Detecting and removing trojans and malicious code from Win2K
The amount of malicious code directed at Windows systems seems to be increasing on a continual curve . IRC bots, backdoor Trojans and worms abound. It seems that few Windows systems, particularly Win2K, are immune from infection, regardless of how diligent the user or administrator may be. Many posters to public lists continue to report Code Red and Nimda scans, as well as port scans for popular Trojan applications, on an almost weekly basis.
The flip side of this is that users and administrators are also reporting that their systems have been infected or "hacked", without having solid evidence to support their assumptions. Many times, the reported activity may be, in reality, normal activity of an application on the system.
The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it. This article will specifically address network backdoor Trojans and IRC bots, but the information delivered in this article should assist the reader in a variety of situations.
[ Read more ]