Menu
homeFiles and folders

What does a Trojan horse virus do? By analogy with historical events. How to deal with the Trojan

Sometimes under the guise of legal software ( software) a malicious program penetrates the computer. Regardless of the user's actions, it spreads independently, infecting the vulnerable system. A Trojan program is dangerous because the virus not only destroys information and disrupts the performance of the computer, but also transfers resources to the attacker.

What is a Trojan horse

As is known from ancient Greek mythology, warriors hid in a wooden horse, which was given as a gift to the inhabitants of Troy. They opened the city gates at night and let their comrades in. After this the city fell. The malicious utility was named after the wooden horse that destroyed Troy. What's happened Trojan virus? A program with this term was created by people to modify and destroy information located on a computer, as well as to use other people's resources for the purposes of an attacker.

Unlike other worms, which spread on their own, it is introduced by people. At its core, a Trojan horse is not a virus. Its action may not be harmful. A hacker often wants to break into someone else's computer just to get necessary information. The Trojans deserve it bad reputation due to the use of programs in the installation to obtain re-incorporation into the system.

Features of Trojan programs

Virus Trojan horse is a type of spyware. The main feature of Trojan programs is the disguised collection of confidential information and transfer to a third party. This includes details bank cards, passwords for payment systems, passport data and other information. The Trojan virus does not spread over the network, does not destroy data, and does not cause fatal equipment failure. The algorithm for this virus utility does not resemble the actions of a street hooligan who destroys everything in his path. A Trojan is a saboteur sitting in ambush, waiting in the wings.

Types of Trojans

The Trojan consists of 2 parts: server and client. Data exchange between them occurs via the TCP/IP protocol using any port. The server part is installed on the victim’s working PC, which operates unnoticed, while the client part is kept by the owner or customer of the malicious utility. To disguise themselves, Trojans have names similar to office ones, and their extensions coincide with popular ones: DOC, GIF, RAR and others. Types of Trojan programs are divided depending on the type of actions performed on the computer system:

  1. Trojan-Downloader. A downloader that installs new versions of dangerous utilities, including adware, on the victim’s PC.
  2. Trojan-Dropper. Security program deactivator. Used by hackers to block virus detection.
  3. Trojan-Ransom. Attack on a PC to disrupt performance. The user cannot work remotely without paying the required amount of money to the attacker.
  4. Exploit. Contains code that can exploit a software vulnerability on a remote or local computer.
  5. Backdoor. Allows fraudsters to remotely control an infected computer system, including downloading, opening, sending, modifying files, spreading incorrect information, logging keystrokes, rebooting. Used for PC, tablet, smartphone.
  6. Rootkit. Designed to hide necessary actions or objects in the system. The main goal is to increase the time of unauthorized work.

What malicious actions do Trojan programs perform?

Trojans are network monsters. Infection occurs using a flash drive or other computer device. Basic malicious actions Trojan programs are penetration into the owner’s PC, downloading his personal data onto his computer, copying files, stealing valuable information,monitoring activities on an open resource. The information obtained is not used in favor of the victim. Most dangerous look actions – full control over someone else's computer system with the function of administering the infected PC. Fraudsters quietly carry out certain operations on behalf of the victim.

How to find a Trojan on a computer

Trojan programs and protection against them are determined, depending on the class of the virus. You can search for Trojans using antivirus software. To do this you need to download to HDD one of the applications Kaspersky Virus or Dr. Web. However, you should remember that downloading an antivirus program will not always help to detect and remove all Trojans, because the body of a malicious utility can create many copies. If the products described do not cope with the task, then manually look in the registry of your PC for directories such as runonce, run, windows, soft to check for infected files.

Removing the Trojan

If your PC is infected, it must be treated immediately. How to remove a Trojan? Take advantage free antivirus Kaspersky, Spyware Terminator, Malwarebytes or paid Trojan Remover software. These products will be scanned, shown the results, and offered to remove any viruses found. If new applications appear again, video downloads are shown, or screenshots are taken, it means that the removal of the Trojans was unsuccessful. In this case, you should try downloading the utility for quick scan infected files from alternative source, for example, CureIt.

