What does a Trojan do to a computer? Methods for introducing malware. Trojan body types

An article that will help you deal with Trojans. You will learn what it is, what types there are, what they do and how to protect yourself from all this.
I won’t “roll the cotton wool”, but will immediately proceed to the description.

The name "Trojan" itself comes from ancient history about how the Achaeans besieged the city of Troy for a long time, but could not capture it. Finally, they left a huge wooden horse at the gate, saying, “Well done, you held back our onslaught. Here’s a gift for you.” Well, the inhabitants of Troy brought this horse into their city, and from there at night the soldiers came out, killed the guards and opened the gates to their army. And so Troy was taken.
Based on this historical digression, we can move on to modern “Trojans”.
Trojans are programs that are a type of virus. The main difference from viruses is that Trojans “serve the master,” or rather the one who developed them. If the actions of a virus are to infect the system and spread in all ways and at the same time spoil everything, then the actions of a Trojan are to quietly peacefully install and collect information about the infected system, and then send it to its creator.
Those. the same principle of the famous Trojan Horse - to gain trust under the guise of being good, and then provide an unpleasant surprise.

How can you catch a Trojan?

Trojan gets onto your computer different ways, but the most common is through installing programs or viewing files.
A typical situation - you, suppose, are some kind of... You end up on a website ( not mine!) and are frantically looking for where you can download it. As a result, you click on this link, download and install. And everything seemed to go well - it started up and the installation was successful and it even seemed to work and everyone was happy. But at this moment it may be that your system has already picked up this same Trojan. After all, the whole point of Trojans is that they “attach” to a good program and, as it were, are part of it until the very last moment - when they have already launched and installed. Then they continue to “live.”
That is why on this site I very rarely allow you to download directly from the site, but only give links to the official websites of the developers. They won't put this in their products.

Do you think you can only catch it through programs? Not at all. You may receive a banal spam email (remember about ?) which will contain a link or attached a file with the inviting title “Look at how the mouse eats the cat” and you will click on it and see the picture. Yes Yes Yes! Even through a picture you can catch a Trojan.

Infection through autorun of flash drives (my favorite article?) and disks (slightly less common) is also common.

What types of Trojans are there and what do they do?

If we describe all types of Trojans, it will take a lot of pages, because... There are still a lot of them and new ones appear every day. But I will still write about the main ones:

Spyware (Mail sender, Password Trojans, etc.) is the most common type of Trojan. They immediately search the system for all saved passwords and send them to their creator (usually by mail).

Remote access programs (BackDoor) are the second most common type of Trojans. The idea is that the Trojan opens some port on the computer and sends data to the creator. To put it a little more simply, a Server is installed on the infected computer, and the owner has a Client. And this very Server is waiting for a signal from the Client in order to transfer to him everything that he wishes, as well as to give him access to control.

Keyloggers are the third most popular type of Trojan. Based on the name, you can guess that they intercept. What exactly? Yes, all clicks on . And all data is entered through the keyboard - logins and passwords and correspondence. All this is carefully recorded in a file, which is then sent wherever you guess.

Downloaders - download any junk from the Internet at their discretion. Usually these are viruses.

Droppers - load other Trojans into the system.

Joke Programs - display on the screen that the computer will now be rebooted, or that all information will be transferred to someone, or that the computer has been hacked, etc. Essentially harmless and created for fun.

Hackers (Destructive Trojans) are the most evil and nasty Trojans. They break the system, encrypt data, destroy entire partitions hard drives and so on.

Well, I think that's enough. There are also “dialers” who call toll number, but in our time are poorly distributed, because The Internet works even without a phone. In fact, there are a lot of Trojans and their actions. After all, you can program them to do anything.
It should also be mentioned that often several Trojans can be built into one Trojan at once (for example, remote control, a keylogger, and a cracker), reaching up to dozens. You can install such a “collection of Trojans” by opening a harmless picture depicting a sea view...

How to protect yourself and remove Trojans?

