Trojan and firewall?

Question

Say if you have a trojan on your computer but also have the Windows XP firewall on, can an outsider still connect to you?

Answer 1

Yes! Windows XP's is only unidirectional; it monitors incoming Internet traffic but not outgoing traffic. Ideally, a firewall should be bidirectional, monitoring incoming and outgoing traffic between your computer and the Internet. Unfortunately, Windows XP's firewall assumes everything that is already installed on your computer is safe and does not bother to monitor outgoing traffic. This is a major flaw. If a Trojan manages to infect your computer, Windows XP's firewall will not stop it from sending information about your computer to the outside world. Your better off using a free third party firewall, such as ZoneAlarm Free edition, Sunbelt-Kerio Firewall or Jetico Firewall. You can find a number of free firewalls at: http://www.filehippo.com/software/firewalls/

In a recent study, security experts found that certain free firewalls outperform several for pay firewalls. In particular, Comodo Pro and Jetico Firewall stood out.

Answer 2

The Firewall is the least of your problems. You need to get that Trojan off your computer. Do this and use this program:

Download and Update Ewido (now called the AVG Antispyware). Do not run:

http://www.ewido.net/en/download/

TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR PROGRAM(S). Run both programs consecutivly.



When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.

RESET HIDDEN FILES AND FOLDERS.

The RESTORE POINTS may be infected with the Malware and cannot be used. Delete the old one(s) and make a new one.

CLEAR OLD RESTORE POINT(S). HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.


ADDITION INFORMATION ABOUT TROJANS:

There are Trojans that fall into the Smitfraud family. These require the use of a specialized program for removal. Here are two sites that specialize in removing these:

http://www.internetinspiration.co.uk/roguefix.htm

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

When you have removed the Trojan, go here and read this site. You will get to the Firewall section after a few pages. All the info is important and should be read.

http://www.internetinspiration.co.uk/computer_privacy_and_security.htm