How Do I Get Rid of The Trojan Horse Virus: A DIY Trojan Remover's Guide

How do I get rid of the Trojan horse virus

Basically I am aware of 4 ways everyone can use to get rid of the trojan horse virus.

  1. Buy a new computer (you won't believe me but it works!).
  2. Call a techie and (s)he will repair your computer for a beer.
  3. Get a bunch of commercial anti-malware programs and spend a day running endless scans. Usually it works though costs a small fortune.
  4. Read this hub, download recommended tools and you'll find the right answer to the question "how do I get rid of the trojan horse virus?".

As you may have guessed, I'm going to concentrate on #4.

#1: MS MSRT

Obviously it makes sense to start the fight with Trojans using Microsoft Malicious Software Removal Tool. If your PC is set to receive Automatic Updates, then most probably the Tool is there and ready to be used.

  1. Click Start-->Run
  2. Type in mrt and click OK.

Ideally the Tool should start, but if you experience an error then probably you will have to download it manually.

How to download the Microsoft Malicious Software Removal Tool.

MSRT is over 11 Megabytes in size.

MSRT Welcome Screen
MSRT Welcome Screen

Obviously you need to click 'Next" to proceed. You will be brought to Types of Scan. Usually choosing Quick Scan is recommended because the Tool knows where to look for Trojan Horse viruses. Quick Scan takes several minutes to complete. MSRT will provide a report after scan is complete.

Microsoft tool sometimes is very helpful. For example, it can detect and remove Conficker worm (also known as Downup and Kido) and repair Internet connection settings. But it doesn't remove hidden rootkits, so it's important to run a different tool after MSRT scan.

How do I get rid of the Trojan horse virus with Microsoft MSRT
How do I get rid of the Trojan horse virus with Microsoft MSRT
Malicious Software Removal Tool found no infections on my PC
Malicious Software Removal Tool found no infections on my PC

#2: DrWeb CureIt

DrWeb CureIt is a free scanner from the makers of DrWeb Antivirus. CureIt comes with classic Windows interface and is extremely easy to use. Upon downloading a 18 megs file you will have to execute the program pr99pv2x.exe. It will display to options: Update and Run a scan. If you download CureIt from the DrWeb's website, your copy is the latest one and there's no need to click "Update" button. Press "Scan" instead and you will be informed about scanner's routine. Click 'OK' to proceed. The Express scan will begin automatically.

DrWeb CureIt will check system memory, boot sectors, startup environment, Windows system folder and other common places where trojan horse virii like to seek a shelter.

Express scan can be paused or stopped manually. Additionally, there's an option to switch to Complete scan (will check all files) or Custom scan (will check user-specified folders and drives).

Found pieces of malware can be deleted using the Object box.

Download DrWeb CureIt:

http://www.freedrweb.com/cureit/?lng=en

DrWeb CureIt Scanner for Windows
DrWeb CureIt Scanner for Windows

#3: Sophos Anti-Rootkit

Sophos has been kind enough to release it's Anti-Rootkit tool. Rootkits are terribly nasty things when it comes to compromising computer security. Hard to detect and even harder to remove, they remain unnoticed on otherwise healthy computers. Sometimes removal of a particularly stubborn malware turns into an endless battle. You perform system scan, remove found pieces of malware, restart Windows resting assured it's clean from now on, and suddenly notice same pieces of malware present on next scan! Rootkits can be blamed for restoring deleted infections.

Although software listed above is very helpful in cleaning out nasty malware, it is not a bad idea to perform anti-rootkit scan as well.

Sophos Anti-Rootkit supports Windows NT/2000/XP/Vista/7, as well as Server platform, both 32-bit and 64-bit editions.

Download Sophos Anti-Rootkit (requires filling in a free registration form):

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

(NOTE: interpreting scan results can be a tough task for inexperienced users. Please never remove items which functions you don't know! Consult someone savvy who will assist you in deleting rootkits but not system-critical files).

EMSISOFT anti-malware command-line scanner

While I firmly believe EMSISOFT shouldn't have discontinued the free version of a-squared anti-malware, I give them thumbs up for continued support of command-line anti-malware scanner.

