What is a backdoor trojan?
Is your system infected with a backdoor trojan, or remote access trojan? Maybe you received a warning from your antivirus, antispyware application, or someone helping you? What is a backdoor trojan, and why should you be concerned?
A trojan is a malicious application that appears to do one thing, but actually does another. Like it’s name sake, the mythical Trojan Horse, malicious code is hidden in a program or file that appears useful, interesting, or harmless. Popular examples are video codecs that some sites require to view online videos. When the codec is installed, it may also install spyware or other malicious software.
A backdoor trojan differs from a trojan in that it also opens a backdoor to your system. They’re also sometimes call Remote Access Trojans (RAT). These are the most widespread and also the most dangerous type of trojan. They are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:
- Use your system and Internet connection to send spam (yes, the majority of spam is now generated by infected systems).
- Steal your online and offline passwords, credit card numbers, address, phone number, and other information stored on your computer that could be used for identity theft, or other financial fraud.
- Log your activity, read email, view and download contents of documents, pictures, videos and other private data.
- Use your computer and Internet connection, in conjunction with others to launch Distributed Denial of Service (DDoS) attacks.
- Modify system files, disable antivirus, delete files, change system settings, to cover tracks, or just to wreak havoc.
If you suspect you’re infected with a backdoor trojan, the first thing you should do is disconnect from the Internet to protect yourself, and others. At a minimum install a firewall that will monitor inbound and outbound activity (we recommend Comodo’s free version).
Because backdoor trojans have the potential to gain such complete control of a system, and install malicious code that may not be detectable, it’s wise to consider reformatting any system that’s been infected. However, many home users lack adequate backups, and backups from an uninfected system will likely be infected too. It’s also a large, time consuming job to reformat, reinstall the operating system, all applications, and restore backups.
The good news is that most common backdoor trojans are installed and controlled by bots (other infected computers, or automated scripts), not humans. Rarely does a hacker actually take control of a system. Because these bots use known malicious code and techniques, it’s usually possible for someone knowledgeable to completely remove them.
The bad news is that if you’re one of the unlucky few, the potential for damage to your credit rating, financial loss, or loss of proprietary and professional data can be great.
If you chose to receive help with a backdoor trojan from someone online, at a computer repair shop, etc., we recommend that you do the following:
- Since these infections may be used for remote access, or even remote control of an infected system, temporarily disconnect it from the Internet as soon as possible.
- If you don’t have access to another system, and require Internet access, be sure to have a firewall installed. We recommend the free version of Comodo. Note: never run more than one firewall.
- If you used the infected system for online banking, to perform any online financial transactions (including eBay and Paypal), or access any sensitive information online, please get to a known clean computer and change your passwords as soon as possible. It would also be wise to contact those same financial institutions to let them know your account information and passwords may have been compromised.
- Closely monitor all bank and credit card statements. In the event you do notice suspicious activity, it’s important you act quickly. Follow these steps recommended by the FTC: Defend: Recover From Identity Theft.
Should I reformat and reinstall, or disinfect?
If you have adequate backups of files including important documents, pictures, emails, contacts, etc., the installation media for your operating system and applications, as well as the technical ability required, then we strongly recommend reformatting and reinstalling. In addition, if your system contains confidential data, or third party personal information for clients, patients, customers, or your employer, you have a responsibility to protect that data. If at all possible, reformat and reinstall.
Gili said,
Wrote on October 28, 2007 @ 4:09 pm
Good and concise explanation that will be benefitial for many. I also like the trojan horse pic. Was it taken from "Troy" ( a great movie imho)?
Mike Carey said,
Wrote on November 1, 2007 @ 1:41 pm
I have Norton Antivirus
I keep getting pop up box says My cmputor is infected and I need to go to IE Defender to correct problem
they want Money also when I search google porn pops up?????????
How to remove "IE DEFENDER"
Thank You
mike
admin said,
Wrote on November 2, 2007 @ 1:36 am
You can find removal instructions for IE Defender here.
