by Lee Mathews

Created on: May 29, 2008

If you've got a trojan on your computer, step one is to get it out - not to learn how to prevent it. If it's on your machine, the damage is done, and it's time to clean up - AND FAST!

Trojans pose a huge security risk to any computer user, even us tech guys that are "in the know." The methods of deploying a trojan have become so numerous and stealthy that it's possible for just about anybody to wind up with an infection. Let's have a look at some tools that will help you get rid of a trojan once you've got it.

1) Avast! Home Free Edition: this is priority one. Avast has a DOS mode scan that can be set to run IMMEDIATELY after the initial install, so it's my first attack when going after a trojan on someone's computer. Get it here: http://www.avast.com/eng/download-avast-home.html.

At the end of the install, you'll see an option to schedule a startup scan. Make sure you tell it yes, you want to run the install, and then let it reboot your screen. Before Windows boots this time you'll see a blue screen and a bunch of scanning messages from Avast! will scroll by. If you're prompted to remove something, ALWAYS answer yes. I've never had Avast misdiagnose a file yet, and I've don hundreds of scans with it. Even if you get a warning about the file being in a certain area, make sure you say yes to remove it!

This will catch MOST things, not all. Once you're back in Windows, it's time to grab tool #2 and 3...

2) SmitFraudFix: SmitFraud is a particular "group" of infections, and it's pretty common. Thankfully, there's a more or less automatic way to rid yourself of it. Get it here: http://siri.geekstogo.com/SmitfraudFix.php.

3) Ccleaner: Ccleaner will help you clean up your temp files, where trojans often leave some nasty remnants. Grab it now from here: http://www.ccleaner.com/download.

To run these, you'll want to boot your system into safe mode. Here's how to do that:

Click start and then run, and type: msconfig in the box, then hit enter. When the screen opens, click on the tab marked boot.ini and check "safeboot." Click ok, then choose to restart now.

When the system boots in safe mode, click on your account login and then find the SmitFraudFix icon and run it. Do option 4 first (check for updates) to ensure you're running the most current files. Next, run 3, then 5, then finally 2. That sequence has proved more effective to me than running 1-2-3-4-5 in order.

You need to run SmitFraudFix on EVERY account, just in case. It usually infects the whole PC, not just one account. If you need more help with it, read the tutorial on the download page.

With SmitFraudFix done, run Ccleaner to remove the leftovers. Click the button marked "run cleaner" and then click ok to the warning. Again, do this on EACH account.

Now run msconfig again, go back to boot.ini, and take the check OUT of "safeboot." Click ok, then restart.

You're back in regular mode, and should be Trojan free.

If you're not, it's probably time to backup and reformat. Trojans are just too risky to get by with a partial removal. For more tips on how to do this, check into my articles page this weekend (5/30/2008).

Learn more about this author, Lee Mathews.
Click here to send this author comments or questions.