All user-input is performed in a DOS-like black window, but below I will show you how easy it is!

A command-line scanner uses much less system resources than software with GUI. You can run it in Windows Safe Mode where few programs can be launched. In my humble opinion backed by years of experience, nothing beats a good ol' command-line scanner when it comes to fighting trojan viruses. You either win or lose. With CMD at hand, chances of winning are higher.

So go to EMSISOFT website and grab an 90 Megabytes archive:

http://www.emsisoft.com/en/software/cmd/

Once downloaded, unpack the file uzing WinRAR, 7-Zip or any other unzip software (if my memory serves me right, Windows has some sort of built-in unzipper as well). You should have a file and a folder now similar to those in the screenshot below.

EMSISOFT anti-malware command-liner scanner downloaded and unpacked
EMSISOFT anti-malware command-liner scanner downloaded and unpacked

You can now delete a2cmd.zip folder.

Inside a2cmd folder you'll find many files, but you don't have to double-click a2cmd.exe in order to launch the program. It won't!

To launch this cool software, go to Windows Start button, click CMD (Window 7 users, type CMD in Search box to get the link), type in CMD and hit OK. XP users should run CMD under account with administrative privileges, Windows 7 users should open CMD with administrative privileges.

If you downloaded a2cmd.zip to C:\ drive (which I assume by default), follow this guide. If you unpacked the archive to another drive (say, D:\ or F:\), replace the letter with that of a drive where unzipped folder is located.

In CMD window, type in:

cd ..

(note a space after d and before two dots)

and hit Enter. Repeat this step until you're in the root of C:\ drive

Now type in:

cd a2cmd

(Note a space after d and before a)

Congrats, the difficult part is over! Now will shall launch the anti-malware scanner.

EMSISOFT offers 3 types of scan: QUICK, SMART and DEEP. For an infected computer, quick scan is of little help, so I suggest that you should go either for SMART or DEEP scan.

Type in:

a2cmd /smart

and hit Enter key.

EMSISOFT anti-malware command-line scanner SMART scan setup
EMSISOFT anti-malware command-line scanner SMART scan setup
EMSISOFT anti-malware command-line scanner SMART scan running
EMSISOFT anti-malware command-line scanner SMART scan running

EMSISOFT will start a smart scan. The program's digital eyes will carefully inspect important folders. SMART scan is good and fast, however should it pick up trojans, follow with DEEP scan!

To use the scanner in DEEP mode, type in the following commands (leave a space after each slash).

EMSISOFT anti-malware command-line scanner DEEP scan setup
EMSISOFT anti-malware command-line scanner DEEP scan setup

Note the /q= parameter. It specifies the location of a folder where all detected infections will be moved. I've named the folder EMSISOFTQuarantine and placed it on C:\ drive, but you're free to label the folder any way you like. Just type the label in ONE word, like I did in the example below.

EMSISOFT anti-malware command-line scanner SMART scan running
EMSISOFT anti-malware command-line scanner SMART scan running

In this example, a deep scan will be performed with the following parameters. I've put the corresponding switch to the right of a given explanation.

  • memory will be scanned (incl. all running processes) - /m switch
  • program will look for Spyware traces - /t switch
  • Heuristics scan for unknown Malware - /switch
  • program will look for Alert Riskware - /r
  • program will scan NTFS Alternate Data Streams - /n (makes scan longer but is worth it in case with Trojan viruses)
  • this is where detected nasties will be put - /q=[C:\EMSISOFTQuarantine]

You decide what to do with that folder after it's filled up with malicious crap!

Every time you download a command-line scanner from EMSISOFT website you get an archive packed with latest signatures. But downloading a 90 Megs file each time can be time-consuming and bandwidth-exhausting. Is there a way to update the software?

Yes there is!

Use the Update switch /u to download latest signatures. EMSISOFT will put all downloaded data into its folder a2cmd, so all you have to do is to type in /u and hit Enter. Once finished, you can use the scanner resting assured it is bundled with up-to-date anti-malware definitions.

Isn't EMSISOFT generous enough? I bet you'll have hard time finding a similar tool with command-line interface for Windows platform that is free for private use.

