How to track and clear the system from trojan virus?

[Akaashath]

After hacking the next thing to do is to upload a backdoor Trojan, a Trojan horse in order to enable upload that will not be found, they tried various means to disguise them. As a victim, how should we see through the camouflage, the systems were all in the Trojan and get rid of these Trojan viruses?

[Milton.J]

Since Trojan is embedded in other processes among themselves in the process, the viewer does not generate specific projects, which we find ourselves the system if an exception occurs, you need to determine whether in a DLL Trojan.
Here we are using is the IceSword tool, run the program will automatically detect the system is running processes, right-click a suspicious process in the pop-up menu, select "Module Information" in the pop-up window you can see all DLL modules this time if there are items of unknown origin can be selected, and then click "Uninstall" button to remove it from the process. For some of the more stubborn of the process, we will be one, click "forcibly disarm" button, and then through "the module file name" field of the address, directly to its folder will delete it.

[Spyrus]

Because most users call DLL file is not familiar with, it is difficult to determine which DLL module is not a suspect. This ECQ-PS can come in handy.
After running the software can be in the middle of the list can be seen in the current system in all the processes, double-click one of these processes, they can in the following window, "all modules" tab, you can display detailed information, including the module name , version and vendor, and the creation of the time. One of the vendors and the creation time information is more important, if it is a system critical process, such as "svchost.exe", the result is called an unknown vendor module, and then the module must be a problem. Also if the company, although Microsoft, but the creation time was with the other DLL modules at different times, it may be DLL Trojans.

[Snake08]

Every moment of the system would be impossible in the port, registry, files, services one by one, check to see if hidden Trojan. At this time I use some special tools for testing.
Rootkit removal 1.Rootkit Detector
Rootkit Detector is a Rootkit detection and removal tools that can detect multiple Rootkit under Windows, including the famous hxdef.100.
Methodology is very simple command line run the program directly under the name "rkdetector.exe" can be. After the program runs automatically to a series of hidden items to complete testing to find out the system is running Rootkit programs and services to make a mark to remind the red, and try to get rid of it.

[Zachary]

Knlps some of the more powerful, it can specify the end of the program is running Rootkit. Use the command line, enter "knlps.exe-l" command, the system will display all the hidden Rootkit process and the corresponding process number PID. Rootkit found the process, you can use "-k" parameter to delete. For example, has found a "svch0st.exe" process, and the PID number "3908", you can enter the command "knlps.exe-k 3908" will be suspended off the process.