program for deleting files without the possibility of recovering them) and others.
• FreeFixer - will scan your system and help remove Trojans and other malware. But, the user is required to correctly interpret the results of the program. Special care must be taken when deciding to delete important system files, as this could damage your system. However, there are forums on which you can consult if in doubt about the decision (links to forums are on the site).
• Ashampoo Anti-Malware (Unfortunately, it has become a trial. Perhaps, early versions can still be found on the Internet) - initially this product was only commercial. The free version provides real-time protection and also offers various optimization tools.

Quick Pick Guide (Trojan Scanner Download Links)

Emsisoft Anti-Malware

PC Tools ThreatFire

Do you want to get rid of malware (viruses, worms, Trojans, etc.) even if you have not previously installed it? Below is a simple and time-tested instruction that will help anyone who wants to do it on their own, and most importantly, completely free of charge!

So, what do you need in order to
to cure your computer of viruses, worms and Trojans?

1. Access to the Internet. Well, since you are reading this, you have it.))
2. "Clean" computer, if you cannot access the sites listed below on your computer.
   If there is access, we do everything at once on the "infected" computer.
3. A little bit of diligence and patience.
   The treatment procedure will require strict adherence to the instructions and will take some time.

Actually, the very instructions for treating a computer from viruses:

1) Check your computer for malware(viruses, worms, trojans, adware programs, etc.) using or Kaspersky Rescue Disk 10(if Kaspersky Virus Removal Tool does not start or even freezes in extended mode).

Kaspersky Virus Removal Tool 2015 can be run directly from a running Windows in normal or safe mode... This program does not conflict with already installed antivirus, and can be removed after use.

For use Kaspersky Rescue Disk 10 it is required to pre-record the image on a CD or DVD disc, or on a flash drive. The disk is loaded instead of Windows, which makes it possible to detect and neutralize particularly sophisticated malware that can hide its presence from under Windows mode thanks to the use of rootkit technologies.

2) Once / If you have one of the Kaspersky Lab products installed (for example, / /), include in the product the detection of potentially unwanted software .

To do this, go to the main application window - settings - advanced - threat and exclusion settings - check the box “ Detect other programs«.
Start the database update and when it is finished, restart the computer. This will allow obtaining and initiating new virus databases to neutralize adware programs. Run a full virus scan

Malwarebytes
Founded in 2004, Malwarebytes has been helping users remove malware from their computers all this time and keeping the Internet safe. Moreover, your computer remains free of virus protection. The company has created a number of products that will help you keep your computer safe and reliable without slowing down your applications.

Malwarebytes has developed a number of tools that can identify and remove malware from a computer. When a computer is infected, Malwarebytes can provide the necessary assistance to remove the virus and restore the computer to optimal performance.
Founded in 2004, Malwarebytes has been helping users remove malware from their computers all this time and keeping the Internet safe. Moreover, your computer remains free of virus protection. The company has created a number of products that will help you keep your computer safe and reliable without slowing down your applications. The most common products are:

Malwarebytes' Anti-Malware- Have you ever wondered how to make your anti-malware protection more effective? Malwarebytes has made an easy-to-use and effective anti-malware tool.
Whether you know it or not, your computer is always at risk of infection viruses(viruses), worms(worms), trojans(trojans), rootkits(rootkits), dialers(dialers), spyware(spyware) and malware(malware) that are constantly evolving and becoming more difficult to detect and remove. Only the most sophisticated anti-malware software systems and modern methods can detect and remove these malicious programs from your computer.

Malwarebytes' Anti-Malware is considered the next step in detecting and removing malware. There are a number of new technologies in products that are designed to quickly detect, destroy, and prevent malware from working.
Malwarebytes' Anti-Malware can detect and remove malware such that even the most famous anti-virus and anti-mailware applications cannot detect.
Malwarebytes' Anti-Malware monitors each process and stops malicious processes before they have time to start.
The Real-Time Protection Engine uses advanced heuristic scanning technology that monitors your system to keep your system safe. In addition, there is a threat center to keep you updated on the latest malware and threats.

