15.-+Trojan+Horse

**__What is it?__**
A Trojan virus is a piece of software designed to look like a useful file or software program but performs a possibly nefarious function once installed on a client computer. The virus takes its name from the “Trojan Horse” from Greek mythology setup outside of the city of Troy. Trojan horse viruses differ from other computer viruses in that they are not designed to spread themselves. Instead Trojan horse malware is either delivered as the payload of another virus or piece of malware or through manual end-user action by downloading infected files or inserting infected drives into a computer. Once a computer is infected with a Trojan virus, the malware can be designed to steal end-user information, perform destructive harm on the target computer, or even download additional computer malware.

A Trojan virus will normally consist of a server and client component. The client component is the portion of the malware that infects the end-user’s computer. Once established or executed, the virus can be designed to establish a certain level of control over the infected computer.
 * __How does it work?__**

The categories currently used to define the different variants of Trojan viruses include:
 * __Are there different types?__**
 * **Remote access:** virus will give the hacker/attacker full control over the targeted computer equivalent to the user’s permissions.
 * **Password sending:** the malware will search for all cached passwords and copy those that are entered by the end-user.
 * **Destructive:** A destructive Trojan virus’s primary purpose is to delete or remove files on the targeted computer.
 * **Key loggers:** are a variant of Trojan virus that is designed to record the keystrokes on an infected computer and then send the log files to a remote server or email account.
 * **Denial of service:** A denial of service (DoS) attack Trojan virus will be designed to use the infected computer as a bot to attack another web server or computer. Combined with other computers that are infected, the Internet connection for the attacked computer can become too busy to allow regular users to make use of the site.
 * **Proxy:** A proxy or Wingate Trojan virus is designed to make the infected computer act as a Wingate or proxy server. As a result of the infection, the targeted computer can then be used by other to surf the Internet in an anonymous fashion.
 * **FTP:** A FTP Trojan virus is one of the most basic Trojan viruses in the wild and is one of the most outdated. The primary purpose of the malware is to open port 21 on the infected computer. Once opened, anyone can then connect to the computer using the FTP protocol.
 * **Software detection killers:** The purpose of this variant of Trojan virus is to disable known antivirus and computer firewall programs.
 * **Trojan down loaders:** The sole job that a Trojan downloader does on the infected computer is to download additional computer malware onto the infected computer.


 * __How to Remove Trojan Viruses?__**
 * Step 1** – Gain access to a non-infected computer that allows you to save files to a CD-R or memory stick. Then, launch the computer’s web browser and download the RKill process killer application produced by Bleeping Computer and save to the portable drive or place in a temporary folder to burn to CD.
 * Step 2** – Download the free version of the Malwarebytes antimalware application. If using a portable drive, copy the install file to the drive. One thing to consider is copying two version of each file with the second version being a unique file name such as your first name or something that does not have anything to do with computer security since some Trojan viruses will prevent RKill or Malwarebytes from being installed. If burning a CD, wait to burn the CD until you have renamed the second version of each file
 * Step 3** – Restart the infected computer in Windows Safe Mode if the computer will allow you to do so.
 * Step 4** – Copy the files on the memory stick or CD onto the desktop of the infected computer.
 * Step 5** – Run the RKill application by double clicking either the primary or alternatively named file icon on the computer’s desktop. RKill should stop all known computer malware processes from executing on your infected computer. Note that RKill can take a few minutes to execute.
 * Step 6** – Once RKill finishes executing, turn off Windows System Restore on your computer. To access the System Restore properties, right click the “My Computer” icon and then select the “Properties” menu option. Select the “Turn Off System Restore” menu choice and choose the default menu prompts to complete the action.
 * Step 7** – Run the Malwarebytes installation file that you have already copied to the computers desktop. Note that you may need to run the renamed version of this file based on the Trojan virus that has infected the computer. Accept all default menu prompts and then run a complete antivirus scan of your computer’s drives.
 * Step 8** – After Malwarebytes has completed running, ensure you select the menu options to remove all infected files discovered.
 * Step 9** – Restart your computer after the infected files are deleted and the Trojan virus will be removed.
 * Step 10** – After the computer has restarted, turn Windows System Restore back on.
 * Step 11** – If you were not running a commercial antivirus program prior to the Trojan virus infection, consider purchasing one from Malwarebytes, Avast, AVG, Norton, or McAfee to prevent future infections.

[]