Backdoor Trojans, Are They Gone?

G

GaryLund

When a computer gets a backdoor type trojan or worm, and an anti-virus
program detects and cleans the program file, how can I tell whether
anyone actually used the backdoor, and what they did to or on the
computer?

I do computer support for clients, and have been finding trojans or
worms of the backdoor type that let a remote computer run commands on
the client's computer. When a virus scan finds a backdoor type file,
and deletes it, is that the end of the danger? Or could a cracker
have loaded other bad files on the computer that the antivirus program
will not detect?

How can I be sure the computer is safe after that without wipeing the
hard drive and reloading everything back from scratch? That seems
like a very drastic and expensive solution. Is there a generally
accepted practice in these situations?

Thanks for any info.
-Gary
 
K

kurt wismer

GaryLund said:
When a computer gets a backdoor type trojan or worm, and an anti-virus
program detects and cleans the program file, how can I tell whether
anyone actually used the backdoor, and what they did to or on the
computer?
Click to expand...

in general, you can't... there might be a few that leave traces of what
was done but most won't...
I do computer support for clients, and have been finding trojans or
worms of the backdoor type that let a remote computer run commands on
the client's computer. When a virus scan finds a backdoor type file,
and deletes it, is that the end of the danger? Or could a cracker
have loaded other bad files on the computer that the antivirus program
will not detect?
Click to expand...

other files may have been loaded, otherwise secure information like
passwords or credit info could have been leaked, the owner's identity
may have been stolen, etc...
How can I be sure the computer is safe after that without wipeing the
hard drive and reloading everything back from scratch? That seems
like a very drastic and expensive solution. Is there a generally
accepted practice in these situations?
Click to expand...

the only real solution in this kind of situation is to rebuild the
system, and have the customer change all their passwords (not just on
their computer but for things like online banking, web mail accounts,
etc) and take whatever other steps they can to regain control over
whatever information or resources may have been compromised...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Antivirus vs. trojan vs worm protection ! 1
Annoying Backdoor Trojen 8
I have 2 Trojans, "Trjan Downloader and Optimize, help! 8
backdoor trojan py[1].exe 5
Port 4567 name: filenail Open 10
My ports are stealthed, so how can Trojans be attacking? 4
AVG Virus Vault Query 1
Need Help to Identify Backdoor Trogan 3

Top