How to remove Trojan malware without a Trojan signature

When it comes to removing Trojans, having strong infection-remediation practices is key. Threats expert Nick Lewis gives tips.

Our enterprise is experiencing an ongoing outbreak of "TROJ_FAKEAV.SM10".  While our antivirus program seems to always clean or quarantine the files in question, they keep popping up, and have been for several weeks now.  I have researched this and can't find a way to stop these infections from occurring.  (For example, there is not one specific patch that claims to block this threat.)  Do you have any specific ideas on how to deal with a Trojan for which there are noeffective antivirus signatures?

Patches typically don’t directly block malware from executing, but they may stop malware from completely taking over a computer. You need to stop the malware from initially running on your systems to prevent the infections. You may want to re-evaluate your remediation procedures to determine if they can remove Trojan malware effectively. Are you rebuilding systems after they get infected and keeping the operating system and all applications patched? Are you sure the systems are not infected with rootkits that are disabling your antimalware software, thus keeping it from detecting the malware with a Trojan signature and then allowing machines to be re-infected with a new variant? On some of your systems that get re-infected, you might want to try a different antimalware program or use different host-based security software to see if it's more successful.

If the host-based security controls have proven to be ineffective, you may want to explore network-based security controls for blocking malware. There are several different types of network appliances that can be used to block malware from infecting systems on your local network like a dedicated antimalware appliance, a Web proxy with antimalware functionality, or a firewall with antimalware functionality. These appliances add to defense-in-depth and help protect systems with less effective antimalware software or no antimalware software at all. The appliances can inspect HTTP/S, application-based protocol, or use other methods to block malware. If you do evaluate a network appliance, you may want to ensure the antimalware detection methods or engine is different than what is currently in use for maximum defense in depth, or that you understand how the network appliance will aid the effectiveness of the host-based defenses.

This was last published in September 2011

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.