::[ ecam domain ]::

It's all about an otaku, half vamp and dot dot dot dot

Thursday, August 23, 2007

Rise of Trojan

Trojan come in all kind of form. Even a detergent. I miss the day when the virus is easily detected and most of them is TSR type and easy to know without antivirus software. I still remember the brain virus. It infect MBR. Virus during that time didn't propagate easily compared today. Not to mention all those ware ware. Spyware, adware, malware.

Floppy can transfer small file and virus to those unwary. But people know that virus can come with it. Nowadays, some peoples are ignorant enough to plug in here and there when they see 'USB hole'. In Malay, they said "pantang nampak lubang" .Think of it as free sex without condom. Some people like me have antivirus program such as avg or at least some form of condom but they get through. True to its name, it is an antivirus, not anti trojan. Remember brontok? and all those downloader virus.

All those multiware spread at high speed since the invention of pendrive or thumb drive. Easy to carry around and become smaller each year. This is the number one playboy. And very hard to deter. Nearly every student have one just like a handphone. Not to mention that the owner easily attracted to a computer. "What file you got? Got mp3? Want to copy la." Nooo, the pendrive goes in. Kaching.

I still remember my first pendrive. My first pendrive has size about 3inch long and half inch thick. Hard to reach the port especially at the back of the computer case. Then the computer case come with usb port at the front casing. Oh not to mention that the port is a lot too. So many 'lubang'. 2 increased to 4 then 8. Some computer even have 12 using USB hub.

Old window don't have this problem. I remember that each time I want to use pendrive at a win98 computer, i have to bring a driver disk. Then came the win xp. autoplay feature is the culprit. You didn't need driver and most of the computer easily infected by the autoplay virus. The autoplay start up the multiware and it replicate into the ram. then it find its way into the system32. ohh, don't forget that most of the multiware have rootkit. In other word they run as system service. These guy is the hardest to remove.

So how to know you're a carrier?


You have a pendrive. Plug it in. If it is your pc, it probably infected already. Go to my computer, right click it. See if you can see any autoplay option there. If you do, you're in trouble. Then checkout your pendrive. Search for any folder.exe or XXXX.exe where xxx is your folder. Trojan usually didn't infect file or program but to stay on the safe side, assume they do. Some of the trojan masquerade as jpg or txt. For example, hana.jpg.exe . A default windows view hide your file extension. So you probably see hana.jpg and click it.

How to detect them in your PC?

You have an antivirus program and it have the latest update. Then you realize that your pc is sluggish. That is a sign. And the antivirus program didn't say anything. I have a lot of these experience. Thrice I had to format due to incapable antivirus program. So here a few step to detect those hidden trojan.

  1. Close all application running in foreground and background. Close your antivirus program, download manager and all leaving only a clock and a speaker icon in the taskbar. Then press ctrl alt del. It will bring up the task manager. Switch to the process view. Monitor them for a few minute. Yes, you cannot see a virus process here but the point is a virus use cpu time and we want to check if the cpu time is used correctly. These process usually spike a little, explorer.exe, lsass.exe svchost.exe csrss.exe taskmgr.exe. All this process spike should not exceed 5 to 6%. If they do, there are something wrong as at this state, your computer should be idle. If the total CPU usage reach about 20% or more, there are hidden process running at the background.
  2. Open my computer then click tools. Check if your folder options is still there. If it is missing, you got multiware. The usual suspect is brontok. If it still there, proceed to step 3.
  3. Click folder option then the view tab. Scroll down and choose show hidden file. Untick the hide protected view. Then click apply and ok. Then create a new folder. Right click it and choose properties. tick the hidden attribute then ok. press f5. See if the folder missing. If it do, then you got a multiware. The hidden folder should stay in view but in gray mode indicating it as hidden.
Oh no I got the virus

First of all, panic!!. Then get another antivirus and do a complete scan. I suggest Kaspersky. You can use the trial version. Or you should scan using online virus scanner. google for it. After a complete scan, reinstall your windows. Backup your document and your saved program. It would be good to format the whole computer. Oh be warned of system restore. Turn it off before you do a complete scan. Sometime virus can be hidden in system restore data.

After that install the best antivirus you can afford. Disable autoplay function. To find the best antivirus, google for top ten antivirus performance. There are a lot of performance report out there.

Good Hunting

1 Comments:

  • At Monday, February 11, 2008 5:27:00 PM, Anonymous Anonymous said…

    Thanks for the info. I have a question: some of my files are kept in folders which became exe files subsequently. How am I supposed to save those folders? Because whenever I run an antivirus, those file-filled folders are gone too. Need I empty all the files before I run a scan or is there an other and more practical method?

     

Post a Comment

<< Home