What is a backdoor trojan?
Is your system infected with a backdoor trojan, or remote access trojan? Maybe you received a warning from your antivirus, antispyware application, or someone helping you? What is a backdoor trojan, and why should you be concerned?
A trojan is a malicious application that appears to do one thing, but actually does another. Like it’s name sake, the mythical Trojan Horse, malicious code is hidden in a program or file that appears useful, interesting, or harmless. Popular examples are video codecs that some sites require to view online videos. When the codec is installed, it may also install spyware or other malicious software.
A backdoor trojan differs from a trojan in that it also opens a backdoor to your system. They’re also sometimes call Remote Access Trojans (RAT). These are the most widespread and also the most dangerous type of trojan. They are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:
- Use your system and Internet connection to send spam (yes, the majority of spam is now generated by infected systems).
- Steal your online and offline passwords, credit card numbers, address, phone number, and other information stored on your computer that could be used for identity theft, or other financial fraud.
- Log your activity, read email, view and download contents of documents, pictures, videos and other private data.
- Use your computer and Internet connection, in conjunction with others to launch Distributed Denial of Service (DDoS) attacks.
- Modify system files, disable antivirus, delete files, change system settings, to cover tracks, or just to wreak havoc.
If you suspect you’re infected with a backdoor trojan, the first thing you should do is disconnect from the Internet to protect yourself, and others. At a minimum install a firewall that will monitor inbound and outbound activity (we recommend Comodo’s free version).
Because backdoor trojans have the potential to gain such complete control of a system, and install malicious code that may not be detectable, it’s wise to consider reformatting any system that’s been infected. However, many home users lack adequate backups, and backups from an uninfected system will likely be infected too. It’s also a large, time consuming job to reformat, reinstall the operating system, all applications, and restore backups.
The good news is that most common backdoor trojans are installed and controlled by bots (other infected computers, or automated scripts), not humans. Rarely does a hacker actually take control of a system. Because these bots use known malicious code and techniques, it’s usually possible for someone knowledgeable to completely remove them.
The bad news is that if you’re one of the unlucky few, the potential for damage to your credit rating, financial loss, or loss of proprietary and professional data can be great.
If you chose to receive help with a backdoor trojan from someone online, at a computer repair shop, etc., we recommend that you do the following:
- Since these infections may be used for remote access, or even remote control of an infected system, temporarily disconnect it from the Internet as soon as possible.
- If you don’t have access to another system, and require Internet access, be sure to have a firewall installed. We recommend the free version of Comodo. Note: never run more than one firewall.
- If you used the infected system for online banking, to perform any online financial transactions (including eBay and Paypal), or access any sensitive information online, please get to a known clean computer and change your passwords as soon as possible. It would also be wise to contact those same financial institutions to let them know your account information and passwords may have been compromised.
- Closely monitor all bank and credit card statements. In the event you do notice suspicious activity, it’s important you act quickly. Follow these steps recommended by the FTC: Defend: Recover From Identity Theft.
Should I reformat and reinstall, or disinfect?
If you have adequate backups of files including important documents, pictures, emails, contacts, etc., the installation media for your operating system and applications, as well as the technical ability required, then we strongly recommend reformatting and reinstalling. In addition, if your system contains confidential data, or third party personal information for clients, patients, customers, or your employer, you have a responsibility to protect that data. If at all possible, reformat and reinstall.
Gili said,
Wrote on October 28, 2007 @ 4:09 pm
Good and concise explanation that will be benefitial for many. I also like the trojan horse pic. Was it taken from "Troy" ( a great movie imho)?
Mike Carey said,
Wrote on November 1, 2007 @ 1:41 pm
I have Norton Antivirus
I keep getting pop up box says My cmputor is infected and I need to go to IE Defender to correct problem
they want Money also when I search google porn pops up?????????
How to remove "IE DEFENDER"
Thank You
mike
admin said,
Wrote on November 2, 2007 @ 1:36 am
You can find removal instructions for IE Defender here.
