[ Introduction ]
In the first part of this document, I will explain
the use of TFAK 3.0 and answer some common questions.
The second part will be about trojans, what they are,
how to detect them and how they can be
removed.
First I want to answer some common questions:
Q: Why does TFAK just detect 257 Trojans ? Other tools detect up to 1000.
A: First of all, this tool is freeware, and you pay
nothing for it.
This means I am not able to spend the money commercial companies
spent for searching trojans. Another reason is, that most
of the commercial tools also detect the client part of the trojans,
which can cause no damage, and are
only used by the intruders.
But in tests, this may sometimes give them a higher ranking,
but I don't want to be good in tests, I want to help you
get rid of trojans.
Q: I found a trojan, and TFAK deleted it, is
my system clean now ?
A: It should, but you should scan your system two or three days later again !
Q: I have a trojan, which TFAK does not detect, can I send you a copy ?
A: I hope you do so, helping me making this tool better and others
to get rid of this trojan ! Just send a copy to SnakeByte@kryptocrew.de
Q: Where to
find updates ?
A:http://www.kryptocrew.defor german speaking people and
http://www.kryptocrew.de/snakebyte/for everybody else... ;)
[ Disclaimer ]
I am not responsible for any loss of data or illegal
actions performed by/with this program !
This Program is
Freeware as long as you use it for your personal needs !
If you want to use this program in a commercial way it is not longer free !
Please contact me if you want to use it commercially, I will tell
you the price. With commercial use I also mean
things like scanning
your computers at work or placing this program on a CD-Rom you want
to sell ( even with magazines )
Contact Address: SnakeByte@kryptocrew.de
[ Topics ]
1.0) What is TFAK ?
2.0) The different Tools
2.1 + Remote Tools
2.11 - Control Trojans
2.12 -
Domainscanner
2.13 - Portscanner
2.2 + Local Tools
2.21a - Trojan Scanner
2.21b - Heuristic
2.22 - What is running ?
2.23 - What is autostarted ?
2.24 - Port Check
3.0) What are Trojans and how do they work ?
[1.0 What is TFAK ?]
Trojans First Aid Kit is a software package, which
is designed to help you control and remove trojans, which
might be on your system. In addition to this, it has the only
trojan scanner which is able to detect new, unknown trojans.
It
is able to detect and remove 257 different trojans, and
detects several file-joiner. It also provides the more
experienced User several tools, which allow him to detect and
remove trojans on his/her own.
[2.0 The different Tools]
+++ Remote Tools +++
2.11 - Control Trojans
This tool allows you to control a trojan on
remote computers or
on your own. It is included to show you what an attacker can do
on your PC, if you have a trojan installed. Please do not
misuse this for illegal aktions !
2.12 - Domainscanner
This tool let's you scan IP-Ranges for open Trojan ports.
It is thought for scanning your network to detect possible
trojans, not for finding infected users on the internet, even
if it could be used for that.
2.13 - Portscanner
Shows you all open ports on a remote computer. This allows
you to detect possible trojans on other PC's. In contrary to
the domainscanner, this tool scan's just one IP, but all of the
ports.
+++ Local Tools +++
2.21a - Trojan Scanner
This Trojan Scanner detects 257 different remote access trojans
and several
file-joiners. It is designed to keep your system
clean of unwanted guests. Not only will the file be deleted,
also possible autostart-methods will be removed, so the trojan
will leave no tracks.
2.21b -
Heuristic
The heuristic is a unique system ! It is the first and only heuristic
Engine which is able to detect new, and therefore unknown trojans,
which are not included in the database, by checking autostarted
files, for
common indicees, which apply to trojans. Only experienced
users should use this !
2.22 - What is running ?
This is also meant for the more experienced, it shows you all
currently running
tasks. And provides the possibility to
end them. If you find something suspicious here, and
want to delete the file, you need to end the task first !
2.23 - What is autostarted ?
Another
tool which is not meant for the rookie ;)
It offers you the possibility to see all files, which
gets automatically started with windows. You can
remove them from the list, but be aware, that you do not
remove something which is neccessairy
for your system to run !
2.24 - Port Check
Remote Access Trojans, listen on specific ports for incomming
commands. By checking which of your ports are used, you may detect
trojans.
[3.0 What are Trojans and how do they work ?]
A trojan is normally divided in two, sometimes three parts.
The first part is the Server, which gets installed on remote systems,
this is
the real trojan, you need to get rid of. The second part is
the client, a user interface, which makes it easy for the attacker to
steal you passwords and control your PC. Sometimes there is another
part, the Editor, which allows the attacker to
change the settings of
a trojan, like ICQ-Notification when you are online, or letting him
enter a E-Mail address, the trojan sends your passwords to.
When you execute a trojan on your system, it copies itself to a secret
location on your
harddisk, and changes some settings in the
windows registry (or some files) so that it gets autostarted
everytime with windows. Then it opens a TCP or UDP Port and waits
until an attacker connects your PC. Once there is one, the trojan
executes all commands the attacker sends him.
When your ISP-Bill is very high, someone may have ripped your
dialup passwords with the help of a trojan, then you should scan
your PC. ( Don't forget to change the passwords *g* )
Other
indicees for trojans are:
- Strange behaviour of CD-Drive
- Unknown Messageboxes, Errors
- Loss of files
- Changed Settings