Trojan protection

It is easier to prevent a virus from entering your PC than to treat it. The main defense against Trojans is the installation of effective software that can neutralize the attack malicious utilities. In addition, they will help protect against Trojan penetration. the following actions:

  • periodically updated antivirus;
  • always-on firewall;
  • regularly updated operating system;
  • using information only from trusted sources;
  • prohibition on going to dubious sites;
  • usage different passwords for services;
  • addresses of sites where there are Account with valuable data it is better to enter manually.

Video: Trojan virus

Abstract on computer science

on the topic: “Trojan virus”

Completed by: Student of class 9 “A”

School No. 50

Ryzhkov Maxim

Trojan horses, utilities hidden administration, intended viruses, virus constructors and polymorphic generators.

The history of the name “Trojan horse”.

In the 12th century BC. Greece declared war on Troy. The Greeks began a 10-year war against this city, but were never able to take it. Then they resorted to a trick. On the advice of Odysseus, a huge wooden horse was built. Several heroes hid inside this horse, and the Achaean army, boarding ships, sailed to the island of Tendos. The Trojans decided that the siege had been lifted and, believing the words of the spy Sinon that the horse had been left by the Achaeans in order to appease the goddess Athena, and its possession would make Troy impregnable, they moved it to the city, destroying part of the fortress wall. In vain did the priest Laocoon convince the Trojans that this should not be done. At night, Achaean warriors emerged from the belly of the horse and opened the city gates to the army that returned under the cover of darkness. Troy was taken and destroyed.

That's why similar programs called "Trojan horses" - they work unnoticed by the PC user, hiding behind the actions of other applications.

What is a Trojan horse?

A Trojan horse is a program that provides unauthorized access to the computer to perform any actions at the destination without warning the computer owner himself or sends specific address collected information. At the same time, as a rule, she pretends to be something peaceful and extremely useful. Some Trojan programs are limited to sending your passwords by mail to their creator or the person who configured this program (e-mail trojan). However, for Internet users, the most dangerous programs are those that allow you to obtain remote access to their car from the side (BackDoor). Very often, Trojans get onto a computer along with useful programs or popular utilities, masquerading as them.

A feature of these programs that forces them to be classified as harmful is the lack of warning about their installation and launch. When launched, the Trojan installs itself on the system and then monitors it, without giving the user any messages about its actions. Moreover, the link to the Trojan may not be in the list active applications or merge with them. As a result, the computer user may not be aware of his presence in the system, while the computer is open to remote control. Quite often, the term “Trojan” refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are aimed at obtaining confidential information and accessing certain computer resources.

There are various possible ways for a Trojan to enter your system. Most often this happens when you launch any useful program in which the Trojan server is embedded. At the time of the first launch, the server copies itself to some directory, registers itself to launch in system registry, and even if the host program never runs again, your system is already infected with a Trojan. You can infect a machine yourself by running an infected program. This usually happens if programs are not downloaded from official servers, but from personal pages. A Trojan can also be introduced by strangers if they have access to your machine, simply by launching it from a floppy disk.

Types of Trojans

On this moment The most common types of Trojans are:

1. Hidden (remote) administration utilities (BackDoor - from English “back door”).

Trojan horses of this class are inherently quite powerful utilities remote administration computers on the network. In their functionality they are largely similar to various systems administrations developed by well-known software product manufacturers.

The only feature of these programs forces them to be classified as harmful Trojan programs: the absence of a warning about installation and launch.

When launched, the Trojan installs itself on the system and then monitors it, but the user is not given any messages about the Trojan’s actions on the system. Moreover, the link to the Trojan may not be in the list of active applications. As a result, the “user” of this Trojan program may not be aware of its presence on the system, while his computer is open to remote control.

Modern hidden administration utilities (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (the executor) and the client (the server's governing authority).

