Effects Of Trojan Worm On Windows Vista Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The worm Trojan at first glance appears to be a useful program but actually do damage once installed or run on your computer. Those on the receiving end of a Trojan are usually pushed to open them, because they appear to be receiving genuine software or files from a genuine source. When a Trojan is activated on your computer, the results may vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, desktop icons, adding Silly active) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information is compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

Combating Viruses, Worms and Trojan Horses September 25, 2009


Trojan Worm can infect your Windows Vista computer systems very quietly, without you noticing in some cases. This has been tried several times without the system owner personification of infection until the system has non-stop crashing and restarting rings with blue screen.

What does the Trojan worm do?

• Windows Vista speed slows down:

If your computer system with departures to reduce both access and startup speed for no particular reason, beware you may have been infected by the worm Trojan. It is necessary that you should run scan your PC to detect attacks.

Other factors that could lead to slower speed if your system is in need of defragmentation. In a situation where you have defragmented your system, and yet there is no improvement so you can imagine hidden spyware or adware on your computer system

• Pop Display Ads in Windows Despite security software:

It is possible that you have some security software installed on your system and you are still experiencing strange pop up ads on your Windows Vista computer, you must consider if your system has actually been infected by worms Trojan. This is another warning sign that a hidden Worms

• inability to run CHKDSK in Windows Vista:

We will experience a situation where you cannot run Check Disk in Windows Vista system? The most likely cause of the inability to run the chkdsk is an infection of spyware. If that happens, after you schedule Windows Vista to run CHKDSK on reboot of the system, but beware of the skip trojand may already be in your system. The next thing to do is scan the system of infection immediately.

• Computer system suspended:

If your computer system running Windows Vista operating system is suspended either one of the possible causes is infection. It can be confirmed since the processor does not heat and it is the driver issue.

• Windows blue screen crash

If you experience sudden blue screen of death and your system begins to restart continuously nonstop, this is a sign of infection by the worm hidden Trojan. Taking note of the warning signs that you simply scan the system for worm attack Troy.

[1]How did I get infected?

Trojans are executable programs, which means that when you open the file, it will perform an action (s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual trojan filenames include: "DMSetup.exe" and "LOVE-LETTER-FOR- YOU.TXT. vbs "(when there are multiple extensions, only the last count, make sure to post your extensions so that you can see). More information on risk file extensions can be found at this Microsoft document.

Trojans can be spread in the form of literally everything people find desirable, like a free game, movie, song, etc. Victims typically downloaded the trojan from a WWW or FTP archive, got it via file sharing peer-to-peer using IRC / instant messaging / Kazaa, etc., or just carelessly opened some attachment. Trojans usually do their damage silently. The first sign of trouble is often when you say you are attacking them or trying to infect them!

How to get rid of trojans?

1.Clean Re-installation:

Although difficult, it will always be the only sure way to get rid of a trojan or a virus. Back up your entire hard disk, reformat the disk, reinstall the operating system and all applications from the original CD, and finally, if you are sure they are not infected, restore your user files from backup. If you're not up to par, you can pay for a repair service professional to do it.

2.Anti-Virus Software: Some of them can handle the most well known Trojans but none is perfect, regardless of their advertising claims. You absolutely MUST make sure you have the files very last update for your programs, or they will miss the last Trojans. Compared to traditional viruses, Trojan horses today are moving much faster and come in many forms apparently harmless, and then the anti-virus software is always going to catch up. In addition, if they fail to find any Trojans, anti-virus software can give you a false sense of security, as you go about your business without realizing that you are still dangerously compromised.

3. Anti-Trojan Programs: These programs are most effective against attacks of Trojan horse, because they specialize in the Trojans instead of viruses in general.

4.IRC help channels: If you're the type who needs hand-holding, you can find a Trojan / virus removal help on IRC itself, such as EFnet # dmsetup or DALnet # NoHack.

How to get rid of the virus Trojan warms?

1. Never download sites you are not 100% sure. In other words, do not accept everything from strangers. If you do a lot of downloading files, it is often just a matter of time before you are victim of a Trojan.

2. Even if the file is from a friend, you must always be sure that the file is before opening it, because many trojans will automatically try to spread to friends in an e-book mail or on an IRC channel. It is rarely the reason a friend send you a file that you do not ask. If in doubt, ask them first, and analyzes the attachment with a program fully updated anti-virus.

3. Beware hidden file extensions! Windows by default hides the last extension of a file, so that innocuous-looking "susie.jpg" could really be "susie.jpg.exe" - an executable trojan! To reduce the chances of being cheated, display pesky extensions.

4. NEVER use functions in your programs that automatically or preview files. These features may seem convenient, but they let anyone send you anything that is extremely dangerous. For example, do not turn on "auto DCC get" in mIRC, instead ALWAYS display any type of file you manually. Also, disable the preview mode in Outlook and other mail programs.

5. Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run programs or pre-made scripts (not even the popular ones). If you do this, you are potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm.

6. Do not be lulled into a false sense of security just because you run anti-virus programs. They do not protect perfectly against many viruses and Trojans, even when fully updated. The anti-virus programs should not be your first line of security, but they serve as backup in case something sneaks onto your computer.

7. Finally, do not download an executable program just to "check it out" - if it is a Trojan horse, the first time you run it, you're already infected.

(by Joseph Lo aka Jolo)[1]


Conficker.C is the latest variant of the worm Conficker. Exposure to Conficker.C is limited to systems that are still infected by the earlier variants and Conficker.A Conficker.B that function by exploiting the vulnerability MS08-067 Microsoft Windows Server Service. If the vulnerability is exploited, they could allow remote code execution when file sharing is enabled. Conficker fighting efforts to eradicate the planned creation tasks and / or using the file autorun.inf to reactivate.