EMSISOFT command-line anti-malware Update switch
EMSISOFT command-line anti-malware Update switch

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware, just like most other security software makers, offer a free online scanner. Internet Explorer users can use the scanner right within the browser. Firefox addicts will have to download a file with .com extension (mine was SAS_2888.COM) and execute it like any other file by double-clicking.

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Online Safe Scanner
SUPERAntiSpyware Online Safe Scanner
SUPERAntiSpyware Online Scanner Start
SUPERAntiSpyware Online Scanner Start

A .com file will launch a welcome screen. Use 'Click here to start' button to get to program options. Overall, this is very similar to SUPERAntiSpyware Free Edition, with main difference being that you don't have to go through installation procedure. You can even use Update feature here, too!

Click 'Scan your Computer...' to select drives or areas you want checked for malware presence. A Complete Scan is recommended for computers infected with various parasites.

Go to SUPERAntiSpyware Online Safe Scan:

http://www.superantispyware.com/onlinescan.html

SUPERAntiSpyware Online Scanner Options
SUPERAntiSpyware Online Scanner Options

Final notes

This is the simplest answer to the question "How do I get rid of a Trojan virus?" that comes to my mind. Just don't panic and don't hurry to spend your money on all kinds of super-duper Trojan Horse removers. Use all the tools recommended above and most likely your problem will get solved.


More by this Author


Comments 15 comments

Vizey profile image

Vizey 6 years ago

Hey girl,your hub is very informative.. nice to know many things about the virus.. thanks for sharing..


Info Help profile image

Info Help 6 years ago from Chicago

Your hub is fantastic! I am going to bookmark this so I can print it out later, if that is possible! I definitely have had my share of dealing with viruses! I am a fan :)


Skitt 6 years ago

Hi, I enjoy reading your hub, but I have a problem with my system. I used AVG 9 to scan my system and seven viruses were detected, six were removed and only one is still present(Trojan HorseFakeAlert.sk). I'm a bit confused should I run online scan or can I use Microsoft malicious software remover together to rescan my system in order to remove the Trojan. Can both softwares AVG and MMSR work together without crashing the system?

Please reply.


charlemont profile image

charlemont 6 years ago from Lithuania Author

Skitt, since MSRT probably is already installed on your system, there's no reason not to use it. However this is a narrow-targeted tool meant to fight only a bunch of malware.

So running online virus scanner is a good idea. Something like ESET, Bit Defender or a-squared hopefully will detect the remaining nasty.

http://hubpages.com/technology/Top-Free-Online-Vir


Chuck RitenouR profile image

Chuck RitenouR 6 years ago from Front Royal, Virginia

very insightful. thanks


Elizabeth (MeMe) profile image

Elizabeth (MeMe) 6 years ago from Live Oak, Fl.

You post was very helpful and interesting.


Neil Sperling profile image

Neil Sperling 5 years ago from Port Dover Ontario Canada

Very well researched and written -- plus helpful - Thanks


dtchosen profile image

dtchosen 5 years ago from Dumaguete City, Philippines

I use SDfix with my PC and it works like a charm. Nice hub :)


edmon 5 years ago

i'm unable to download sdfix


charlemont profile image

charlemont 5 years ago from Lithuania Author

edmon, it looks like SDFix has been discontinued. I'll update the hub to remove parts that relate to SDFix. Thanks for bringing my attention to it!


edmon 5 years ago

thanks, I appreciate the prompt response


tugbo200-5 5 years ago

Great hub,I feel Avast beats AVG hands down.

Peace


Nell Rose profile image

Nell Rose 5 years ago from England

Hi, this is great! I will bookmark it, anything like this is a great help, cheers nell


Computer Repair Melbourne 4 years ago

A Trojan horse is a non-self-replicating program, it deceives the user by pretending to do a desirable action for that user, but instead it opens backdoors facilitating unauthorized access to the infected computer. Thanks.

Computer Repair Melbourne


Jester98 profile image

Jester98 4 years ago

Yeah some nice pointers. I swear by Trojan Remover from simply sup. I have to check out the first Microsoft one you listed pretty neat!

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working