The server is executable file, which in a certain way is embedded on your machine, loaded into memory at the same time as starting Windows and implements those received from remote client teams. The server is sent to the victim, and subsequently all work is carried out through the client on the hacker’s computer, i.e. Commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After the server part of the Trojan is launched, it is backed up on the user’s computer specific port, responsible for communication with the Internet.

After these steps, the attacker launches the client part of the program, connects to this computer through an open online port, and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, you can control the remote computer almost as if it were your own: reboot, turn off, open a CD-ROM, delete, write, change files, display messages, etc. On some Trojans you can change open port during operation and even set an access password for the “owner” of this Trojan. There are also Trojans that allow you to use the "trojaned" machine as a proxy server ( HTTP protocols or Socks) to hide the hacker's real IP address.

The archive of such a Trojan usually contains the following 5 files: client, server editor (configurator), Trojan server, file packer (gluer), documentation files. It has quite a lot of functions, among which are the following:
1) collecting information about operating system;

2) determination of cached and dial-up passwords, as well as passwords popular programs dialing;

3) finding new passwords and sending other information by e-mail;

4) download and run files at the specified path;

5) closing windows well-known antiviruses and firewalls upon detection;

6) execution standard operations for working with files: viewing, copying, deleting, changing, downloading, uploading, launching and playing;

7) automatic removal the Trojan server from the system after the specified number of days;

8) CD-ROM management, enable/disable the Ctrl+Alt+Del key combination, view and change the contents of the clipboard, hide and show the taskbar, tray, clock, desktop and windows;

9) establishing a chat with the victim, incl. for all users connected to this server;

10) displaying on the client’s screen all pressed buttons, i.e. There are keylogger functions;

11) taking screenshots of different quality and size, viewing a specific area of ​​the remote computer screen, changing current resolution monitor.

Hidden administration Trojans are still the most popular today. Everyone would like to become the owner of such a Trojan, since it can provide exceptional opportunities for managing and performing various actions on remote computer, which can scare most users and bring a lot of fun to the owner of the Trojan. Many people use Trojans to simply mock someone, to look like a “super hacker” in the eyes of others, and also to obtain confidential information.

2. Postal (e-mail trojan).

Trojans that allow you to “pull” passwords and other information from your computer files and send them via e-mail to the owner. These can be logins and Internet passwords of the provider, a password from mailbox, ICQ passwords and IRC, etc.
To send a letter to the owner by mail, the Trojan contacts mail server site by SMTP protocol(for example, on smtp.mail.ru). After collecting the necessary data, the Trojan will check whether this data was sent. If not, the data is sent and stored in the register. If they have already been sent, then the previous letter is extracted from the register and compared with the current one. If any changes have occurred in the information (new data has appeared), then the letter is sent and the latest password data is recorded in the register. In a word, this type of Trojan is simply collecting information, and the victim may not even realize that his passwords are already known to someone.
The archive of such a Trojan usually contains 4 files: a server editor (configurator), a Trojan server, a file packer (gluer), and a manual for use.

As a result of the work, the following data can be determined:

1) IP address of the victim’s computer;

2) detailed information about the system (computer and user name, Windows version, modem, etc.);

3) all cached passwords;

4) all telephone connection settings including phone numbers, logins and passwords;
5) ICQ passwords;

6) N last visited sites.

3. Keylog-gers.

These Trojans record everything that was typed on the keyboard (including passwords) into a file, which is subsequently sent to a specific email or viewed via FTP (File Transfer Protocol). Keyloggers usually take up little space and can masquerade as others useful programs, making them difficult to detect. Another reason why such a Trojan is difficult to detect is that its files are called system files. Some Trojans of this type can extract and decrypt passwords found in special password fields.

Some are only part of the program, others are full-fledged and useful applications. A Trojan program also belongs to this type. As a rule, it is intended for implementation in computer system. Once embedded, the Trojan either sends information from the infected computer to the criminal, or destroys the system from the inside and uses it as a “crime tool.” A striking example of such a virus is the waterfalls.scr program, which disguises itself as a screenserver.