*Activation:

The full version unlocks real-time protection, scheduled scans, and scheduled updates.
For consumers and personal use, the fee is only RUB 800.67.
For corporate clients, no annual license required.

Main characteristics
* Supports Windows 2000, XP, Vista and 7 (32-bit and 64-bit).
* Availability of quick scan mode.
* Ability to scan all drives.
* Protection against malware Malwarebytes' module. (Registration required)
* Daily database update.
* Quarantine for threats with the possibility of recovery.
* Ignore list "for scan and protection modules.
* Settings to improve Malwarebytes' Anti-Malware performance.
* A small list of additional utilities to help remove malware manually.
* Multilingual support.
* Works in conjunction with other anti-malware utilities.
* Support command line to perform a quick scan.
* Integration into context menu to scan files on demand.

Using:

Just download Malwarebytes' Anti-Malware from one of the links below. Double click on the downloaded file to install the application on your computer. After installing the application, double-click on the Malwarebytes' Anti-Malware icon on your desktop to launch the program. Once the app is open, select scan and the app will guide you through the remaining steps.

• Version: 1.46
• File size: 5.86 MB
• Language: Russian, English, Belarusian, Bosnian, Bulgarian, Catalan, Chinese Simplified, Chinese Traditional, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Korean, Latvian, Macedonian, Norwegian, Polish, Portuguese, Romanian, Serbian, Slovak, Slovenian, Spanish, Swedish, Turkish.

StartUpLite StartUpLite- The most common problem in the computer world is the complaints of many users about the slow start of the computer. Everyone wants to know how to speed up the startup process. Of course, there are many solutions to this problem, Malwarebytes has created a secure, lightweight and effective method for eliminate unnecessary applications that start when the computer is turned on - StartUpLite.

StartUpLite is a lightweight and easy-to-use program that allows you to speed up your startup system safely and efficiently. The program allows you to disable or remove unnecessary startup entries from your computer. By using StartUpLite, you can significantly help reduce your download times with just a few clicks.

Using: Just download StartUpLite from the link below and save it to convenient place... Double click on StartUpLite.exe

• Version: 1.07
• File size: 199.70 KB
• Operating system:
• Language: English.

FileASSASSIN - Chances are, you have often come across one or more of the following messages:

1. Unable to delete file: Access denied.
2. Make sure the disk is not full or write protected and that the file is not currently being used.
3. The source or destination file can be used.
4. The file is being used by another program or user.

These are very common messages that appear when trying to delete files, often due to infections malicious code Your applications in the system. Malwarebytes is very familiar with these messages, which is why they created FileASSASSIN.

FileASSASSIN is an application that can remove any type of locked files that are on your computer. Files from malware infections or just a specific file that will not remove Windows - FileASSASSIN remove it.
The program uses advanced programming techniques to unload modules, close remote connections, and complete various processes to delete a protected file. Please use with caution, as deleting important system files may cause system errors.

Using:
Just download FileASSASSIN from the link below. If you chose portable installation, just unzip and run the application, otherwise run the installer. Now FileASSASSIN select the file by dragging and dropping it onto the text area or select it using the program. Next, select a removal method from the list. Finally, select Run and the uninstallation process will begin.

• Version: 1.06
• File size: 163.12 KB
• Operating system: Microsoft® Windows 2000, XP, Vista.
• Language: English, Spanish.

RegASSASSIN- A common problem when a computer is running with malware is that multiple registry keys are created in the system registry. Most of which are very difficult to remove. Malwarebytes has created an application to fix this problem - RegASSASSIN.

RegASSASSIN is a portable application. The program allows you to delete registry keys by resetting the permission keys and then delete it. Please use with caution, as deleting critical registry keys can cause system errors.

Usage: Just download RegASSASSIN from the link below. Once downloaded, double click on RegASSASSIN.exe. Then enter the registry key you want to delete or reset and click the Delete button.

• Version: 1.03
• File size: 63.70 KB
• Operating system: Microsoft® Windows 2000, XP, Vista.
• Language: English only.