The methods of protection have long been known to everyone, but I will repeat them:

Use antivirus software and update it regularly

The same thing, but regarding

Keep your operating system up to date using update mode.

Do not frequently work under the Administrator account. If the Trojan is in the system, it will work under an account with limited rights. Imagine if you give him an Administrator?

Update your software products.

Download programs only from official sites. As a last resort, through trusted sources.

Do not visit unfamiliar and dubious sites with lots of advertising or suspicious ones. ()

Don't save passwords on important sites. It’s better to enter it manually or copy it from some file. After all, what do malware like? Yes Yes -

If we already touched on passwords, I can remind you once again that you should not use simple and same passwords on all sites.

Well, if you are already infected, then the symptoms may be restarting the computer, restarting the program, making some sounds - in general, everything that usually does not happen.

We will be treated

Most often, the Trojan immediately tries to register itself in , so you need to look at what is registered there and remove the unnecessary ones.
The same thing swings and ( Win+R and enter regedit ) in the following branches:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce

There shouldn't be anything so suspicious with the set of numbers and letters.

Now let's move on to the programs. Of course, first of all, our favorites are free and disposable and must be downloaded and installed one by one to test the system.
By the way, all antiviruses should and can search and detect Trojans just like other viruses. There is only one and constant problem - viruses and Trojans are written every day by the tens of thousands and it is extremely difficult to keep track of them. Just like releasing an update to your antivirus so that it can track them. Therefore, it is still important to update.

There are also separate utilities for removing Trojans.

Trojan Remover- . It is in English and paid, but there is a 30-day trial period which is sufficient for us to remove Trojans.
I won’t write about installation and how to search, I think you’ll figure it out on your own. I'll just show you screenshots:

Abstract on computer science

on the topic: “Trojan virus”

Completed by: Student of class 9 “A”

School No. 50

Ryzhkov Maxim

Trojan horses, utilities hidden administration, intended viruses, virus constructors and polymorphic generators.

History of the name " Trojan horse».

In the 12th century BC. Greece declared war on Troy. The Greeks began a 10-year war against this city, but were never able to take it. Then they resorted to a trick. On the advice of Odysseus, a huge wooden horse was built. Several heroes hid inside this horse, and the Achaean army, boarding ships, sailed to the island of Tendos. The Trojans decided that the siege had been lifted and, believing the words of the spy Sinon that the horse had been left by the Achaeans in order to appease the goddess Athena, and its possession would make Troy impregnable, they moved it to the city, destroying part of the fortress wall. In vain did the priest Laocoon convince the Trojans that this should not be done. At night, Achaean warriors emerged from the belly of the horse and opened the city gates to the army that returned under the cover of darkness. Troy was taken and destroyed.

That's why similar programs called "Trojan horses" - they work unnoticed by the PC user, hiding behind the actions of other applications.

What is a Trojan horse?

A Trojan horse is a program that provides unauthorized access to the computer to perform any actions at the destination without warning the computer owner himself or sends specific address collected information. At the same time, as a rule, she pretends to be something peaceful and extremely useful. Part Trojans is limited to sending your passwords by mail to its creator or the person who configured this program (e-mail trojan). However, the most dangerous programs for Internet users are those that allow remote access to their machine from the outside (BackDoor). Very often, Trojans get onto a computer along with useful programs or popular utilities, masquerading as them.

A feature of these programs that forces them to be classified as harmful is the lack of warning about their installation and launch. When launched, the Trojan installs itself on the system and then monitors it, without giving the user any messages about its actions. Moreover, the link to the Trojan may not be in the list active applications or merge with them. As a result, the computer user may not be aware of his presence in the system, while the computer is open to remote control. Quite often, the term “Trojan” refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are aimed at obtaining confidential information and access to certain computer resources.

