Is a trojan horse a threat if it's never run?

By NooneSpecial ยท 4 replies
Jan 14, 2008
  1. I recently transferred an old hard drive to a newer PC. The old HD was a data drive from the old PC. After scanning it, I found a few problems I'm a little (lot) worried about.

    My antivirus software found backdoor.bifrose and a generic trojan horse in a couple of .exe files on the old hard drive. Backdoor.bifrose was in a keygen and the generic trojan horse was in some .exe I must have downloaded years ago but never used. I never ran either .exe after transferring the HD to the new PC. In fact, I didn't even know they were there - my AV software found them in the scan buried among the data on the drive.

    After discovering the problems, my AV software attempted to quarantine both. It was sucessful with one but not the other. However, I simply found the file on the drive and deleted it manually. I then deleted the quarantined file through the AV. Also, I followed Symantec's advice (I use Norton) and checked for instances of the trojan horses in my running processes. I didn't find anything.

    I then re-scanned the new HD and the AV software didn't find any problems.

    I'm under the impression that neither of these should be an issue, given I never actually ran the .exe file. However, I'm very paranoid about my data being spread about the internet (I try to be dilligent about PC security), so I thought I would seek out a few opinions. Any help anyone can offer would be GREATLY appreciated.
  2. jobeard

    jobeard TS Ambassador Posts: 11,173   +989

    Obviously if a program never receives CPU cycles, then it's the same as not being present.
    HOWEVER, the issue that can not be fully controlled is seeing that it NEVER gets any cycles. An example of the complexity is RunDll32, which loads a DLL and then
    gives control to something within it. This technique can also be used to run *.exe programs within some other program.

    If it is present on the HD, make every effort to obliterate it.
  3. NooneSpecial

    NooneSpecial TS Rookie Topic Starter

    Thanks for the reply.

    The .exe was never run. I was still in the process of going through all the data on the old hard drive when my AV found the offending files. One .exe was quarantined by my AV software, and I later deleted it. The other would not quarantine, but I was able to manually delete the .exe with no trouble at all.

    I scanned the drive a couple of times after deleting the problems, and the AV software came up clean.

    From your post, it sounds like I'm clean and the trojan horses were never actually deployed on my system, given they were never run and it only took removing the .exe in which they were bundled to remove them. In your words, then "it's the same as not being present." Correct?

    Thanks again for the reply.
  4. jobeard

    jobeard TS Ambassador Posts: 11,173   +989

    actually, my post should lead you to question "It was never run"!

    this is nearly impossible to 'prove'.

    It would appear that you have slammed the door on future execution.
    Hopefully, it never ran and there's no backdoors left lerking about.

    Get the AVG Rootkit scanner to verify that :)
  5. NooneSpecial

    NooneSpecial TS Rookie Topic Starter

    Thanks for the recommendation. I downloaded the AVG Rootkit scanner, performed an in-depth search and came up clean. So it looks like I nailed this one before it could do any damage (or spread my info around the internet).

    Thanks for the advice, I'm pretty particular about my internet security, so it was a surprise to find anything. I was more than a bit concerned. That said, unless there's something I don't understand, it looks like my security software did what it should. The only evidence of the trojan horses at all was the virus scan. I deleted the .exes, checked elsewhere and found no evidence, and the rootkit scanner came back clean. All signs point to stopping it before it ran, yes?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...