Jump to content

Anyway to Fix a File Infected with Trojan?


Recommended Posts

A legitimate file that has malicious code prepended, appended or cavity injected into it is deemed "trojanized" or patched.

This is similar to a file infecting virus.  However in the case of a file infecting virus, the infected file can, in turn, infect other files. In the case of a "trojanized" or patched files the infection stops there and they can not infect other files.

Malwarebytes' Anti-Malware ( MBAM )  is incapable of removing the malicious code.  At best, MBAM will try to replace the trojanized file with a backup copy that has not been infected.

This is actually one of the hallmarks that make the difference between an anti virus application and an anti malware application.  An anti virus application should be able to remove malicious code that has been prepended, appended or cavity injected into legitimate files.  The quality of which is determined by the anti virus application's ability to return the infected file to its preinfected state and its original preinfected checksum value.

While it is marginally possible for a legitimate file to become trojanized by more than one distinct trojan, it is very unlikely.  The more interesting case, which is much more likely, is when a trojan is infected with a file infecting virus.  This has been seen numerous times with IRC Bots that are infected with the Parite virus.  However it is possible that just about any trojan from the ZBot to a Fakealert can be infected with a file infecting virus.  I get fuzzy on this but if I recall, these may be known as a "Zapchast".

An important concept to realize is that a trojan is designed and created to be malicious from its inception.  A trojan in itself is not "infected".  It is the infector, It was designed to be malicious and can't be disinfected.  A file that was infected with a file infecting virus or has been trojanized can be disinfected.  However this is not always easy to do.

 

 

Edited by David H. Lipman
Edited for clarity and grammar
Link to post
Share on other sites

You have it backwards.

You can replace a trojanized file with an original copy of the file with no Trojans and then use the program without risk.

NOTE:  The OS can make this difficult as it tries to protect files that are a part of the OS.  Third party applications don't have this issue but, at the same time, they are not the tragets to be trojanized.  Windows core and kernel files are targets to be trojanized.  Thus many trojans, whose functionality is to trojanize OS files, will disable or corrupt the System File Checker ( SFC ) sub-system.

Link to post
Share on other sites

Okay, I'll keep that in mind and make sure SFC is running alright before trying any of this.

 

Thank you so much, you've been extremely helpful and have provided some very interesting information about these viruses.

 

So, before I try to figure this thing out I have one more question: I've been using a website called VirusTotal to help determine if files on my computer will have malware of any kind and it helped me find the trojanized file. Do you think it is accurate enough to completely assume that these files do indeed have trojans as it checks many different malware providers or do you think that I can take the risk anyways considering some of these anti-virus softwares don't detect the Trojan?

Link to post
Share on other sites

I haven't provided information on viruses.  I have provided information on malware where malicious code alters legitimate files.

Trojans are not viruses like a Chevrolet is not a Ford.  Both are kinds of automobiles just like viruses and trojans are both kinds of malware.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.