There are various possible ways for a Trojan to enter your system. Most often this happens when you launch any useful program in which the Trojan server is embedded. At the time of the first launch, the server copies itself to some directory, registers itself to launch in system registry, and even if the host program never runs again, your system is already infected with a Trojan. You can infect a machine yourself by running an infected program. This usually happens if programs are not downloaded from official servers, but from personal pages. A Trojan can also be introduced by strangers if they have access to your machine, simply by launching it from a floppy disk.

Types of Trojans

On this moment The most common types of Trojans are:

1. Hidden (remote) administration utilities (BackDoor - from English “back door”).

Trojan horses of this class are inherently quite powerful utilities remote administration computers on the network. In their functionality they are largely similar to various systems administrations developed by well-known software product manufacturers.

The only feature of these programs forces them to be classified as harmful Trojan programs: the absence of a warning about installation and launch.

When launched, the Trojan installs itself on the system and then monitors it, but the user is not given any messages about the Trojan’s actions on the system. Moreover, the link to the Trojan may not be in the list of active applications. As a result, the “user” of this Trojan program may not be aware of its presence on the system, while his computer is open to remote control.

Modern hidden administration utilities (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (the executor) and the client (the server's governing authority).

The server is executable file, which in a certain way is embedded on your machine, loaded into memory at the same time as starting Windows and carries out those received from remote client teams. The server is sent to the victim, and subsequently all work is carried out through the client on the hacker’s computer, i.e. Commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After the server part of the Trojan is launched, it is backed up on the user’s computer specific port, responsible for communication with the Internet.

After these steps, the attacker launches the client part of the program, connects to this computer through an open online port, and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, you can control the remote computer almost as if it were your own: reboot, turn off, open a CD-ROM, delete, write, change files, display messages, etc. On some Trojans you can change open port during operation and even set an access password for the “owner” of this Trojan. There are also Trojans that allow you to use the "trojaned" machine as a proxy server ( HTTP protocols or Socks) to hide the hacker's real IP address.

The archive of such a Trojan usually contains the following 5 files: client, server editor (configurator), Trojan server, file packer (gluer), documentation files. It has quite a lot of functions, among which are the following:
1) collecting information about the operating system;

2) determination of cached and dial-up passwords, as well as passwords popular programs dialing;

3) finding new passwords and sending other information by e-mail;

4) download and run files at the specified path;

5) closing windows well-known antiviruses and firewalls upon detection;

6) execution standard operations for working with files: viewing, copying, deleting, changing, downloading, uploading, launching and playing;

7) automatic removal the Trojan server from the system after the specified number of days;

8) CD-ROM management, enable/disable the Ctrl+Alt+Del key combination, view and change the contents of the clipboard, hide and show the taskbar, tray, clock, desktop and windows;

9) establishing a chat with the victim, incl. for all users connected to this server;

10) displaying on the client’s screen all pressed buttons, i.e. there are keylogger functions;

11) taking screenshots of different quality and size, viewing a specific area of the remote computer screen, changing current resolution monitor.

Hidden administration Trojans are still the most popular today. Everyone would like to become the owner of such a Trojan, since it can provide exceptional opportunities for managing and performing various actions on remote computer, which can scare most users and bring a lot of fun to the owner of the Trojan. Many people use Trojans to simply mock someone, to look like a “super hacker” in the eyes of others, and also to obtain confidential information.

2. Postal (e-mail trojan).

Trojans that allow you to “pull” passwords and other information from your computer files and send them via e-mail to the owner. These can be logins and Internet passwords of the provider, a password from mailbox, ICQ passwords and IRC, etc.
To send a letter to the owner by mail, the Trojan contacts mail server site by SMTP protocol(for example, on smtp.mail.ru). After collecting the necessary data, the Trojan will check whether this data was sent. If not, the data is sent and stored in the register. If they have already been sent, then the previous letter is extracted from the register and compared with the current one. If any changes have occurred in the information (new data has appeared), then the letter is sent and the latest password data is recorded in the register. In a word, this type of Trojan is simply collecting information, and the victim may not even realize that someone already knows his passwords.
The archive of such a Trojan usually contains 4 files: a server editor (configurator), a Trojan server, a file packer (gluer), and a manual for use.

