What is the best anti-trojan software?

Hi

I just got som nasty trojan, my AV is detecting it but can not eliminate it. Neither SpyBot or Adaware can even find it. I wonder, what is the best anti-trojan software these days?

 

I tried Trojan Hunter trial version and it found and removed this trojan, let´s see if it comes back. A also see that SuperAntyspyware is free. Is it good against trojans? Or maybe BoClean which is also free? Maybe something else? Help me out, please?

 

SAS free and also A-Squared free have detections for trojans.

 

What AV will not remove it?

Anyway, I would use BOClean or SuperAntiSpyware PRO. I believe both are good. I give the edge to SAS Pro but BOClean for free is hard to beat.

(I don't care for the EULA on BOClean either).

 

Does this trojan have a name? And what AV found (and named) it? And where in the computer is it? (eg: C:\Windows\System32\Zolob tr-J downloader)
Different AV's often have different naming protocols, the same malware might have a few different names. Hence the reason for knowing the AV.
The application best suited to it's removal quite possibly depends on the answers.

 

Hi

Thanks for your replies.
First i ised Bitdefender AV and it found nothing but since i knew something was wrong i did online virus scan with F-Secure AV.
F-secure found a file in C:\WINDOWS\VGRAPH.DLL, it was infected by W32\Smalltroj.BGKG.
F-secure deleted it but it came back after every restart in different locations like Systeme Volume etc. After a couple of scans F-secure couldnt no longer even find it. But i had same problems. my Internet dissconects, pages can not be displayed, very slow internet....Then i tried Trojan Hunter trial version and it found a trojan in C:\WINDOWS\$NtServicePackUninstal$\notepad.exe. I cant remember what TH called it, something like "small".
After another scan with TH i just got the info that a possible trojan exists on my comp. but no further instructions or location.

Is that Boclean only real-time scanner?

Well, any help would be great.

 

Avast is pretty good at handling trojans.
60 day trial.

BOClean does too but I no longer use it for several reasons.

Or maybe try Norton AntiBot/Primary Responce SafeConnect.

Good Luck.

 

If you find malware in the System Volume folder then the only way to remove it is to disable System Restore, then reboot, and enable SR. You can then re-scan with the trial version of TH or your present AV.

I would also recommend a final backup scan with Dr Web's CureIt .

 

HI

I did disable System Restore but this thing is coming back with different names. I tried SAS but nothing, F-secure is detecting it again but it still comes back. I´ll try now Boclean and Dr.Web that you sugested.

 

Lanchi,
I would be interested in what kills it. Please post back. I consider these types of threads real world. Far better then some test results.

 

I will but it might take a couple of days since i´m never sure. The last F-secure scan was clean and those problems i had seem gone but it happened before and than it came back. I hope i can sort it out what kills it since i´m trying many different programs.

 

The best AT scanner for this type of situation is AVG-AS/ewido (BOClean is realtime, it is not a demand scanner). You need to run it in safe mode though.

Failing that I would try one of these Rootkit scanners:-

https://www.wilderssecurity.com/showpost.php?p=1059533&postcount=7

PS. VGRAPH.DLL is a known baddie:-

http://www.fileresearchcenter.com/V/VGRAPH.DLL-6865.html

 

This VCRAPH.DLL seems to be pretty well known.
If you have HijackThis, and run a scan, and find this entry, Id delete it.

O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll"

Would also suggest running some scans in safe mode with the aforementioned AVG (Ewido) Antispyware, and/or Superantispyware, and/or Asquared.

Avast is good, in part because it has the ability to schedule a boot scan, which is superb for removing known difficult malware, because it usually hasn't had time to load/protect/cloak itself.

Repeat scans in "safe" until no more malware is found, with at least 2 different scanners. (This may take a while...1-2 hours, depending on the HD size.)

Quarantine anything found. See how it goes. (With this sort of cleaning, it is wise to investigate files with an online checker like VirusTotal. If you quarantine the "wrong" false positive, it's possible to prevent your system working.)

Certainly wouldn't hurt to do a rootkit scan, with one of those mentioned above, too. If not technically minded (like me) try the AVG one. Some of the others need a bit of knowledge to safely interpret the results.

 

Yes, worth a shot with this one.(Why did'nt I think of it )

(but Avast should still be considered also if all else fails)

 

Did you try SAS PRO (nlot the free version)? The Pro version has first chance prevention which should prevent the malware from reinstalling on re-boot.

 

Not a cure but possibly for future prevention of trojans, DSA could be something to look at. It did pretty well recently in stopping trojans thrown at it.


http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm


The verdict-

http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm

 

I would recommend Trojan Hunter. It's easy to use, resource efficient and has outstanding trojan detection and removal capabilities. The latest release, version 4, introduces an improved scanner plus many minor improvements. Also, Ewido took just under two minutes to scan a test directory of around 6000 files, about the same as Trojan Hunter.

 

I've also been using TrojanHunter for years now and it's never let me down.
It's very light on resources, scans thoroughly and quickly, and nothing gets by it.

 

Same here so + 1 for TH. And I believe that the upcoming TH 5 will be even better.

 

Perhaps you might be interested in a teaser screenshot then

TrojanHunter 5 running in advanced mode: http://uk.misec.net/images/TrojanHunter5.png

 

Hi Magnus

Thanks...but you are cruel. Looks interesting. Any way of assisting with the beta when available...if it is not already out?

 

Make sure you check http://www.misec.net/forum/board/TH5Beta - the first public beta will be ready soon, and a post will be made there when that happens.

To give you some more information on just one of the improvements in TrojanHunter 5: The new scan engine now uses dynamic file recognition to identify file formats. This means that executable files will be scanned as such no matter what extension they have. As an example: A direct result of this is that scanning inside RarSfx executables is now supported (the file recognition module identifies and tags such files as "exe, pe, rarsfx"). This will improve detection of certain IRC bots immensely as they often make use of RarSfx archives.

 

Thanks...I can hardly wait.

 

Finally looking a lil better. Not that looks determine a program's effectiveness but
a pay software should present itself a lil better. Thanks. Can't hardly wait myself. Might be the right replacement for Boclean but is it just as good? I know it's on demand scan is pretty good as always.

 

I think that my problem is solved. It´s been a copule of days now and everything works ok. All scans are clean as well. It was either Trojan Hunter or F-secure that killed this trojan , or combination of those two. I tried some software that some of you suggested but I think trojan was already gone so they found nothing. Thanks everybody.