Younus said,
Wrote on January 5, 2008 @ 10:58 am
The above article was really informative..but unfortunately i read it a bit too late..I am confident now that my pc is infected with some sort of back door trojan.
I belive it got into my pc when i was tryin to download a flash player to view a naughty online video..
but i've learnt my lesson. As u havent mentioned any other option other than to format i guess i'll have to do that..I tried doin all the things..the instructions u ppl gave in "
read this before postin a hijackthis log"...like download n running AVG spyware n super antispyware but i still think its there coz sometimes when i use yahoo messenger, some crap is automatically typed n sent to the one i'm chattin with or sending an off-liner...
Now can u plz tell me if its enough to just format Hard disk C or the entire pc..
saurabh said,
Wrote on February 1, 2008 @ 10:28 am
i have an problem with my pen drive it has an trojan virus in its autorun directory pl suggest me how to remove,,,,,,,,,,,,,but after removing this virus with an anti-virus it still occurs or even if i formatt it
Lin said,
Wrote on February 3, 2008 @ 1:25 pm
Ok, I am completely helpless when it comes to this whole backdoor Trojan topic. My desktop computer was infected with this apparently and I am not sure what to do. I am about 90% sure I got it off of limwire--which I subsequently deleted off of my laptop--and downloaded McAfee to get rid of it. It was going fine, but when I tried getting onto the google hompage a few days later, the pop-ups and false Microsoft warnings happened. Any advice would be amazing!!!!
dorkydave said,
Wrote on February 9, 2008 @ 12:09 am
Help Me! For some reason I have a trojon or a virus called Downloader.MisleadApp I need to know how to remove it please!
vince said,
Wrote on February 11, 2008 @ 11:54 pm
macafee got rid of my backdoor trojans . initialy the 2 files they were on wouldnt be cleaned automatically but after a scan identified them i had to delete the files.if this dosnt work then quarantine them and delete them from the quarantine.the files that they are on usually cant be saved.
sime said,
Wrote on February 23, 2008 @ 1:49 pm
I think i have some sort of back door i think i resived by dowloding a media player on a dirty sight my computer runs fine but about every min or so i get this pop ups telling me i have a trojan virus i also have to uknown toolbars on my internet page that take me to a anti virus site i no i dont have a virus becouse my norton blocked and qurinted ive tried many diffrent things to remove the annoying bubble at the botom that will not go away and when i click on it it takes me to a free scan telling me i have a trojan but when i scan with my norton nothing is there what should i do
vince said,
Wrote on February 24, 2008 @ 10:09 pm
dear lyn ,the false microsoft thing could mean you got an unregistered copy of microsoft from whoever you bought from.i used to have same problem so took the computer to dealer who istalled regestered copy of microsoft at cost of the package and havent seen it since.get genuine is a message from microsoft because it recognises the unreg copy.
vince said,
Wrote on February 24, 2008 @ 10:15 pm
i get run.dl etc messages when my computer starts which icant get rid of but they dont cause any problems while running the computer.just annoying to see them at start.they say error module could not be found.any ideas about getting rid of them.tried heaps of thigs.
Blair said,
Wrote on February 25, 2008 @ 11:15 am
You can find free tech support on this site, but not in the comments section of this blog. If you have questions, or think you may be infected with a backdoor trojan, please start a new topic in our forums: http://www.geekstogo.com/forum/forums.html
Donna said,
Wrote on November 1, 2008 @ 8:22 pm
HELP.
i have no experience with these things whatsoever.
i am scared.
and i need help desperately.
i clicked on something online and the internet froze so i closed it and started a new window...except this window had something weird on the toolbar.
then the corner of my screen said i had somesort of a trojan virus with a backdoor!
nothing happened when i clicked on it.
and my virus scans wouldn't function properly.
i am so inexperienced and afraid.
i freaked out and shut down my computer.
help i'm on a different computer now.
HELP HELP HELP
Sean said,
Wrote on November 4, 2008 @ 12:50 pm
I have a question for someone out there that knows a lot about this type of Trojan. I kicked my girlfriend out and about 2 weeks after that I noticed that she was emailing all my friends and family. Well I had my pc checked for viruses and it did have a backdoor Trojan on it. Well the person who cleaned my system used the full version of AVG and it said it took it out. Is it really out for good and is there anyway of telling forsure???