As a result of the work, the following data can be determined:

1) IP address of the victim’s computer;

2) detailed information about the system (computer and user name, Windows version, modem, etc.);

3) all cached passwords;

4) all telephone connection settings including phone numbers, logins and passwords;
5) ICQ passwords;

6) N last visited sites.

3. Keylog-gers.

These Trojans record everything that was typed on the keyboard (including passwords) into a file, which is subsequently sent to a specific e-mail or viewed via FTP (File Transfer Protocol). Keyloggers usually take up little space and can disguise themselves as others useful programs, making them difficult to detect. Another reason why such a Trojan is difficult to detect is that its files are called system files. Some Trojans of this type can extract and decrypt passwords found in special password fields.

Modern virtual world With the daily increasing volume of information exchange and electronic payments, criminals have long chosen it. One of the ways cybercriminals make money is by distributing Trojan programs. We’ll talk about what it is and how hackers earn millions in profits with the help of Trojans in this article.

So, the Trojan program is small program, disguised as harmless software. This disguise allows it to enter the computer without hindrance from the user or antivirus program for the malicious actions for which it was created. The name “Trojan program” (Trojan, Trojan, Trojan virus) comes from the legendary “Trojan Horse”, with the help of which Odysseus’s wars got inside Troy.

A Trojan can contain both viruses and worms, but unlike them, it does not spread on its own; there is a person behind it. Of course, it is very rare for a hacker to download a Trojan onto your computer himself. More often than not, it encourages users to download malware onto their computer. How does this happen? The cybercriminal uploads a Trojan program to visited sites, file hosting services and other resources. From there, by various reasons, users download the Trojan onto their computer, infecting it.

Another way to “put a Trojan horse” on your computer is to read spam mailings. Typically, a PC user automatically clicks on attached files in emails. Double click and the Trojan program is installed on your computer.

There are several types of Trojan programs:

Trojan-PSW (Password-Stealing-Ware)– a type of Trojan program that steals passwords and sends them to the virus distributor. The code of such a Trojan states e-mail address, to which the program sends passwords and numbers read from the computer credit cards, telephone numbers and other information. In addition, another target of Trojan-PSW is codes for online games and registration codes for licensed programs.

Trojan-Clicker– a type of Trojan program that performs unauthorized redirection of users to an Internet resource desired by a cybercriminal. This is done to achieve one of three goals: a DDoS attack on a selected server, increasing visitors to a given site, or attracting new victims for infection with viruses, worms or other Trojans.

Trojan-Downloader And Trojan-Dropper– malware with a similar effect. Trojan-Downloader, as the name suggests, downloads infected programs to the PC, and Trojan-Dropper installs them.

Trojan-Proxy– Trojan proxy servers. These programs are used by attackers to secretly send spam.

Trojan-Spy– spyware. The purpose of such Trojan programs is to spy on a PC user. The Trojan takes screenshots of the screen, remembers information entered from the keyboard, etc. These programs are used to obtain data about electronic payments and other financial transactions.

ArcBomb– archives that prevent proper operation computer. They fill HDD a large amount of repetitive data or empty files, which causes the system to freeze. Hackers use ArcBomb to slow down or stop mail servers.

Rootkit – program code, which allows you to hide the presence of a Trojan program in the system. Rootkit without a Trojan is harmless, but together with it it carries a significant danger.

Trojan Notifier– a Trojan program that sends a notification to the creator about a successful attack on the user’s computer.

Cybercriminals unite several computers infected with Trojans into botnets - networks of computers controlled by hackers. Such botnets are great danger for users. With their help, cybercriminals send spam, steal passwords to bank accounts, and carry out DDoS attacks. Now imagine that one of the computers united in a botnet is yours. Moreover, you will not know anything about this until one “fine” day the police from the cybercrime department knock on your door. Then prove that it was not you who DDoS or the server that was attacked, but a hacker who had access to your system using a Trojan.

