Backdoor Trojans, Are They Gone?

  • Thread starter Thread starter GaryLund
  • Start date Start date
G

GaryLund

When a computer gets a backdoor type trojan or worm, and an anti-virus
program detects and cleans the program file, how can I tell whether
anyone actually used the backdoor, and what they did to or on the
computer?

I do computer support for clients, and have been finding trojans or
worms of the backdoor type that let a remote computer run commands on
the client's computer. When a virus scan finds a backdoor type file,
and deletes it, is that the end of the danger? Or could a cracker
have loaded other bad files on the computer that the antivirus program
will not detect?

How can I be sure the computer is safe after that without wipeing the
hard drive and reloading everything back from scratch? That seems
like a very drastic and expensive solution. Is there a generally
accepted practice in these situations?

Thanks for any info.
-Gary
 
GaryLund said:
When a computer gets a backdoor type trojan or worm, and an anti-virus
program detects and cleans the program file, how can I tell whether
anyone actually used the backdoor, and what they did to or on the
computer?

in general, you can't... there might be a few that leave traces of what
was done but most won't...
I do computer support for clients, and have been finding trojans or
worms of the backdoor type that let a remote computer run commands on
the client's computer. When a virus scan finds a backdoor type file,
and deletes it, is that the end of the danger? Or could a cracker
have loaded other bad files on the computer that the antivirus program
will not detect?

other files may have been loaded, otherwise secure information like
passwords or credit info could have been leaked, the owner's identity
may have been stolen, etc...
How can I be sure the computer is safe after that without wipeing the
hard drive and reloading everything back from scratch? That seems
like a very drastic and expensive solution. Is there a generally
accepted practice in these situations?

the only real solution in this kind of situation is to rebuild the
system, and have the customer change all their passwords (not just on
their computer but for things like online banking, web mail accounts,
etc) and take whatever other steps they can to regain control over
whatever information or resources may have been compromised...
 
Back
Top