Younus said,
Wrote on January 5, 2008 @ 10:58 am
The above article was really informative..but unfortunately i read it a bit too late..I am confident now that my pc is infected with some sort of back door trojan.
I belive it got into my pc when i was tryin to download a flash player to view a naughty online video..
but i've learnt my lesson. As u havent mentioned any other option other than to format i guess i'll have to do that..I tried doin all the things..the instructions u ppl gave in "
read this before postin a hijackthis log"...like download n running AVG spyware n super antispyware but i still think its there coz sometimes when i use yahoo messenger, some crap is automatically typed n sent to the one i'm chattin with or sending an off-liner...
Now can u plz tell me if its enough to just format Hard disk C or the entire pc..
saurabh said,
Wrote on February 1, 2008 @ 10:28 am
i have an problem with my pen drive it has an trojan virus in its autorun directory pl suggest me how to remove,,,,,,,,,,,,,but after removing this virus with an anti-virus it still occurs or even if i formatt it
Lin said,
Wrote on February 3, 2008 @ 1:25 pm
Ok, I am completely helpless when it comes to this whole backdoor Trojan topic. My desktop computer was infected with this apparently and I am not sure what to do. I am about 90% sure I got it off of limwire--which I subsequently deleted off of my laptop--and downloaded McAfee to get rid of it. It was going fine, but when I tried getting onto the google hompage a few days later, the pop-ups and false Microsoft warnings happened. Any advice would be amazing!!!!
dorkydave said,
Wrote on February 9, 2008 @ 12:09 am
Help Me! For some reason I have a trojon or a virus called Downloader.MisleadApp I need to know how to remove it please!
vince said,
Wrote on February 11, 2008 @ 11:54 pm
macafee got rid of my backdoor trojans . initialy the 2 files they were on wouldnt be cleaned automatically but after a scan identified them i had to delete the files.if this dosnt work then quarantine them and delete them from the quarantine.the files that they are on usually cant be saved.
sime said,
Wrote on February 23, 2008 @ 1:49 pm
I think i have some sort of back door i think i resived by dowloding a media player on a dirty sight my computer runs fine but about every min or so i get this pop ups telling me i have a trojan virus i also have to uknown toolbars on my internet page that take me to a anti virus site i no i dont have a virus becouse my norton blocked and qurinted ive tried many diffrent things to remove the annoying bubble at the botom that will not go away and when i click on it it takes me to a free scan telling me i have a trojan but when i scan with my norton nothing is there what should i do
vince said,
Wrote on February 24, 2008 @ 10:09 pm
dear lyn ,the false microsoft thing could mean you got an unregistered copy of microsoft from whoever you bought from.i used to have same problem so took the computer to dealer who istalled regestered copy of microsoft at cost of the package and havent seen it since.get genuine is a message from microsoft because it recognises the unreg copy.
vince said,
Wrote on February 24, 2008 @ 10:15 pm
i get run.dl etc messages when my computer starts which icant get rid of but they dont cause any problems while running the computer.just annoying to see them at start.they say error module could not be found.any ideas about getting rid of them.tried heaps of thigs.
Blair said,
Wrote on February 25, 2008 @ 11:15 am
You can find free tech support on this site, but not in the comments section of this blog. If you have questions, or think you may be infected with a backdoor trojan, please start a new topic in our forums: http://www.geekstogo.com/forum/forums.html
mzmanzana said,
Wrote on April 1, 2008 @ 11:56 pm
I really don't recall when I contracted the "Virus" or if I even have a virus. Although pop-ups and baloons show up continuously with warnings of Spyware.Cyberlog-X, Malware threat warnings etc. Also, my homepage has been compromised with another with a url that reads http://securitypills.com. What are these? And is there a difference between iexplore and iexplorer? Evidently, the back door trojan is letting these in via C:\program files\inter..\iexplore.exe. Please help me. My son was on "Thomas the Tank Engine" website playing a harmless game, when suddenly, BAM! An advertisement for porn pops up! He's only 6!