Securing Windows Against Trojans

Version 1.1.2


Last revised by PJKevin () on 2004-08-06

Originally written by Jim-mm () on 2000-08-25

Please direct any comments or feedback about this document (only! no help requests!) to docs@dal.net. If you need help on issues not covered in this document, please see the information at http://help.dal.net.

A Message from the DALnet Exploits Prevention Team

High-speed always-on network connections can be devastating if abused, on IRC and otherwise. Please help us to help you enjoy your experience on DALnet, by taking the time to ensure your computer system can't be used to abuse others.

Contents

1 · What Trojans Are

Trojans are programs that run on a computer without the user knowing of their existence, and provide some kind of access to use the computer for an outsider. While technically not viruses, they fall into the same category of malicious programs that can be running in a computer without the user's permission. There are many kind of trojans, but they typically allow others to use the computer over the network: run programs on the computer, or access the data stored on the computer's hard disk.

2 · Why You Should Care

Cable and DSL technologies are unique in that they provide a high-speed, always-on connection to a home PC. It's the speed and always-on nature of Cable/DSL technologies that attracts crackers. If you aren't careful, they can take control of your machine remotely, steal your data and even use your PC to conduct devastating attacks on other machines - all without your knowledge.

Even if you do not have a cable or DSL connection, a trojan on your computer could be used to get files from your computer or to cause a lot of nuisance for you in other ways.

The DALnet Exploits Prevention Team sees the results of this kind of 'hijacking' every day. Systems are compromised, users' nicknames, passwords and other personal data is stolen and their bandwith sapped to carry out attacks. All too often the ISPs of such unlucky users refuse to believe that the machine was compromised and place the blame firmly at the door of their subscriber, disconnecting or restricting their service.

The team is doing what they can to control the problem on DALnet, but they need your help. Every trojanised PC is a potential gateway for an attack on the network, and people with malicious intentions are using them frequently for this and other purposes. Attacks are being launched from compromised machines, and it's very difficult if not impossible for the team to trace the true source.

However, it's easy and quick for a user to find and remove most trojans. Below are instructions on what to do, and links to some software packages that are of help. Please help us to help you, take a couple of minutes and check your system over. At worst, you've wasted ten minutes, at best you've saved yourself the hassle and potential costs of a system compromise.

3 · The 10 Minute System Security Check

  • First, make sure the system is clean. Download and run a Trojan Scanner - this will detect and remove trojans from any Windows system. Shareware but fully functional for 30 days, The Cleaner from http://www.moosoft.com is probably the most comprehensive.

  • Next, update your virus scanner if it's not up to date, and run a full scan. Virus scanners also detect most trojans and stop them from being installed. They will of course also protect you from numerous other viruses you might accidentally pick up. They do need to be up to date to be reliable, so visit the manufacturer's homepage and get yours updated regularly.

    Here are links to the homepages of some of the companies which make virus scanners:

  • Now, close any 'open doors' on your machine. Pay a visit to http://www.grc.com and test your system. You'll probably find netbios ports open, which can be used to attack your PC. There's instructions on the website on how to close this gaping security hole.

  • It is suggested that Windows users run their computer in safe mode. Most viruses and trojans are easier to be detected when in safe mode where the trojan is inactive.

  • Finally, consider installing a desktop firewall. These prevent people accessing your PC over the internet without your permission, and installing trojans on your computer. There's a listing and review of what they are, how they work and which one's are good, bad or plain useless at http://grc.com/su-firewalls.htm.

    ZoneAlarm, from http://www.zonelabs.com, is free for personal use and is very easy to set up.

  • Your system should now be free of both trojans and viruses, and should also hopefully stay that way.

4 · Information Sources

1) http://www.nohack.net (#NoHack's Website with documents and information on trojan and viruses).

2) http://kline.dal.net/exploits/ddos.htm (Information on DDOS attacks)