co robi trojan?

[Gość: brr]

Mam u siebie trojana, do konca nie udalo sie go usunac z komputera. Powiedzcie
co on robi i czy moze mi szkodzic? Czemu sluzy? Slyszalam , ze ktos moze wejsc
do mojego komputera. Jesli tak, to czy ten ktos wyslal mi go specjalnie? Czy
moze cos sobie dzialac (zmieniac, kasowac) czy tylko ogladac co tu mam?
sorry jesli moze pytania sa glupie, ale chyba dla fachowcow nie ma glupich
pytan...

[Gość: Grzegorz]

Witaj

Jesli nie masz dobrego antyvirusa, ktory go usunie a masz dostep do netu to
wejdz na strone MksVir'a - mks.com.pl i wybierz Skaner On-Line. Po
pobraniu bazy przeszuka Ci co
trzeba i wykasujesz co potrzeba:)

pozdr.

[Gość: brr]

Korzystalam z mksvir, wyszukuje ale ich nie wykasowuje. A moze ja cos zle robie?
Chcialabym jeszcze cos wiedziec, co ten trojan robi.

[Gość: Scan]

I wejśc też na:
www.moosoft.com/ - pobrać cleaner.exe - zainstalować. ( co prawda wersja
30 dniowa). Uaktualnić bazę trojanów, wyczyścić komputer. Założyc dobrego
firewalla - np. norton personal firewall. Konieczne w Twoim wypadku, gdy masz
stałe łącze.

[Gość: brr]

Zribilam to, co napisales. Wyszukuje mi wirus Klez. Nie moge go usunac: pojawia
sie komunikat:

"PROBLEM: Could not remove file.
SOLUTION: Reboot to allow Windows to remove the file."

[Gość: Scan]

Wrzuc www.google.com, wpisz trojany - bedziesz miała komplet informacji. Trojan
to taki konik, który wysylającemu go pozwala podgladac Twoj komputer, do
wysyłania info z Twego kompa włącznie. Ale nie niepokój się, dużo jest
błąkających się w Sieci śmieci i pewnie jakiś do Ciebie trafił. Czy w Cleanerze
odhaczyłaś opcję "clean selected" -powinno wystarczyć. Jeżeli krzyczy o reset
PC - zrób to.
Pozdrawiam
Scan

[Gość: freaknet]

Trojana mozna zainstalowac na czyims kompie np.wysylajac mu gre z plikiem serwer.exe (nazwa serwer nie jest standartem) albo sam plik. wyrzej wymieniony. Plik nie moze sie sam uaktywnic na kompie ofiary, ofiara musi go sama uruchomic.Najbardziej znane Trojany to netbus(prosty ale zajebisy) i subseven(bardziej dla profesjonalistow, ale nie koniecznie).Co potrafi trojan: moze widzec co robisz poprzez screen shoot (chyba tak to sie pisze), jesli masz web cam moze widziec wszystko to co ona przesyla, morze bez problemu dostac twoje hasla ktore sa zapamietane na twoim komputerze, jesli masz ICQ albo IRC albo inny komunikator morze miec do nich chasla i podgladac o czym gadasz. ma dostep do wszystkich danych do twojego komputera i morze zrobic z nimi co chce (kopiowac i kasowac),wlaczyc i wylaczyc monitor,klawiature,CD-Rom, ukryc pasek zadan albo przycisk start i wiele innych przydatnych rzeczy.
Wyrzej wymienione mozliwosci to tylko podstawy tego co robia Trojany
jesli nie umiesz skasowac pliku to sprobuj to zrobic pod DOSem powinno sie udac

[Gość: brr]

Dzieki za informacje.
Jednego pliku za nic nie moge usunac: * c:\WINDOWS\SYSTEM\Winkotf.exe
informacja: "Podany plik jest uzywany przez systen Windows"
Jest wiec w systemie. Czy jedyna metoda to przeinstalowanie systemu? Nie
chcialabym tego.

[Gość: N]

Jesli znasz angielski idz tam i dowiesz sie wszystkiego bo usuniecie trojan to
nie wszystko.
securityresponse.symantec.com/avcenter/venc/data/trojan.horse.html
to jest jedna ze stron www.symantec.com

[Gość: N]

Trojan Horse
Last Updated on: January 3, 2002 at 09:56:41 AM PST




Trojan Horse is a general detection that is used by Norton AntiVirus when
detecting many different, individual Trojan horse programs for which specific
definitions have not been created. In these cases, a general detection is used
because it provides protection against many Trojans that share certain
characteristics.

If a malicious program does not infect other files and does not distribute
itself automatically, it is usually labeled a Trojan horse. For additional
information, see the following:

What is the difference between viruses, worms, and Trojans?
Virus naming conventions

Besides the many individual Trojans for which Norton AntiVirus has specific
definitions, there are a several types of general detections. Trojan Horse is
one of those general detections. Some specifics about these general detections
are as follows:

Backdoor.Trojan
This Trojan opens a port to allow a hacker to control the infected system.
Within the larger grouping, there are Trojans that share very similar
characteristics. These are given specific names and include any Trojans
with "Backdoor." at the beginning of the name, such as Backdoor.Subseven and
Backdoor.Netbus.

PWSteal.Trojan
A Trojan horse that gathers and sends out some type of password.
If the password-stealing Trojan targets America Online user login information,
the detection will be AOL.Trojan.