The Trojan program was named after the well-known wooden horse, with the help of which the Greeks captured and destroyed the impregnable Troy. Like a Trojan horse program of the same name looks harmless and a useful gift, but in reality it turns out to be an insidious surprise virus. It is almost impossible to recognize such a virus before installation. Some Trojans, even after installation, continue to perform the functions of the program they were disguised as. Such a virus cannot reproduce, but by launching it, the user each time resumes destructive activity on his computer. Almost all viruses of this type consist of a client and are introduced into the infected system, and the client is used by the criminal

om to control it.

Trojan program has six types harmful activities. Some viruses allow the criminal remote access, others simply destroy data, download additional pests, copy “fake” links to sites from paid registration, disable antiviruses and carry out DDoS attacks. If the infected computer is connected to the modem Internet, the Trojan commits phone calls, after which the user’s account “loses weight” by a significant amount.

There are several signs that indicate Trojan infection. First of all, you need to pay attention to the startup registry. An “unauthorized” program that appears there may turn out to be a virus. Infection is also indicated by downloading games, applications or videos that were not intended by the user, as well as arbitrary creation screenshots. While the virus is running, the computer may reboot itself.

The Trojan program can start viewing videos or images, open and close the drive console, or randomly

Due to the abundance of forms and types single way there is no fight against the Trojan. If the system becomes infected, it is worth clearing the folder with temporary Internet files, and then scanning the system with an antivirus. If an object detected by the antivirus is not deleted or cleaned up, you can find and delete it manually. But in case of total infection, only reinstalling the operating system will help.

One of the newest viruses is called Qhost. This type of Trojan is a modified file Windows size 2600 bytes. New virus blocks the user from going to certain sites and requests to selected servers. Blocking is carried out by adding a list of “forbidden” sites to the Trojan file with the name host. To neutralize such a virus, just edit this file in Notepad and then scan the system with an antivirus program.

We consider in accessible language what a Trojan is and what is unique about this pest.

Very often users come across such a concept as Trojan What is it and what is it used for, why is it dangerous?


So, a Trojan is a pest program somewhat similar to a virus, although unlike it, the Trojan does not spread itself, but with the help of people. This type The software received its name in honor of the famous Trojan horse, with the help of which the troops of Achaea captured Troy by deception, building a huge horse, supposedly in a race.


The Trojans, not suspecting anything, pulled the structure into what was considered an impregnable fortress. Under the cover of darkness, Achaean warriors crawled out of it and opened the gates of impregnable Troy for the rest of their army. Thus, Trojan, Tronian horse- henceforth began to imply some kind of secret plan disguised as something harmless.

BMoreover, it does not cause harm in itself, but simply gives access to your computer to its owner (creator), and he, in turn, causes harm of varying degrees of complexity.

They first began to be talked about seriously back in 1998, in which the first mass-produced Trojan utility called Back Orifice was created.

Using it, it was possible to control the victim’s personal computer (PC) remotely, that is, over the Internet or local network (of course, this could also be used for good, for example, helping users from a distance, but it would also be possible to easily steal something from a computer, for example, passwords).


It was after the appearance of this Trojan that many began to worry about such programs. After all, they can cause enormous damage to a company or firm; with their help, hackers can steal important access passwords, client data, etc., which, in general, is constantly happening in the world today.


Let us repeat, the Trojan itself is not dangerous - it is just a way to gain access to something, a computer, mail, a website. All the harm can begin when its owner starts doing something, using it, for example, stealing your passwords.


Trojans can be divided into:


BackDoor (back door)- used to gain access to the victim’s PC in a roundabout way, which she does not even mean, so to speak - enters through the back door (for example, through a hole in the browser or OS).

The operating principle is as follows:

  1. Includes itself in the system startup to automatically start when the PC starts
  2. Checks for Internet connection at certain intervals
  3. Upon successful exit to global network sends data to its owner to access the victim’s PC
  4. After this, the owner of the Trojan can perform various actions on this computer, including stealing or deleting all data



MailSender (mail sender)- this pest is registered in the operating system, after which it collects all entered passwords and codes on the victim’s PC. Further collected information sent (usually by email) to the attacker. This is a common situation, often this is how passwords for access to social networks, email, etc. are stolen. credit cards etc.


