--> trojans, keyloggers & firewalls <--

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DiM3y, Sep 22, 2005.

  1. DiM3y

    DiM3y Private E-2

    Hey you all,
    I am posting this thread because I didn't find proper answers over the Internet. I have been searching all across the web to learn more about trojans. I am fed up of reading the same crap all the time : The trojan horse is named after the city of Troy in ancient Greece bla bla. A trojan horse gives total control of your computer to a hacker bla bla. Unlike worms and viruses, the trojan doesn't replicate itself bla bla. Now please cut the crap and tell me the real deal about trojans. XP SP2 is installed and patched & I use up-to-date adaware, spyware blaster and spybot along with Kaspersky AV and Outpost firewall. I run scans as often as possible (1 time a week let's say). I have a modem/router. My Hijackthis logs are very clean and my machine runs quite well.


    - Still, what I wanna know -


    1) I know that trojans 'listen' to a specific port right? Since my firewall has outbound & inbound protection, I assume that I will have to grant permission to the trojan so that it proceeds with transfering data? Am I right here?

    2) I had a look at invisible and stealth keyloggers. They say it can't be spotted with the task manager nor with spyware programs. But I mean, there is always a way to find whether the keylogger is installed or not right? It HAS to leave traces somewhere and it HAS to be installed somewhere on the machine (registry, etc.). SInce there is no 100% spyware-trojan-worm removal softwares, how can someone that doesn't have the slightest programming skill can check what's going on on his machine?

    I know this topic has probably been discussed a million time and that you might be sick of the same old questions. But if you could take a few minutes to answer those 2 questions, that would really really help. Please express your thoughts by using more than 3 words ;)
    Thanx a lot!!
     
    DiM3y, Sep 22, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't believe that it is an absolute must that trojans use a specific port. Some do and some do not. Malware can manage to hook itself into any of your valid Windows process and then it can go undetected because it looks like that process. For example, many forms of malware attach themselves to winlogon.exe, iexplore.exe, or explorer.exe. Thus when these are running (and winlogon and explorer.exe are always running) the malware can pretty much do anything that winlogon and explorer have permission to do. And when you browse using iexplore, it now has permission to access the internet.

    Task Manager is not a useful tool to use in looking for malware. A tool like Process Explorer is much better and can show and kill things that Task Manager cannot. Yes stealth keyloggers do a better job of hiding but most of those are commercial applications installed by someone to spy on what is being done on a PC (like by employers, spouses, or parents). And typically they are password protected from being uninstalled by anyone except the person who installed it.

    Using more advanced process managers like Process Explorer and Security Task Manager can be very useful. Also detail inspection of Add/Remove programs and the associated registry locations like below can be useful:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    But that still is not enough. Malware and valid programs that are designed to be hidden can attach themselves to other processes that automatically run them without you knowing. If it was such an easy thing to find all this stuff, this forum would not exist.
     
    chaslang, Sep 23, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds