Ever Hear of a Virus Called “Trojan Horse”?

Discussion in 'malware problems & news' started by foolproof, Apr 28, 2006.

Thread Status:
Not open for further replies.
  1. foolproof

    foolproof Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    26
    Now, I know what a trojan horse is. I know what a virus is. I’ve even come across a number of viruses that have the word “Trojan” in their name. I’ve never though come across a virus named “Trojan Horse.” But that’s what Norton AV claims was found on my system and quarantined when it couldn’t be killed.

    trojanstopped.JPG

    Neither Adaware SE or Spybot S&D found anything wrong. My assumption is that Norton has these fellows safely quarantined, and I feel secure with that, but I am curious about this virus name “Trojan Horse.”
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,088
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    Try uploading the file to http://virusscan.jotti.org/ where about a dozen or so AVs will weigh in on its identity probably reporting aliases against the name for the file's signature.

    -- Tom
     
  3. foolproof

    foolproof Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    26
    Thx Tom, I'll give it a try.
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    Hi, foolproof

    Or you could just empty your Recycly bin.

    Take Care,
    TheQuest :cool:
     
  5. foolproof

    foolproof Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    26
    Tom I gave it a try and it didn't work, so I'm going to roll over and give up. First, I went back to the Norton quarantine area and noticed that there is no option to upload a file, other than to Norton itself and that for some reason was unsuccessful (I had tried unsuccessfully early). Next I noticed that the files had previous been in c:\recycler. I even tried restoring one of the files (there were four) to that location, from which I thought I might be able to upload it directly. Perhaps you can; I don't know because I can't find it. I looked in the recycle bin and then I went Start > Run > C:\recycler and looked in what I thought was appropriate of the several cryptically named folders that appeared. I couldn't find it. Right now I'm doing another scan for the file that got away. If I find it, back into its quarantine cage it goes. Moral: there are just some things, I guess, that you're not meant to know.
     
  6. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    Well I think we should straighten some things out. Tom meant earlier that if you had the actual individual file handy, you should upload the file to the website he provided. But this is obviously the wrong approach since you cannot find the file and you already know its clearly infected.

    Anyway, I really don't like Norton in its way of handling things, but you should just delete/remove the files instead of quarantining them (unless you cannot remove but can quarantine). However, if the only option available is to quarantine, then upload the file to Norton and update regularly (including a manual, update you can get directly from the website). Also, the version of Norton you have can also determine the effectiveness of removing/detecting viruses, so it would nice if you could give some input as to what version it is.

    Some other things you could do is install CCleaner, since you're file appears to be a trace amount left behind. This handy program removes temporary files, junk files, tracks left by files---the works, and it may be useful in this case. After running the tool and cleaning all the temp files, etc. update Norton to the max, then run another full system scan in safe mode. Afterwards, see if you can remove/delete, (remember, failed repair isn't the end of the world :p [unless the file is important to you]) and if not then the best thing you can do is quarantine until further updates.

    Hope that helps a bit.

    P.S What's shown there as a trojan horse is just what Norton generically calls this type of virus. A Trojan Horse is basically the same thing as a virus, except it acts differently in its ways of infecting your computer (like pretending its a harmless file, exploiting backdoors, or downloading viruses onto your computer while hiding, etc.).
     
  7. foolproof

    foolproof Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    26
    Thanks folks. This has been an interesting exercise. Let me say that if Norton hadn't said this was a "virus" and that its name happened to be "Trojan Horse," we wouldn't be having this discussion.

    I realize what TheQuest said about emptying the recycling bin was the simplest way to go. Neither am I squeamish about leaving things in quarantine.

    The update is that Norton went out and corralled the one file that got away (or rather was somewhat foolish let loose to allow it to be uploaded -- I didn't get this nickname for nothing). I looked for it in c:\recycler, without success, before telling Norton to recage it.

    So I'm finished now. Or at least I hope I am. Thanks all.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    foolproof, here's your 'Trojan Horse':-

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.html

    It is just malware with the general characteristics of a trojan that Norton does not have a specific name for and therefore 'generically' refers to it as Trojan Horse. To quote Symantec:-

    "Symantec antivirus programs use Trojan horse as a generic detection when detecting many individual but varied Trojan horse programs for which specific definitions have not been created."
     
  9. foolproof

    foolproof Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    26
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    Thx TopperID. I am, however appalled at Symantec's syntactic imprecision. It certainly doesn't further the cause of users being able to tell the difference between viruses and trojans when it, as the largest anti-virus producer, seems to be using the terms interchangeably.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,088
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    Hi foolproof,

    Its not syntactic imprecision. Today many AV products capture all kinds of nasties besides viruses: trojans, backdoors, worms, etc. Various techniques are used including signatures and heuristics. The fact that a number of variants use slightly different patterns that may be too difficult to put into a signature yet general enough to fall into the catchall trap of the pattern makes it somewhat difficult to classify the malware with more precision - its really a semantic imprecision or ambiguity, but entirely irrelevant since the malware is recognized and quarantined - which is what is important!

    -- Tom
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Ever Hear of a Virus Called “Trojan Horse”?

    It's unfortunate that Symantec refer to it in their information box as "the Trojan Horse virus", since they are using the word 'virus' to mean malware in general rather than applying the term specifically to self-replicating malware that infects within system files - which would be a true virus.

    Pure Trojans are not self-replicating and exist within their own files rather than attaching themselves into system files. The general public quite often think of 'bugs' as being 'viruses' whether they are or not, so Symantec is just pandering to common usage, which I suppose you could term 'syntactic imprecision'.
     
Loading...
Thread Status:
Not open for further replies.