LogWriter (log recording)- the peculiarity of this type of Trojans is that they write everything that is typed on the keyboard in special file. Then it is sent in some way (by mail, ftp) to the attackers, they, in turn, analyze these records and select the necessary information from there.


Thus, we accessible language V general outline We looked at what a Trojan is and what functions they have.
If you have any questions, the team will be happy to answer them in the comments.

  • I like it
  • I did not like
  • October 20, 2015
  • Alex website

Today it is difficult to find a person who has not encountered computer viruses. Often we don’t even realize that some kind of malicious program is on our computer right now. Of course, sometimes this goes unnoticed: there are a sufficient number of viruses that cause invisible damage to the system. But at the same time, we should not forget about the well-known Trojan programs which can cause significant harm to your computer. What is so special about these programs, and how can you protect your computer from them?

How the Trojan virus works

Virus "Trojan" Obviously, it got its name by analogy with the well-known Trojan Horse. To put it figuratively, this virus, unlike others, enters the computer through “sabotage” and “not an attack.” As a rule, his presence remains completely unnoticed until he begins his activities within the system. The virus itself has come to us since the time of the program DOS. The main difference between the then "Trojan" from its modern counterpart is that in the old days the virus focused on separate computer, now "Trojans" are created mainly for working on the Internet. The main difference between a Trojan and another virus is that after activation "Trojan" continues to maintain contact with its creator, while other viruses begin to live their own lives.

What does the Trojan virus do, and what is the main danger of this virus?

So, having penetrated the computer, this program launches vigorous sabotage activities. For example, the creator of the Trojan can gain access to the personal information of the user of the “infected” computer, including passwords. The hacker also gets the opportunity to install servers remote control. This means that from now on he will be able to work on his computer on behalf of yours. Naturally, thanks to the Trojan, the attacker gains access to all files stored on your computer, can exchange them with other computers, and download various files and programs.

How can your computer become infected with this virus?

Have you noticed how often when working on the Internet you are asked to download new version some program / follow a dubious link / send a letter “by mistake”? All of these are ways to spread the Trojan. Some antiviruses are not programmed to protect your computer at this very moment of virus penetration. It is enough to open the program attached to such a letter, or click the “Run” button in a window that suddenly pops up when working on the Internet - and the virus has already penetrated the computer. Sometimes this click occurs even accidentally, automatically, against the user’s wishes.

Having penetrated a computer, the Trojan is primarily concerned with “taking root there.” It needs to gain a foothold on the computer, otherwise it will be destroyed the next time the system is restarted. Most often, a virus in Windows can be found in the following three places. Firstly, this is the registry. Secondly, the Startup folder. And thirdly, “win.ini”. And if you are the one who launches the malicious program for the first time, whether you like it or not, then its further activity occurs automatically: the virus does not need to be launched manually.

How to deal with the Trojan?

One of the ways to protect against a Trojan is to check the above places (registry, and “win.ini”) using special programs. In the list of such programs you can recall PCSecurityGuard And RunServices. They are able to neutralize the Trojans. You should never forget about standard way computer protection: antiviruses. But do not be mistaken about the omnipotence of such programs. Many antivirus programs are simply not able to detect the Trojan. They target common viruses and do not classify "Trojans" as such. IN last years A certain number of special programs have appeared, the actions of which are aimed at finding and destroying Trojans (for example, BackWork or TheCleaner). But this method of protection is far from ideal. This is because these programs are imperfect. They are quite new and need improvement, therefore they cannot completely protect your computer from these malware. Their widespread use currently not justified.

For complete destruction virus must be adhered to the following algorithm. ,

  • Your first action should be to discover the location of the virus itself. At the same time, do not forget about the places listed twice above.
  • After detecting the program, completely remove it from your computer.
  • Then reboot the system.
  • And only now can you finally delete the “infected” file. But! If you delete this file immediately without first deleting it yourself malware, your actions will be ineffective and will only create the appearance of getting rid of the virus.