pingTips By Chima M. Oleru
A Trojan horse is
somewhat different than other viruses. Rather than infecting files on your
computer with malevolent code, a Trojan is an independent file, usually
pretending to be a harmless application until it is opened. Symptoms vary,
depending on its purpose. It may hijack your Web browser or slow down your
computer as it runs in the background. When at all possible, use reliable and
updated anti-virus software to remove a Trojan. Trying to manually delete it
should be used only as a last resort. Some Trojans may interfere with your your
Internet connection, preventing you from downloading or updating anti-virus
software.
Instructions
1.
Removing a Trojan Virus
o
1
Disconnect your computer from the Internet and any other
computers on your home network or WiFi connection as soon as you determine that
your computer has been infected with a Trojan virus. Depending on the Trojan,
it may try to access your personal information or may try to infiltrate other
computers on your network.
o
2
Research the particular Trojan virus using another computer
if possible to determine whether or not it is an immediate threat to the
personal information on your computer, such as passwords and bank-account
records. Information on new viruses can be found on most reliable anti-virus
websites, such as, for example, McAfee and Symantec (links in Resources). If
this Trojan is an immediate threat, read the section below on manually removing
the Trojan. Many Trojans are not high risk. If you determine that you can
safely connect your computer to the Internet to remove the Trojan, proceed to
Step 3.
o
3
Log in as an administrator on your computer. Click the Windows
Start button and type "Windows Update" in the search text field.
Click "Windows Update" in the search results, then click "Check
for Updates." Follow the onscreen instructions to update your computer
software.
o
4
Open a new Web browser window and go to the Microsoft
Security Essentials website (see link in Resources). Click the
"Download" button to download the software. Click "Run" in
the dialog box to automatically install the program once it has downloaded.
Read the Software License terms and click "I Accept."
o
5
Click the "Validate" button to let the program
confirm you are using a legal copy of Windows, then click "Install."
Enable the "Scan My Computer For Potential Threats After Getting the
Latest Updates" option, then click "Finish."
o
6
Wait for the program to update and begin scanning your
computer. This may take an hour or more, depending on the number of files on
your computer. A progress bar displays the status of the scan. When it detects
a virus, the monitor icon on the Home tab will change to red with a white
"X" and a red "Clean Computer" button will appear. You can
click "Show Details" to see information of the virus in a pop-up
window.
o
7
Click the "Clean Computer" button in the main
window to remove the Trojan virus. The red monitor icon changes to green with a
white check mark.
o
8
Click the Microsoft Security Essentials icon in the
bottom-right corner of the screen to launch the program at any time to scan
your computer. To update the software, click the "Update" tab. Click
the "Update" button if prompted to update the program's database of
known viruses.
2.
Manually Removing a Trojan Virus
o
9
Try to remove a Trojan virus using an anti-virus software
program before removing it manually. If this is not possible, research as much
as you can about the particular Trojan using a reliable website, such as your
anti-virus software home page, and using a different computer besides the
infected one. Make notes of file names, registry entries, and Dynamic Link
Library (DLL) files associated with the Trojan.
o
10
Stop the Trojan from running by using the Windows Task
Manager. Launch the Task Manager by pressing "Ctrl-Shift-Esc" on the
keyboard. Click the "Processes" tab and click the "Show
Processes From All Users." Click on each process associated with the
Trojan and click the "End Process" button. Close the Task Manager.
o
11
Open the Registry Editor by clicking the Windows Start
button and typing "regedit" in the search text field. Click
"regedit.exe" in the search results. Use the "Find" option
to search for registry entries associated with the Trojan, based on the
research you've done. Right-click each entry and select "Delete."
Close the Registry Editor.
o
12
Deauthorize any DLL files associated with the Trojan virus
by using the Windows Command Prompt. Open the Command Prompt by clicking the
Windows Start button and typing "cmd" in the search field. Click
"cmd.exe" in the search results. Type "regsvr32 /u
trojan.dll" at the command prompt, replacing "trojan.dll" with
the name of the actual Trojan DLL file. Press "Enter." Repeat this
for each DLL associated with the virus.
o
13
Delete any other files associated with the Trojan by typing
the file names in the Search field from the Windows Start button. Right-click
the file and click "Delete."
o
14
Restart the computer. Install an anti-virus software program
and perform a complete scan of your computer as instructed by the program.
Tips & Warnings
- Back up your computer before attempting to delete registry entries if you do not have a recent full backup of your computer. Manually editing the registry can be extremely hazardous and should normally be done only by experienced users. Keep in mind, however, that when backing up your files after your computer has been infected, you are most likely backing up the Trojan files as well.
- In the course of your research you may find specific instructions on removing your particular Trojan. If you are certain the website is trustworthy, try these instructions first.
- Be wary of viruses disguised as virus removal software.
- Unfortunately, some Trojans cannot be safely removed from a computer. After attempting to remove it, you may find it reappears. In this case you may have to format your hard drive and reinstall the operating system and software. This is one of the reasons why it's important to back up your files on a regular basis.
