<!-- im too little for this code, by l.regburner html hacking newbie using editpad --!>
[String-TC]
What is a Trojan and why could they be dangerous for my machine ?
Programms called Trojan Horses are working on the same princip as the same (physical) known Trojan Horse that was used to take the city Troja. Troja was a very good protected town and the enemies tryed to figure a way how to go past their defenses. To make it short, the enemies of Troja build a big wooden horse as present for that city. The Horse (while still beeing what it was and looked like: a wooden nice horse) had place inside for some men (enemies) that waited until the citicens took that horse inside Troja. When it became night, they went out of that horse, and opened the city gate for the enemies that were waiting outside.
You see: 1. The Horse looked like a nice thing to get (install)
2. It had hidden functions, that took all security down, and permetted the enemies to come in and manipulate (eh destroy) that city.
In the computer past, most Trojans were only viral programms, that infected your system, altered things, etc. while its main executable still seemed to be a nice tool.
Today with more and more internet connectivity, the Trojans develop exactly the same strategy as in that ancient history. They eliminate your security mechanisms and get past your defenses, while allowing an intruder all possibilities to alter, read, etc. your data.
Now there are more versions of these internet Trojans:
- You start the programm, but it gives you only an error code. ("dll not found," etc something like that).
- A Programm that is hiding inside that programm that made you execute it. The main programm has full functionality while you still get infected.
If some Trojan is installed on your system there are some starting methods of them, (they can run always, started when the system starts up, they become active if you run a certain application.).
(Windows STart -> Programms -> Autostart.) Its not usual that a Trojan is starting by that Autostart function, although it could hide there as an Application you know suggesting you that application would be started by Autostart)System.ini/Win.ini
Win.ini = be aware that a programm can be loaded after the Load= or Run= String. Some Trojans are hiding their parameter after these strings by multiple spaces. So either make Wordwrap on in your editor or scroll horizontal to the right if possible.(c:\or whatever your start drive is)c:\Autoexec.bat and c:\Config.sys
example: "Load=c:\winnt\IMATROJAN.EXE" or "RUN=c:\winnt\IMATROJAN.EXE"
System.ini after the shell=Explorer.exe (the explorer.exe is normal to be there).
example: "shell=Explorer.exe mtmtask.dl" (That would be an example of default settings of SubSeven 1.9)
also here many spaces could be added after explorer.exe so you have to check if you can scroll horizontal for additional parameters)
Here you should know what you are searching for. There could be many drivers in config.sys removing by try and error should be avoided.Winstart.bat/Winninit.ini/progrman.ini/control.ini
example config.sys: "device c:\winnt\IMATROJAN\IMATROJAN.SYS"
all or some of these files may not exist on your system. The progman.ini comes from win 3.0 but is still executed if found. so if some of these files exist check the content.Registry
go Windows Start->Run...->type "regedit" -> ok.
HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows ->CurrentVersion->Run HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows->CurrentVersion->RunOnce HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows->CurrentVersion->RunServices
HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows->CurrentVersion->RunServicesOnce
HKEY_CURRENT_USER->SOFTWARE->Microsoft->Windows->CurrentVersion->Run HKEY_CURRENT_USER->SOFTWARE->Microsoft->Windows->CurrentVersion->RunOnce
HKEY_CURRENT_USER->SOFTWARE->Microsoft->Windows->CurrentVersion->RunServices
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
are places where programms could be installed to be executed when you start your system.
Thats optimal. You install one of these computer as your ISP connector. (Only that computer connects to the internet, and its not the Computer you are working on. Its a dedicated firewall).
What can you do with that: You can install a big firewall on it. you can install detection software that traces all attackers back, you can be relatively sure that whatever attacks goes from out of your local network goes on that firewall, so you can define the strongest security parameters, that would normally decrease performance, and usability on a client.
The firewall can also masquarade the other computers behind it, so that nobody in the net can figure out what is behind that firewall (to say it , eh "short")
Software that could be used:
WinNT/Win2k, NetGuard Guardian (a very powerful coorporation firewall) OR Conseal PC Firewall OR SyShield OR ATGuard AND Lockdown2000 (to trace and whois intruders) AND Vshield(Mc Afee Virscanner) OR F-Risk F-Prot OR other AntiVir Software
The software and links will be presented in more detail at the end.
OR SuSe Linux OR RedHat Linux OR any other Linux distribution coming around with firewall and masquarading services and scripts.
Hardware that could be used:
Win: Pentium/AMD, 64 mb, 1gb hd, isnd or cable or whatever you use to connect to your isp and a network adapter for your local network
Linux(without X-Win):486,16mb,1gb, " - " - " -"
You can use a desktop firewall on your computer. Its still a security drawback to install the firewall on the same machine that is in potential danger and where you execute and run new software, but hey we dont protect a coorporation.
Software that could be used:
Win95(with socks update)/Win98/WinNT/Win2k, Conseal Private Desktop (very easy to use self configuring good firewall for less experienced persons. Dont understimate the danger of a wrong configured firewall. If you are new on that, and dont want to spend much time with it, get the trial version (listed down as software)
OR Conseal PC Firewall OR AT Guard OR SyShield AND Vshield (McAfee) OR F-Risk F-Prot OR Norton Anti Vir Or AVP etc
You have a problem.
Execute a vir scanner manually or sheduled every night but not as background scan. Try Conseal Desktop Private and see if you have a great performance drawback.
Take care of pictures sent by email. it could be a "uo0001.jpg(100spaces).exe file.9.never open emails
install an email scanner (like provided with norton antivir or mcafee)
from ppl like "support@microsoft.com" wanting to provide you with a "system update" or something like that. Microsoft never sends code through emails. Dont open. If your firewall/whatever provides the possibility, block that adress.10.dont reply to support mails from OSI asking you for password/account name for administrative use/whatever.
like the name of your dog, or your girlfriend "Michelle" written as "ellehciM". I would laught 2 times.14. dont save passwords.
If you want to use a password that you can retain but is long and not easy, try to use different keys in it:
That means: saying your dog's name is Garfield. Your girlfriends name is Bonny. And your midlife crisis began on the 14.8.88 than you could build:
"GarFIELD14Bon8ny88"
even when someone would know 2 keys (your dogs name, and your girlfirends name, or use some crack tools that try first common names, all keys together would miss.
If you are militant concerning that, you could make an alghorythm for you moving keys or key parts or using different key parts in relation to political events, or anything like that. Like = its GarFIELD14Bon8ny88 when there is no war in Usbekistan but its Gar"9mm"14Bon8ny88 if there is war, altering the 9mm key to biger mm sizes for each month the war is ongoing.