In order to minimize (precisely minimize, it will not be possible to avoid) the consequences of infection home computer, install the license antivirus program, which will update its databases. The creators of anti-virus programs are always several steps behind hackers, so databases should be updated as often as possible. If your computer has become infected with a virus, then it needs computer help. We advise you to contact best service city of Kemerovo.

The development of malware requires resources no less, or even several times more, than the development of software needed for operation. Trojan programs are simple, and most importantly cheap way, used by hackers to remotely control your software. The fight against Trojans must reach new level, otherwise the creators of antiviruses will not be able to cope with the growing force of cybercrime on their own.

One of the biggest troubles for an Internet user is a “Trojan horse” - a virus that is spread on the network by attackers. And although antivirus software developers are constantly modifying their programs to make them more reliable, the problem still remains, because hackers are not sitting still either.

After reading this article, you will learn how to protect your computer from Trojans entering it, and also learn how to remove this virus, if after all it ended up on your device.

What is a Trojan horse?

The name of this virus is taken from a legend that says that the Greeks made a wooden horse with wars hidden inside.

This structure was then taken to the gates of Troy (hence the name), supposedly as a sign of reconciliation. At night, Greek soldiers opened the gates of the enemy city and inflicted a crushing defeat on the enemy.

It works in a similar way. computer virus. The Trojan horse is often disguised by attackers as regular program, which, when downloaded, introduces malware onto your computer.

This virus differs from others in that it does not reproduce spontaneously, but gets to you as a result of hacker attack. In most cases, you download a Trojan onto your device without knowing it.

A Trojan horse is a virus that can cause a lot of trouble to the user. Read on to find out what the consequences may be.

Signs of infection

If your computer was attacked by a Trojan, you can find out about it by the following changes in your computer:

Firstly, the device will start rebooting without your command.
Secondly, when a Trojan horse penetrates a computer, the performance of the device is significantly reduced.
Thirdly, spam is sent from your email inbox.
Fourthly, they open unknown windows with pornography or advertising of any product.
Fifthly, operating system does not start, and if the download is successful, a window appears asking you to transfer money to the specified account to unlock the system.

In addition to all the above problems, there is one more - the loss of money from electronic wallet or confidential information. If you notice that this has happened to you, then after removing the Trojan, you need to immediately change all passwords.

Trojan horse (virus). How to remove it from your computer?

Of course, the penetration of a Trojan horse can cause significant harm to the user (for example, financially), but since this is a fairly common type of virus, you can get rid of it using any popular antivirus(Kaspersky, Avast, Avira, etc.).

If you suspect that your computer is being attacked by a Trojan, boot your device into " Safe Mode"and scan the system with an antivirus program. Quarantine any detected malware or remove it immediately. After that, open the "Programs and Features" section and get rid of suspicious applications that you did not install.

Sometimes the antivirus program is blocked by a Trojan horse. This virus is constantly being modernized, so situations like this happen. In this case, you can use one of special utilities, for example SuperAntiSpyware or Spyware Terminator. In general, find a program that suits you, and then use it to remove the Trojan.

Conclusion

So now you know what a Trojan horse is. You can remove the virus discussed in this article yourself if it gets onto your computer.

Of course, it is better that such trouble does not happen to you, but for this you need to install a good antivirus program, regularly update its database, carefully monitor program warnings, and also not visit or download anything from suspicious resources.

Before unpacking any downloaded archive, be sure to scan it with an antivirus. Also check the flash drives - they should be missing hidden files. Remember: a Trojan can cause a lot of problems, so take all measures to identify it responsibly.

Sometimes under the guise of legal software ( software) penetrates the computer malware. Regardless of the user's actions, it spreads independently, infecting the vulnerable system. A Trojan program is dangerous because the virus not only destroys information and disrupts the operation of the computer, but also transfers resources to the attacker.

