Jakk

Hey you all,
I am posting this thread because I didn't find proper answers over the Internet. I have been searching all across the web to learn more about trojans. I am fed up of reading the same crap all the time : The trojan horse is named after the city of Troy in ancient Greece bla bla. A trojan horse gives total control of your computer to a hacker bla bla. Unlike worms and viruses, the trojan doesn't replicate itself bla bla. Now please cut the crap and tell me the real deal about trojans. XP SP2 is installed and patched & I use up-to-date adaware, spyware blaster and spybot along with Kaspersky AV and Outpost firewall. I run scans as often as possible (1 time a week let's say). I have a modem/router. My Hijackthis logs are very clean and my machine runs quite well.


- Still, what I wanna know -


1) I know that trojans 'listen' to a specific port right? Since my firewall has outbound & inbound protection, I assume that I will have to grant permission to the trojan so that it proceeds with transfering data? Am I right here?

2) I had a look at invisible and stealth keyloggers. They say it can't be spotted with the task manager nor with spyware programs. But I mean, there is always a way to find whether the keylogger is installed or not right? It HAS to leave traces somewhere and it HAS to be installed somewhere on the machine (registry, etc.). SInce there is no 100% spyware-trojan-worm removal softwares, how can someone that doesn't have the slightest programming skill can check what's going on on his machine?

I know this topic has probably been discussed a million time and that you might be sick of the same old questions. But if you could take a few minutes to answer those 2 questions, that would really really help. Please express your thoughts by using more than 3 words
Thanx a lot!!

jgvernonco

Howdy.

Yep, if anything that is not recognized by your firewall should try to come in or go out, it should ask your permission. This is why outbound protection is so important; it is a "fail safe" should a baddie get installed and try to duplicate itself to others or send your personal information outbound. That is wy I do not consider the XP firewall a true firewall.

If the thing is going to work, it has to run.Therefore, you should be able to pick it up in running processes as something you don't recognize. It may even appear in the task manager.

Spybot has a component that monitors any program trying to put itself in start-up; most keyloggers, etc, will need to have a place there to function.

I was using WinPatrol before the Spybot upgrade; again, it blocks changes in the registry unless they are related to a recognized program.

Lastly, make sure that you keep your system updated. That, alone, can reduce your risk of infection several times over.

I hope that this helps.

MicroBell

Jakk,

One of the reasons you have so much conflicting information is your asking about two "Loaded" questions that have an many different answers.

1. Trojan

So what does that really mean? The trojans out there have many many purposes. They are used by spyware/adware to install it's files. They are used by bad guys to gain access to your PC and steal your info and take control of the PC. Some trojans listen for ports...some do not. Your firewall will help protect you....but it should not be considered as a non-bypassable defense as some trojans will disable it and some won't even go through it.

Some will masquerade as a legit windows file...and the firewall will allow it through. So as you see..you can take steps to reduce the risk of something getting though...but you can't install one program and think "That's it...No More Trojans" as thats unrealistic. For example..there's a few trojans that use Internet Explorer to transphere the data the keylogger gathered...so a firewall would be useless as that method of transport won't go through the firewall at all.

2. Stealth Keyloggers

In a short answer.....yes. It's there...and leaves traces but they are not always easy to find. Some will "Stick out..like a sore Thumb" while others will be so invisible you will need to dig it out using a bunch of tools and logs from other programs. Most commercial made software will miss it and you will need to resort to looking at locations that these keyloggers use.

One of the best defenses that is widely overlooked is your knowledge of your operating systems files. If you know what files are supposed to be were...when something new is added..it should peak your interest quickly.

As JG suggested...you need to use a resident program and runs in the background at all times to monitor any changes to the registry. Spybot and Winpatrol do just that. This way...you can detect if any unwanted programs/files are trying to be added. The registry is the brain of the OS and most bad guys will add entrys to it...so you need to monitor it.

So in conclusion...yes the Keylogger leaves both files and entrys in the registry...so it's not truely invisible...but it can leave these entrys/files in such obscure locations that they are not easily detectable by the average user or commerical software vendor.