Trojan Horse
Any other Trojan horse program that does not have backdoor or password-
stealing capability.
These programs can perform various malicious activities, such as deleting
files, changing system settings, and running malicious programs.

Removal instructions

To remove Trojan Horse you need to do the following:
Run LiveUpdate to make sure that you have the most recent definitions.
Run a full system scan, making sure that Norton AntiVirus (NAV) is set to scan
all files. Delete any files infected with Trojan Horse.
Remove any references to the infected files that have been added to the
Windows registry.
Remove any references to the infected files that have been added to the
Win.ini and System.ini files (Windows 95/98/Me).

For detailed instructions, see the sections that follow.

NOTE: The procedure described in this document is complex and assumes that you
are familiar with basic Windows and DOS procedures. If you are not, then we
suggest that you obtain the services of a qualified computer consultant.

To run LiveUpdate:
1. Start Norton AntiVirus.
2. Click LiveUpdate, and follow the prompts. For detailed instructions, see
the document How to run LiveUpdate.

To scan with NAV
1. Start NAV and run a full system scan, making sure that NAV is set to scan
all files. For detailed instructions, see the document What to do if you
suspect that your computer is infected with a virus, worm, or Trojan.
2. If NAV detects any files as Trojan Horse, write down the name and location
of the file before you allow NAV to delete it. You will need this information
in the sections that follow.

NOTE: As an alternative, you can print a copy of the Norton AntiVirus Activity
log; the log contains information on what was detected, the location of the
file, and what was done to it. To do this:
1. With NAV still open, click Reports.
2. Double-click "View the log of Norton AntiVirus activities."
3. Click Print.

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before
making any changes. Incorrect changes to the registry could result in
permanent data loss or corrupted files. Please make sure you modify only the
keys specified. Please see the document How to back up the Windows registry
before proceeding.
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to and select the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. Refer to the list of infected files that you created while following the
instructions in the previous section. In the right pane, look at the entries
in the Name and Data columns.
5. If you find an entry that refers to a file that was detected as infected,
select the entry, press Delete, and then click Yes to confirm.
6. Navigate to and select the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

7. Refer to the list of infected files that you created while following the
instructions in the previous section. In the right pane, look at the entries
in the Name and Data columns.
8. If you find an entry that refers to a file that was detected as infected,
select the entry, press Delete, and then click Yes to confirm.
9. Exit the Registry Editor.

Edit Windows startup files

NOTES:
The instructions in this sections apply only to Windows 95/98/Me. It is not
necessary to do this if you are running Windows NT/2000.
(For Windows Me users only) Due to the file-protection process in Windows Me,
there is a backup copy of the file you are about to edit in the
C:\Windows\Recent folder. We recommend that you delete this file before you
continue with the steps in this section. To do so using Windows Explorer, go
to C:\Windows\Recent, and in the right pane select the Win.ini file and delete
it. It will be regenerated as a copy of the file that you are about to edit
when you save your changes to that file.
1. Click Start, and click Run.
2. Type the following, and then click OK.

edit c:\windows\win.ini

The MS-DOS Editor opens.

NOTE: If Windows is installed in a different location, make the appropriate
path substitution.

CAUTION: The steps that follow instruct you to remove text from the load= and
run= lines of the Win.ini file. If you are using older programs, they may be
loading at startup from one of these lines. The Trojan can add lines such as
load=c:\windows\temp\pkg2350.exe or run=hpfsched (blank spaces) msrexe.exe.
(In this example, hpfsched is a legitimate program, but msrexe.exe is part of
the Trojan.)

If you are sure that the text contained in these lines is for programs that
you normally use, then we suggest that you do not remove it. If you are not
sure, but the text does not refer to the file names that you wrote down
earlier, then you can prevent the lines from loading by placing a semicolon in
the first character position of the line. For example:

; run=accounts.exe

3. Locate the load= line within the [windows] section of the Win.ini file; it
is usually located near the top of the file.
4. Position the cursor immediately to the right of the equal (=) sign.
5. Press Shift+End to select all of the text to the right of the equal sign,
and then press Delete.
6. Repeat steps 3 to 5 for the run= line, which is usually beneath the load=
line.
7. Click File, click Exit, and then click Yes when you are prompted to save
the changes.
8. Click Start, and click Run.
9. Type the following, and then click OK.

edit c:\windows\system.ini

The MS-DOS Editor opens.

NOTE: If Windows is installed in a different location, make the appropriate
substitution.

10. Locate the shell=explorer.exe line within the [boot] section of the
System.ini file; it is usually located near the top of the file.
11. Position the cursor immediately to the right of explorer.exe.
12. Press Shift+End to select all of the text to the right of explorer.exe and
then press Delete.

NOTE: Some computers may have an entry other than explorer.exe after shell=.
If this is the case, and you are running an alternate Windows shell, then
change this line to shell=explorer.exe for now. You can change it back to your
alternate shell after you have finished this procedure.

13. Click File, click Exit, and then click Yes when you are prompted to save
the changes.

[Gość: gaduła]

utłuc tego gada nalezy pod DOSEM,
musisz miec dyskietkę startowa Dosa i wtedy ubic gada ręcznie, on ma takie
zabezpieczenia ze pod NC nic nie zrobisz !