What is a Trojan horse

As is known from ancient Greek mythology, warriors hid in a wooden horse, which was given as a gift to the inhabitants of Troy. They opened the city gates at night and let their comrades in. After this the city fell. The malicious utility was named after the wooden horse that destroyed Troy. What is a Trojan virus? A program with this term was created by people to modify and destroy information located on a computer, as well as to use other people's resources for the purposes of an attacker.

Unlike other worms, which spread on their own, it is introduced by people. At its core, a Trojan horse is not a virus. Its effect may not be harmful. A hacker often wants to break into someone else's computer just to get necessary information. The Trojans deserve it bad reputation due to the use of programs in the installation to obtain re-incorporation into the system.

Features of Trojan programs

A Trojan horse virus is a type of spyware. The main feature of Trojan programs is the disguised collection of confidential information and transfer to a third party. This includes details bank cards, passwords for payment systems, passport data and other information. The Trojan virus does not spread over the network, does not destroy data, and does not cause fatal equipment failure. The algorithm for this virus utility does not resemble the actions of a street hooligan who destroys everything in his path. A Trojan is a saboteur sitting in ambush, waiting in the wings.

Types of Trojans

The Trojan consists of 2 parts: server and client. Data exchange between them occurs via the TCP/IP protocol using any port. The server part is installed on the victim’s working PC, which operates unnoticed, while the client part is kept by the owner or customer of the malicious utility. To disguise themselves, Trojans have names similar to office ones, and their extensions coincide with popular ones: DOC, GIF, RAR and others. Types of Trojan programs are divided depending on the type of actions performed on the computer system:

Trojan-Downloader. A downloader that installs new versions of dangerous utilities, including adware, on the victim’s PC.
Trojan-Dropper. Security program deactivator. Used by hackers to block virus detection.
Trojan-Ransom. Attack on a PC to disrupt performance. The user cannot work on remote access without paying the attacker the required amount of money.
Exploit. Contains code that can exploit a software vulnerability on a remote or local computer.
Backdoor. Allows fraudsters to remotely control infected computer system, including uploading, opening, sending, modifying files, spreading incorrect information, logging keystrokes, rebooting. Used for PC, tablet, smartphone.
Rootkit. Designed to hide necessary actions or objects in the system. The main goal is to increase the time of unauthorized work.

What malicious actions do Trojan programs perform?

Trojans are network monsters. Infection occurs using a flash drive or other computer device. Basic malicious actions Trojan programs are penetration into the owner’s PC, downloading his personal data onto his computer, copying files, stealing valuable information,monitoring activities on an open resource. The information obtained is not used in favor of the victim. Most dangerous look actions – full control over someone else's computer system with the function of administering the infected PC. Fraudsters quietly carry out certain operations on behalf of the victim.

How to find a Trojan on a computer

Trojan programs and protection against them are determined, depending on the class of the virus. You can search for Trojans using antivirus software. To do this, you need to download one of the applications like Kaspersky Virus or Dr. Web. However, you should remember that downloading an antivirus program will not always help to detect and remove all Trojans, because the body of a malicious utility can create many copies. If the products described do not cope with the task, then manually look in the registry of your PC for directories such as runonce, run, windows, soft to check for infected files.

Removing the Trojan

If your PC is infected, it must be treated immediately. How to remove a Trojan? Take advantage free antivirus Kaspersky, Spyware Terminator, Malwarebytes or paid Trojan Remover software. These products will be scanned, the results will be shown, and the viruses found will be removed. If new applications appear again, video downloads are shown, or screenshots are taken, it means that the removal of the Trojans was unsuccessful. In this case, you should try downloading the utility for quick scan infected files from alternative source, for example, CureIt.

Trojan protection

It is easier to prevent a virus from entering your PC than to treat it. The main defense against Trojans is the installation of effective software that can neutralize the attack malicious utilities. In addition, they will help protect against Trojan penetration. the following actions:

periodically updated antivirus;
always-on firewall;
regularly updated operating system;
using information only from trusted sources;
prohibition on going to dubious sites;
usage different passwords for services;
addresses of sites where there are Account with valuable data it is better to enter manually.