LarkB said,
Wrote on November 12, 2008 @ 11:56 am
It depends on the type of trojan. If it had a rootkit component, the only way to reliably remove it is to reformat the hard drive and reinstall Windows.
More here: http://aumha.net/viewtopic.php?t=28580
Blair said,
Wrote on November 12, 2008 @ 10:09 pm
While that may seem like sensible advice, the reality is that the majority of malware today exhibit some type of "rootkit" behavior, and most home users lack adequate backups to flatten a system for every infection. Also, malware rootkits are not controlled by someone behind a keyboard, but an automated script. When you can trace the steps used to install it, complete removal is possible.
Roy the handyman said,
Wrote on January 23, 2009 @ 10:24 am
Thanks for a well written article.
In my opinion, If in doubt, snuff it out. "All the software in the world" is not going to remove "all trojans and malware in the world" from "all the computers in the world" A trojan is like a cancer. Deal with it as agressivley as you are able.
Reformat your hard drive and reinstall. It's no good claiming that it is a long and difficult process and then attemting to mend your machine with bits of brown paper and string, because it is easier. Find the time to do the job properly. Re installing is a simple job if you have been careful enough to regularly back up your data.
I go to the trouble and expense of fitting good locks and a security system to my home, I also do the same for my computer. Touch wood: I have never been caught out in over 20yrs.
Amanda said,
Wrote on February 10, 2009 @ 4:55 pm
I started getting popups about my computer having a virus, so i went out and bought Norton 360 and it said i had a backdoor trojan, so i ran everything backed up everything and cleared what i needed to and now it is running smoothly, should i be worried that it's not all gone, or am i ok now?
O.B. Dan said,
Wrote on February 16, 2009 @ 3:04 am
I got hit with trojan-backdoor-progdav some time between scheduled sweeps on Saturday Feb 14 and Sunday Feb 15. Four hours passed between when a sweep found the trojan and when I quarantined it, and the computer was online. I can't recall doing any banking online in that time. Sometime Sunday all save-password web-based emails, forums, and so forth required me to log in manually instead of recognizing me - maybe that was when I was hit? When I got home I quarantined the trojan and manually rebooted per Spy Sweeper instructions to complete the quarantine. Shortly after that I went to a forum that required a log-in instead of recognizing me, and that's when I started to put together how many times that had happened. Soon thereafter I went to check my online banking and my initial pre-account entry (i.e. recognize me so I can enter my numbers and pass) had to be re-set, which I did. Then I checked my account, everything okay, but it wasn't until I checked this site that I heard of the dangers I might be in.
Do you recognize this trojan? It might be brand new, or it might have been stored on a floppy from an older computer, and it would be maybe five or six years old.
Help!
O.B. Dan said,
Wrote on February 16, 2009 @ 3:06 am
Oh, yeah, one more thing - another manually-ordered sweep didn't find anything. Any opinions?
Ricky Doney said,
Wrote on May 8, 2009 @ 5:48 pm
This has been a great help I had many trojans on my computer and I got rid of them all because I read this. I used AVG Pro Edition to get rid of them. I had 1 Conficker on it too. EEK!
thswillwork said,
Wrote on May 17, 2009 @ 12:33 am
if you have a backdoor.trojan use the scan from this website: http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt
and if your computer does the blue screen of death durn the scan, go to Safe Mode With Networking and ue it from there. (warning: the scantakesa LONG time to finish but it make thetrojan go away)
Tom said,
Wrote on May 17, 2009 @ 11:17 am
i have a virus on my computer i did almost everything to get rid of it ive been on it for a week now ive tried avg,kaspersky,online scanner,formatting hd (maybe didnt do it right bc its still there), but it seems to still be there bc cant do windows update or anything to do with update, i also used malicous anti- malware and it found a backdoor.bot and 4 trojan dns changer virus's how do i get rid of this please im really tired and would love some sleep
roy the handyman said,
Wrote on May 17, 2009 @ 12:06 pm
Hello Tom, Scan the disk that carries your op set up disk. It could be a contaminated version. ThenFirst get this http://www.dban.org/ and put the program onto a floppy. shut down the p.c, Boot from floppy. Totaly wipe the hard drive with the program that is on the floppy. Now reinstall windows or what ever other o.s you have. Make sure that the op disk is from a reliable source. O.h make sure you scan all the saved data before renistalling it onto the new system. Good luck.
