Frequently Asked Questions

TrojanHunter Malware removal Malware and trojans - general questions

How do I manually update the TrojanHunter rule files?

Full instructions on how to do this are available at http://www.misec.net/trojanhunter/updating/

What may be the reason for not getting a reply when submitting files for analysis?

If you are using "spam protection" in the form of "sender has to click on a link before email is delivered to you" then that may be a reason for the reply not reaching you.

If you are a licensed user: Make sure that the email address you used when purchasing TrojanHunter is still working - all replies to file submissions are sent to the address you used when purchasing. If you have changed email addresses since purchasing, please email support@misec.net with your new email address and please include proof of purchase.

If you are not a licensed user: We receive several emails each day that just have the TrojanHunter scan report attached to them. Please understand that we need the actual "possible trojan files" that the scan report refers to to be able to analyze them. In other words, if TrojanHunter says that the file "C:\Windows\msgvx.exe" is a possible trojan file then you need to attach that file to the email. We generally do not have the resources to reply to emails with just the scan report attached and walk each user through the process of how to attach files to an email. Please also see I've been told to email trojan files to submit@trojanhunter.com. How can I do this? below for more information.

How do I reinstall the licensed version of TrojanHunter?

  1. Download the setup file for TrojanHunter from http://www.misec.net/products/TrojanHunter.exe
  2. Run the setup file and install TrojanHunter
  3. Have your license file emailed to you at http://www.misec.net/support/licensefile/
  4. Save the license file to the folder where you just installed TrojanHunter

How do I upgrade to the latest version of TrojanHunter?

Before upgrading to the latest version you can optionally uninstall the old version using Add/Remove Programs. This will save some disk space. Please note that if you choose to do this you must close TrojanHunter Guard and TrojanHunter Scanner before uninstalling or you will get error messages during the uninstallation.

To install the latest version of TrojanHunter:

  1. Download the setup file for the latest version here:
    http://www.misec.net/products/TrojanHunter.exe.
    Save the file in a convenient location, such as on your desktop.
  2. Run the setup file (TrojanHunter.exe) that you just saved. Follow the instructions provided by the installer. Please note that it is strongly recommended that you do not install into an existing directory (such as that for a previous installation).
  3. Copy your License.dat file into the directory where you just installed TrojanHunter. The License.dat file will be in your old TrojanHunter directory (it is not removed by the uninstaller). If you don't have the license file you can have it emailed to you at this page.
  4. Start TrojanHunter Scanner and Guard and verify that the program is licensed to you. (Start->Programs->TrojanHunter)

I've been told to reboot my computer into "Safe Mode" to be able to delete a malware file. How can I do this?

Windows 95, 98, ME:
  1. Restart the computer
  2. Watch the screen while it is black. After the BIOS memory check is done, start tapping the F8 key. If done right, the Windows boot menu will appear.
  3. Select Safe Mode from the menu. Starting Windows in Safe Mode may take several minutes
  4. When you have finished removing the malware, restart the computer and Windows will start in normal nmode
Windows 2000, XP:
  1. Restart the computer
  2. Watch the screen while it is black. After the BIOS memory check is done, start tapping the F8 key. If done right, the Windows Advanced Options Menu will appear.
  3. Select Safe Mode from the menu. Starting Windows in Safe Mode may take several minutes
  4. When you have finished removing the malware, restart the computer and Windows will start in normal nmode

I've been told to email trojan files to submit@trojanhunter.com. How can I do this?

If your email client is Microsoft Outlook Express:
  1. Click on Create Mail
  2. In the new mail window, select the menu item Insert - File Attachment
  3. Use the window that appears to browse for the file you need to attach. Once in the correct folder, select the file and click on the Attach button.
  4. Repeat previous two steps to attach additional files

If your email client is Eudora:

  1. Click on the New Message button
  2. Right-click anywhere in the message composition area and select Attach File
  3. Use the window that appears to browse for the file you need to attach. Once in the correct folder, select the file and click on the Attach button.
  4. Repeat previous two steps to attach additional files

If your email client is Mozilla Thunderbird:

  1. Click on the Write button
  2. In the new mail window, click the Attach button
  3. Use the window that appears to browse for the file you need to attach. Once in the correct folder, select the file and click on the Open button.
  4. Repeat previous two steps to attach additional files

I'm trying to attach a trojan to an email but can't find the file in Windows Explorer. How can I find the file to attach it?

The file is either hidden or has the "system" attribute set. You need to enable two options to see the file in Windows Explorer. Start up Windows Explorer and go to Tools->Folder Options. Select the "View" tab. Enable the options "Show hidden files and folders" and uncheck "Hide protected operating system files". Once you have emailed the file(s) you may want to set these options back to prevent important system files from being accidentally deleted.

My virus scanner found "Exploit-ObjectData" on my system. What should I do about this?

This issue is an exploit of a bug in Internet Explorer. The only way to make sure you are fully protected against this is to install the latest updates for Windows Update so that Internet Explorer is no longer vulnerable. This issue is covered in a Microsoft Security Bulletin located at http://www.microsoft.com/technet/security/bulletin/MS03-040.mspx

An "exploit", like this is basically uses a bug in a particular piece of software (in this case Internet Explorer) that allows for a remote attacker to execute code by exploiting the bug. Trojans installed through this exploit are detected by TrojanHunter but it is imperative that you patch your system as described above to close this hole in Internet Explorer.

My virus scanner found "Exploit-ByteVerify" on my system. What should I do about this?

This issue is an exploit of a bug in Microsoft's Java Virtual Machine (software that is used to execute Java applets). If your virus scanner tells you it has found a file with this exploit then you have likely visited a web page that attempts to exploit this bug. The only sure fix is to make sure that you have the appropriate patch installed for the JVM. Information on how to patch the JVM is available at http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

An "exploit", like this is basically uses a bug in a particular piece of software (in this case Internet Explorer) that allows for a remote attacker to execute code by exploiting the bug. Trojans installed through this exploit are detected by TrojanHunter but it is imperative that you patch your system as described above to close this hole in Internet Explorer and the Java Virtual Machine.

(This space intentionally left blank)