Erik Larkin, PC World


Conficker spreads mainly through buffer overflow vulnerability in the Server service on Windows computers. The worm uses a specially designed RPC request to execute code on the target computer.

When run on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender,Windows Error Reporting. Users receives further instructions by connecting to a server or peers and receive a binary upgrade. The instructions may include receiving from spreading collect personal information and to download and install additional malware on the victim's computer. The worm attaches itself to some Windows files processes such as svchost.exe, explorer.exe and services.exe.

What does the Conficker worm do?

Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog box will show one additional option.

Symptoms :

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

1.Users are locked out of the directory

2.Access to the admin share declined

3.Scheduled jobs being created

4. Access to websites dedicated to safety blocked.

How did I get infected?

Depending on the specific variant, the worm can spread via LAN, WAN, Internet, or removable drives, and by exploiting weak passwords. Conficker disables several important services and system security products, and downloads random files. Computers infected by the worm to be part of an "army" of infected computers and could be used to launch attacks on websites, distributing emails, host phishing Web sites, or perform other malicious activities.

How to get rid of Conficker?

Steps to remove Conficker and prevent re-infection

We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading:

1. Install Microsoft Security Update MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

2. Clean infected systems, and restart

Use anti-malware solutions such as McAfee VirusScan Plus or covers for Endpoint to clean the infection. Using techniques such as behavior detection protection against buffer overflow in Host IPS to prevent future infections. This is important because Conficker can spread through the media devices such as infected USB drives. As the media are available, the system processes and executes the autorun.inf attack. For more information, read the document McAfee LabsTM '"The fight against Conficker Worm.

3. Identify other systems at risk of infection

You must determine which systems are at risk. The list includes systems that either are not patched against Microsoft MS08-067 vulnerability or to no proactive protection controls to mitigate the vulnerability.

4. Limit the ability of the threat spread Using Network IPS to strategic locations in your network will quickly limit the ability of the threat from spreading. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using behavioral controls.

How to get rid of the virus Conficker?

Microsoft provides a free tool conflicker Removal Tool, Malicious Software Removal (MSRT). You can use this tool Microsoft conflicker withdrawal if you find it difficult to manually remove Conficker. Apart from removing Microsoft conflicker tool, you can also consult other removal tools conflicker.

Another tool for removing viruses Conflicker: Symantec antivirus Conflicker

Symantec offers a removal tool Symantec conflicker.

Worms are malicious programs which are specially written to designed to attack the systems through system networks. Worm is a form of malware with viruses and Trojans. A person usually installs worms by accidentally opening a message or an attachment that hold the executable codes.

If worm is installed in system, it spontaneously generates e-mail containing additional copies of the worm. They can also open TCP ports to create holes in network security for other applications; they may try to "flood" the Local Area Network with false Denial of Service (DoS) data transmissions.

Being surrounded in a software system every day, worms are easily enters in to most of the firewalls and the other network security measures. Antivirus software's try to fight against worms and viruses. (By Bradley Mitchell, About.com Guide)

Computer Worm Examples:

The original worm was (perhaps accidentally) unleashed on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingered, and rsh / rexec to spread across the Internet.

The SQL Slammer worm founded in 2003 used the vulnerability in Microsoft SQL Server 2000 to spread across the Internet. Glossary Link Blaster worm also founded in 2003 used the vulnerability in Microsoft RPC DCOM to propagate.

The Melissa worm was founded in 1999, founded in 2003 to Sobig and Mydoom founded in 2004, all spread by e-mail. These lines share some characteristics of a Trojan horse; they propagate in a user attempting to open an infected attachment e-mail.

MyDoom also attempted to spread through peer-to-peer file-sharing application called Kazaa Link Glossary. Mydoom worms attempt a Denial of Service (DoS) attack against SCO and Microsoft.

Different types of Computer Worms:

Email Worms:

The spread is through infected e-mails. Any form of attachment or a link in an e-mail may contain a link to an infected site. In the first case the activation begins if the user opens the email and then clicks on the attachment as in the second case the activation of the worm starts after clicking on the link which is in the email.

Most familiar methods of transmission are:

Microsoft Outlook services

Direct connection to SMTP servers using their own SMTP API

Windows MAPI functions

This type of worm is known to harvest an infected computer for email addresses from various sources.

Windows Address Book database [WAB]

MS Outlook Address Book

The files with appropriate extensions will be scanned for e-mail as strings

Know that during spreading worms to build new sender addresses based on names as possible in combination with a common domain name. Thus, the address of the sender in the email does not need to be at the origin of the email.

Instant Messaging Worms:

The application is used by instant messaging applications by sending links to infected Web sites all on the list of local contacts. The only difference between these and email worms are the way chosen to send links.

Internet worms:

The Nasty. These will scan all available network resources using the local operating system and / or scan the Internet for vulnerable machines. It will attempt to connect to these machines and gain full access to them.

Another way is that scanning the machines still open for exploitation is not patched. Data packets or requests to be sent to install the worm or worm downloader. If the worm successfully execute and there he goes again!

IRC Worms:

Chat channels are the main target and the same infection / spreading method is used as above - sending infected files or links to infected websites. Email an infected file is less efficient than the recipient must confirm receipt, save the file and open it before infection takes place.

File sharing networks Worms:

Copies itself to a shared folder, usually located on the local machine. The worm places a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spread the infected file will continue.

How to prevent computer worms:

To help prevent infections and to get rid of worms:

* Use a firewall.

* Update operating system and software you use. (Use Windows Update to automatically update all Microsoft products.)

* Use antivirus and spyware, such as Microsoft Security Essentials, a free download from Microsoft.

* Please note that files attached to e-mail and links to websites.

* Use a standard user account instead of an administrator account.