If you were referred here, you may have been "hacked" by a Trojan horse attack. It's crucial that you read this page and fix yourself immediately. Failure to do so could result in being disconnected from the IRC network, letting strangers access your private files, or worst yet, allowing your computer to be hijacked and used in criminal attacks on others.
by Joseph Lo aka Jolo, with much help from countless others
This page is part of IRChelp.org's security section at http://www.irchelp.org/irchelp/security/
updated Feb 22, 2003
Trojan horse attacks pose one of the most serious threats to computer security. If you were referred here, you may have not only been attacked but may also be attacking others unknowingly. This page will teach you how to avoid falling prey to them, and how to repair the damage if you already did. According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign". For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks like those that have virtually crippled the DALnet IRC network for months on end.
The following general information applies to all operating systems, but by far most of the damage is done to/with Windows users due to its vast popularity and many weaknesses.
(Note: Many people use terms like Trojan horse, virus, worm, hacking and cracking all interchangeably, but they really don't mean the same thing. If you're curious, here's a quick primer defining and distinguishing them. Let's just say that once you are "infected", trojans are just as dangerous as viruses and can spread to hurt others just as easily!)
Trojans are executable programs, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs" (when there are multiple extensions, only the last one counts, be sure to unhide your extensions so that you see it). More information on risky file extensions may be found at this Microsoft document.
Trojans can be spread in the guise of literally ANYTHING people find desirable, such as a free game, movie, song, etc. Victims typically downloaded the trojan from a WWW or FTP archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!
You must be certain of BOTH the source AND content of each file you download! In other words, you need to be sure that you trust not only the person or file server that gave you the file, but also the contents of the file itself.
Here are some practical tips to avoid getting infected (again). For more general security information, please see our main security help page.
Here are your many options, none of them are perfect. I strongly suggest you read through all of them before rushing out and trying to run some program blindly. Remember - that's how you got in this trouble in the first place. Good luck!
Clean Re-installation: Although arduous, this will always be the only sure way to eradicate a trojan or virus. Back up your entire hard disk, reformat the disk, re-install the operating system and all your applications from original CDs, and finally, if you're certain they are not infected, restore your user files from the backup. If you are not up to the task, you can pay for a professional repair service to do it.
Anti-Virus Software: Some of these can handle most of the well known trojans, but none are perfect, no matter what their advertising claims. You absolutely MUST make sure you have the very latest update files for your programs, or else they will miss the latest trojans. Compared to traditional viruses, today's trojans evolve much quicker and come in many seemingly innocuous forms, so anti-virus software is always going to be playing catch up. Also, if they fail to find every trojan, anti-virus software can give you a false sense of security, such that you go about your business not realizing that you are still dangerously compromised. There are many products to choose from, but the following are generally effective: AVP, PC-cillin, and McAfee VirusScan. All are available for immediate downloading typically with a 30 day free trial. For a more complete review of all major anti-virus programs, including specific configuration suggestions for each, see the HackFix Project's anti-virus software page [all are ext. links].
Anti-Trojan Programs: These programs specialize in trojans instead of general viruses. For the same reasons, some of these programs are effective against most trojans, but none of them will ever be effective against all trojans. A popular choice is The Cleaner, $30 commercial software, but be sure to see hackfix.org's configuration suggestions [ext. link].
IRC Help Channels: If you're the type that needs some hand-holding, you can find trojan/virus removal help on IRC itself, such as EFnet #dmsetup or DALnet #NoHack. These experts will try to figure out which trojan(s) you have and offer you advice on how to fix it. (See our networks page if you need help connecting to those networks.)
These files were referred to in the text above, and provide additional information.