What is the best anti-trojan software?

Discussion in 'other anti-trojan software' started by Lanchi, Aug 18, 2007.

Thread Status:
Not open for further replies.
  1. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    Hi

    I just got som nasty trojan, my AV is detecting it but can not eliminate it. Neither SpyBot or Adaware can even find it. I wonder, what is the best anti-trojan software these days?
     
  2. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    I tried Trojan Hunter trial version and it found and removed this trojan, let´s see if it comes back. A also see that SuperAntyspyware is free. Is it good against trojans? Or maybe BoClean which is also free? Maybe something else? Help me out, please?
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    SAS free and also A-Squared free have detections for trojans.
     
  4. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    What AV will not remove it?

    Anyway, I would use BOClean or SuperAntiSpyware PRO. I believe both are good. I give the edge to SAS Pro but BOClean for free is hard to beat. ;)

    (I don't care for the EULA on BOClean either). :(
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Does this trojan have a name? And what AV found (and named) it? And where in the computer is it? (eg: C:\Windows\System32\Zolob tr-J downloader)
    Different AV's often have different naming protocols, the same malware might have a few different names. Hence the reason for knowing the AV.
    The application best suited to it's removal quite possibly depends on the answers.
     
  6. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    Hi

    Thanks for your replies.
    First i ised Bitdefender AV and it found nothing but since i knew something was wrong i did online virus scan with F-Secure AV.
    F-secure found a file in C:\WINDOWS\VGRAPH.DLL, it was infected by W32\Smalltroj.BGKG.
    F-secure deleted it but it came back after every restart in different locations like Systeme Volume etc. After a couple of scans F-secure couldnt no longer even find it. But i had same problems. my Internet dissconects, pages can not be displayed, very slow internet....Then i tried Trojan Hunter trial version and it found a trojan in C:\WINDOWS\$NtServicePackUninstal$\notepad.exe. I cant remember what TH called it, something like "small".
    After another scan with TH i just got the info that a possible trojan exists on my comp. but no further instructions or location.

    Is that Boclean only real-time scanner?

    Well, any help would be great.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Avast is pretty good at handling trojans.
    60 day trial.

    BOClean does too but I no longer use it for several reasons.

    Or maybe try Norton AntiBot/Primary Responce SafeConnect.

    Good Luck.
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    If you find malware in the System Volume folder then the only way to remove it is to disable System Restore, then reboot, and enable SR. You can then re-scan with the trial version of TH or your present AV.

    I would also recommend a final backup scan with Dr Web's CureIt .
     
  9. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    HI

    I did disable System Restore but this thing is coming back with different names. I tried SAS but nothing, F-secure is detecting it again but it still comes back. I´ll try now Boclean and Dr.Web that you sugested.
     
  10. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Lanchi,
    I would be interested in what kills it. Please post back. I consider these types of threads real world. Far better then some test results.
     
  11. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    I will but it might take a couple of days since i´m never sure. The last F-secure scan was clean and those problems i had seem gone but it happened before and than it came back. I hope i can sort it out what kills it since i´m trying many different programs.
     
  12. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  13. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    This VCRAPH.DLL seems to be pretty well known.
    If you have HijackThis, and run a scan, and find this entry, Id delete it.

    O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll"

    Would also suggest running some scans in safe mode with the aforementioned AVG (Ewido) Antispyware, and/or Superantispyware, and/or Asquared.

    Avast is good, in part because it has the ability to schedule a boot scan, which is superb for removing known difficult malware, because it usually hasn't had time to load/protect/cloak itself.

    Repeat scans in "safe" until no more malware is found, with at least 2 different scanners. (This may take a while...1-2 hours, depending on the HD size.)

    Quarantine anything found. See how it goes. (With this sort of cleaning, it is wise to investigate files with an online checker like VirusTotal. If you quarantine the "wrong" false positive, it's possible to prevent your system working.)

    Certainly wouldn't hurt to do a rootkit scan, with one of those mentioned above, too. If not technically minded (like me) try the AVG one. Some of the others need a bit of knowledge to safely interpret the results.
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Yes, worth a shot with this one.(Why did'nt I think of it :eek: )

    (but Avast should still be considered also if all else fails)
     
  15. besafe

    besafe Registered Member

    Joined:
    Mar 29, 2007
    Posts:
    222
    Did you try SAS PRO (nlot the free version)? The Pro version has first chance prevention which should prevent the malware from reinstalling on re-boot.
     
  16. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
  17. wisepeter

    wisepeter Lurker

    Joined:
    Aug 21, 2007
    Posts:
    1
    I would recommend Trojan Hunter. It's easy to use, resource efficient and has outstanding trojan detection and removal capabilities. The latest release, version 4, introduces an improved scanner plus many minor improvements. Also, Ewido took just under two minutes to scan a test directory of around 6000 files, about the same as Trojan Hunter.
     
  18. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I've also been using TrojanHunter for years now and it's never let me down.
    It's very light on resources, scans thoroughly and quickly, and nothing gets by it.
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    Same here so + 1 for TH. And I believe that the upcoming TH 5 will be even better.:thumb:
     
  20. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Perhaps you might be interested in a teaser screenshot then :D

    TrojanHunter 5 running in advanced mode: http://uk.misec.net/images/TrojanHunter5.png
     
  21. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    Hi Magnus

    Thanks...but you are cruel;). Looks interesting. Any way of assisting with the beta when available...if it is not already out? :)
     
  22. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Make sure you check http://www.misec.net/forum/board/TH5Beta - the first public beta will be ready soon, and a post will be made there when that happens.

    To give you some more information on just one of the improvements in TrojanHunter 5: The new scan engine now uses dynamic file recognition to identify file formats. This means that executable files will be scanned as such no matter what extension they have. As an example: A direct result of this is that scanning inside RarSfx executables is now supported (the file recognition module identifies and tags such files as "exe, pe, rarsfx"). This will improve detection of certain IRC bots immensely as they often make use of RarSfx archives.
     
  23. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    Thanks...I can hardly wait.:D
     
  24. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Finally looking a lil better. Not that looks determine a program's effectiveness but
    a pay software should present itself a lil better. Thanks. Can't hardly wait myself. Might be the right replacement for Boclean but is it just as good? I know it's on demand scan is pretty good as always.
     
  25. Lanchi

    Lanchi Registered Member

    Joined:
    May 4, 2004
    Posts:
    17
    I think that my problem is solved. It´s been a copule of days now and everything works ok. All scans are clean as well. It was either Trojan Hunter or F-secure that killed this trojan , or combination of those two. I tried some software that some of you suggested but I think trojan was already gone so they found nothing. Thanks everybody.
     
Thread Status:
Not open for further replies.