Tom said,
Wrote on May 17, 2009 @ 8:03 pm
thank you roy....
i downloaded the stuff
nuked my hdd
reinstalled windows vista ( dvd is a microsoft retail i bought)
still not being able to update anything
windows update tells me error code 80244019
kaspersky anti virus 8 wont update
i am using the internet that my building complex is providing included in the rent.... could that be a problem? i tried to use microft definition for error code 80244019 and the whole services and bits setting it to automatic. i dont have the backdoor.bot virus anymore..
please help thank you for ur time anyone
roy the handyman said,
Wrote on May 18, 2009 @ 5:43 am
Right Tom, Lets put this problem to bed. It is possible for a virus to take over a router DNS directory. You say you are using a shared internet access. By that, do you mean that you are conecting wirelessly to another router, If that is so. Then I would explain to the provider that there may well be a problem with the router. I am sure if you ask him/her politely to hard reset the router they will. If that is not possible, is there anyway you can connect to the net at a friends home? If not, There is another cheeky way to test if it is a modem problem. ( I never told you this by the way) Pop along to a three network shop. purchase a dongle and p.a.y.g sim. Take it home and try it. if everything gets working again, Take the dongle and sim back straight away and say you changed your mind or the thing does not work. Let me know how it goes. Roy
Pissed off been Trojaned said,
Wrote on June 16, 2009 @ 4:30 am
I found out out recently that i was infected by my IT buddies at work on my personal home PC. The virus corrupted all my photos that i have stored over the years of my kids growing up etc. The problem is that these pissed off Microsoft ex employees who create these viruses don't realise the shit they do!
I have learnt a valuable lesson from this always save special documents onto a disc!
Highlandshottie said,
Wrote on August 3, 2009 @ 7:32 pm
HELP! I am getting porn and viagra pop ups....lol!!! They won't stop and I have kiddos on the computer daily! They just keep popping up. Someone told me this was a backdoor trojan....Any advice???
tom said,
Wrote on August 4, 2009 @ 12:02 am
get kaspersky anti virus or internet security and run it that will stop pop ups and also take care of the trojans if any
uncle tom said,
Wrote on October 7, 2009 @ 7:57 pm
OK my network is shared!
My Computer shows a list of trojans that my computer has(one Being the backdoor Trojan)!
The screen freezes and i have to reboot my computer!
Manual McAffee search can not detect it!
My Webcam Don't work!
I need to know to know to things.
Can This Spread by Sharing Networks?
How do I stop it if i can't detect it or search it?
Before Anyone asks I did Not look at Pourn or Download Anything.
HELP ME PLEASE
tom said,
Wrote on October 8, 2009 @ 10:27 pm
get kaspersky anti virus or internet security and run it that will stop pop ups and also take care of the trojans if any it will stop any spreads too if ur download wont work on internet explorer try google chrome or safari and download it through them this will take care of all ur issues it took me 3 weeks to figure this out and i learned from my experience
darshan said,
Wrote on December 17, 2009 @ 11:52 pm
Norton never found it before, but I reinstalled the operating system after saving all my files on the external drive and now Norton found backdoor.trojan.exe on my backup drive. Is this as dangerous as if it were on my C:drive? If norton gets rid of it, is my computer safe? How do I know? Thanks.
anshul luniya said,
Wrote on February 2, 2010 @ 12:32 am
Well...as i have to say...Backdoor trojans are the shittest thing u cud get...Well better use avira(original one)...and update it...and use comodo firewall....They are the best u cud get in the market...!!...Well the best option is to format windows...Ofcourse u shud know how to..!!