Trojan - Trojan Horse


Originally, the term Trojan or trojan in French designated computer programs used to conceal computer threats and used to deceive Internet users to install them.
Nowadays, just like the term virus, the word Trojan has been generalized to identify any malicious program.

In other words, the word Trojan and trojan, today designates almost any computer threat.

Trojan concept

There are still some subtleties in the nomenclature used by antivirus:

  • Trojan.Dropper : this is a malware created with the aim of installing an infection in the system.
  • Trojan.Inject or Trojan.Injector : this is a trojan capable of using a system process, of injecting it to take control of it. For example, a trojan can launch a new instance of svchost.exe and inject it so that it can make connections with it to bypass firewall restrictions.
  • Trojan.Patched : a system file has been modified to alter its operation and perform operations necessary for infection.
  • Trojan.Small ou Trojan.Tiny : a "small" trojan in relation to the file size.
  • Trojan Proxy : the latter will transform the computer into a proxy in order to be used by hackers to perform malicious operations. The computer can be rented.
  • Trojan.VB : A Trojan written in Visual Basic
  • Trojan.MSIL : A Trojan written in MSIL (Microsoft Intermediate Language)
  • Trojan.AutoIT : Trojans written in AutoIT language.
  • Trojan.DNSChanger : a Trojan which modifies the DNS configuration (name server) in order to be able to carry out address redirections or MITM attack (Man in the Middle)
  • Trojan.Clicker : a Trojan that loads advertisements in the background and simulates clicks
  • Trojan.Adfraud : quite similar to Trojan.Clicker here it is about making money by loading advertisements.
  • Trojan.Downloader : A Trojan that will download other malware and install it in the system.
  • Trojan.PWS : a Trojan that is designed to steal WEB account passwords.
  • Trojan.Bitcoin - Trojan.CoinMiner: Trojan generating Bitcoin (virtual currency) using the computer's CPU. This helps to monetize.
  • Trojan.GameOnline : a Trojan especially in the theft of online gambling accounts.

For example, an Avast! typically generalist in Win32: Trojan-Gen, Gen meaning Generic.


Below is a Trojan.Patched detected by Microsoft Security Essentials.


Trojan.Injector detection at Malwarebytes Anti-Malware:


Example of a Trojan.CoinMiner at AVG:


In addition to the characteristics, the detection can also target families of malware known or not depending on whether the detection of the trojan is generic / generalist:

  • Trojan.Agent : this is a general detection. No malware family
  • Trojan.Generic : a general detection which recognized classic trojan patterns
  • Trojan.Dridex : This is a detection relating to the Dridex family, a Trojan Banker / Sealer
  • .

For example below, a Malwarebytes Anti-Malware detection Trojan.Agent.AIgen


or even Trojan.Agent.BCM, BCM is the counter, the next signature / detection will have the letters Trojan.Agent.BCN and so on.


In short, a Trojan can have any form of utility, it can allow installation by downloading other malware which, once in place, will perform the operations for which it was designed.
The operations are different depending on the Trojan family, but the ultimate goal is to make money using the computer, namely:

  • The Trojan allows you to take control of Windows, which is then part of a botnet or Zombis PC network which can be rented for:
    • carry out SPAM campaigns (commercial or malicious)
    • perform DoS (Denial Of Service) attacks
    • install a proxy to perform other operations including allowing hackers to hide.
    • Load ads in the background to earn money with it
    • .
  • Online accounts are also very popular with trojans, your passwords, banking information etc, they can be resold.

Trojans, and often Trojans.Downloaders, can serve as a springboard for installing infections.
This is particularly the case for ransomwares, the Trojan Upatre leads to Cryptowall Ransomware, or JS / TrojanDownloader.Nemucod leads to Locky Ransomware.

Finally we will note the families of malware named RAT (Remote Access Tool) that allow computer control and embed keylogger functionality.
For example the Trojan RAT family: Trojan Nanobot / Nanocore / Naancooe


Some links of related to Trojans:

How to detect Trojans / Trojan horse?

You can follow the following video tutorial:

How to remove Trojans / Trojan?

The following procedure guides you through disinfecting your computer and provides you with a procedure to remove trojans (Trojan horse) from Windows.
Note that this procedure is completely free.
This should allow you to clean a large part of the viruses, however, a check in a dedicated forum is advised. We provide you with a forum with experts in this direction.
Finally, think that your passwords were probably recovered by the attackers, it is strongly recommended to change them once Windows has been cleaned.

Remove Trojans / Trojan with MBAM

  • Download then install Malwarebytes Anti-Malware
  • Let yourself be guided to carry out the first configurations
  • Then Launch a quick scan by clicking on the button Analyze
  • At the end of the scan, delete all the threats detected
  • Finally restart your PC if MBAM asks for it
Remove viruses with Malwarebytes Anti-Malware

Malwarebytes Anti-Malware in video:

Remove Trojans / Trojans with RogueKiller

  • Download then install RogueKiller
  • Start a PC virus scan by clicking on the button Analyze
Remove viruses with RogueKiller / Remove malware with RogueKiller
  • Let the scan run, it will take some time
  • Finally remove all detected threats
Remove viruses with RogueKiller / Remove malware with RogueKiller

Remove Trojans / Trojans with NOD32

  • Download then run esetonelinescanner.exe
  • Then let yourself be guided to perform the analysis online then enable PUA detection (Potentially unwanted application)
Perform a NOD32 online scan to remove viruses
  • Then the analysis of NOD32 is carried out, again, it will take a long time, be patient
  • Finally place all the detected elements in quarantine

NOD32 scan in video:

Need personalized help?

Nothing works ?
Need personalized help?
Go to the forum by creating your own topic, we will help you!
=> Malekal Forum - Virus Removal Help


How to protect your PC from viruses

You can delete the programs used, if you wish you can keep Malwarebytes Anti-Malware to perform regular scans.
Remove AdwCleaner and ZHPCleaner, there is no point in keeping them for regular analyzes.

It is strongly advised to change all your passwords (Facebook, online games, emails etc).

Here are some tips to keep your computer safe and prevent malware.
To secure your computer, especially update all your software (Adobe Flash, Java etc): Secure your computer and protect your PC from viruses.