Spyware, Viruses, & Security forum

Question

Trojan virus/ spyware that can uninstall itself?

by mgjen028 / March 9, 2012 5:37 PM PST

is there a Trojan virus/ spyware already written/ developed that can uninstall itself whenever the hacker decides to?
so it will definitely be not detected by any antivirus / antispyware once it senses that the victim is now installing an antivirus/ anti- spyware?

for example, the virus/ spyware is controlled remotely by a hacker and its intention is to spy over me and then the hacker uninstalled it remotely so that i will not discover what happened?

because I'm really worrying whether there was indeed a spyware that was used against me in the past
but i just can not detect it now with my antivirus/ anti spyware (Microsoft Security Essentials) because the hacker or the intruder uninstalled it before i had the antivirus/ anti spyware?
thank you very much.
I really hope that this question will be answered.

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Trojan virus/ spyware that can uninstall itself?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trojan virus/ spyware that can uninstall itself?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Rootkit
by MarkFlax Forum moderator / March 9, 2012 5:48 PM PST

Probably not a virus or trojan because they would have to be running for them to work.

But look up Rootkits, example explanation here; http://searchmidmarketsecurity.techtarget.com/definition/rootkit

Many anti-virus and anti-malware scanners can now find rootkits, but they change often and they are often difficult to find without special software, eg Sysinternals Rootkit Revealer.

Tell us what anti-virus you are running, and what other anti-malware scanners you are using.

Mark

Collapse -
Im using Microsoft Security Essentials as Anti-virus/spyware
by mgjen028 / March 10, 2012 7:08 PM PST
In reply to: Rootkit

I'm using Microsoft Security Essentials as Anti-virus/spyware for now.

in the past, when I will probably get the trojan virus/ spyware, I'm using Avast.

so i also have an antivirus somehow running in my computer.

i'm just still worrying maybe it got past my antivirus that time which is Avast.

Btw, im not yet uninstalling my Avast and I'm running it now with Microsoft Security Essentials

i ran a full scan of Microsoft Security Essentials which took so long, more than 16 hours,

but it did not find any virus / spyware that will become an evidence of hacking that occurred

Collapse -
What I see
by MarkFlax Forum moderator / March 10, 2012 7:17 PM PST

is MSE and Avast. They are both anti-virus scanners with some anti-spyware scanning built in. But if you have both running in the background continuously then you may see some strange effects as they each fight for access to the same files to scan them.

The general, (but unwritten), rule is, use only one firewall and use only one anti-virus scanner as using two or more of each at the same time can cause conflict and performance issues.

However, in addition to the above, use two or more 'stand-alone' anti-malware scanners which do not run in the background but instead you run regular manual scans, say weekly or so, and the two that are often recommended in these forums are; the free versions of Malwarebytes Anti-malware and SUPERAntiSpyware

So, may be not a rootkit, but instead two AV's conflicting with each other.

Mark

Collapse -
While Mark says it is UNWRITTEN ...

I will disagree and say that it is well documented to NOT use two Anti-Virus apps running in real mode and ESPECIALLY with Microsoft Security Essentials. This is what Microsoft advises:
http://answers.microsoft.com/en-us/protect/forum/protect_start/check-list-for-installing-microsoft-security/bf757e6a-e320-4a67-92bc-767e6acb26c4

Note where it says "Remove ALL real-time anti-malware products that were ever installed on your PC (Norton, McAfee, TM, AVG, Avast, Avira, ESET, etc.) Uninstall your previous real-time anti-malware. Then, use the removal/cleanup tools in this thread. Not only should you remove your current anti-malware product(s), you should also uninstall any free or trial anti-malware products that may have been installed on your PC when purchased, even if never activated. "

I would also recommend the Sophos Anti-Rootkitrather than the older Sysinternals utility as I have found it to be more efficient:
http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

Before your "hacker" worries cause unhealthy high blood pressure could you maybe tell us WHY you think you were "hacked" and what virus or spyware you think was installed on your computer. Doing so might enable us to offer more specific suggestions or possibly even to alleviate your worries - most such turn out to be baseless and non-existent.

Collapse -
I agree, but
by MarkFlax Forum moderator / March 11, 2012 9:15 PM PDT

what I meant, and failed to clarify sufficiently, was that for general users there is no easy advice about this. It isn't intuitive in the sense that Windows doesn't tell us not too install more than one AV, and while some anti-virus setup procedures might tell the user to uninstall any other version before continuing, it is all a bit hit and miss.

Mark

Collapse -
Viruses that remove itself at the end of theri missions
by Cold_AXE / March 19, 2012 1:45 AM PDT
In reply to: Rootkit

It reminded me our informatics course down at the past, and yea it might happen to be programmed like that, so at the end it destroy itself... but it isn't an really virus but an malware. Anyway, you can test by your self and all you need is just "Notepad.exe" and just some information.
Type on page of Notepad:

@echo off
echo this is a virus /* or whatever you like */
del filename.txt /* a file name that you know that is there down on the location for delete */
del virus.bat /* at this moment the batch file virus destroy itself without let you out understand what happened */

Now on menu File > SaveAs name the file as virus.bat and put on same folder of the file for delete and click.

This way we used to destroy systems, but now it works the same for USB Drive - but it is sometime called autorun.inf or modified the file that some usb have for some reasons (let say for logo on load) have, but that is just the load and not the virus. Because 16bit applications mostly don't work normally on newer OS, the same idea is worked but with other applications rather than Notepad.exe and the "autorun.inf" just call the real virus.

If you create this batch file just for learning and scan with antivirus it seams to be ok and just a few Antivirus check the code inside. but if you change the period from .but to .exe or .com then the virus will work and the Antivirus is not going to check the code anymore because for it, this is a binary file and even for your OS.

Lastly, a virus can not inject itself and destroy itself, because the memory it would be full because of infinite process of self inject and self destroy. these are named and classified as malware and backdoor trojans are just a bridge to let you after inject your virus, file or whatever you want to pass to your enemy.

See U on Facebook

Collapse -
Your comment
by MarkFlax Forum moderator / March 19, 2012 5:22 AM PDT

"This way we used to destroy systems".

Remind me never to contact you.

And by the way, thanks for the note about the notepad trick in your reply to me. I knew it already.

I don't use Facebook, and with you there, I'm pleased I don't.

Mark

Collapse -
but can a spyware...
by mgjen028 / March 24, 2012 5:44 PM PDT

but can a spyware, the one that is actually made and used stealthily, be injected and/or remove unnoticeably?
or in other words, can it be remove while making it secret to the victim? or not leaving any signs?

if it was really exploited to the victim, will it have to leave any traces? will it be detected by my antivirus which is microsoft security essentials by detecting some malicious files that is a showing evidence?

or can it be remove entirely, including all possible trace of evidence, as if it seem to have never happened?

by runnning a full scan of microsoft security essentials and finding out no malicious files entirely, can we really say that there was no case of hacking or exploitation of spyware occurred?

because i am really worrying because i feel that there really is a hacking occurred. but i just could not find any evidence. i just feel it. it appears to my dream. Sad

Collapse -
Yes.
by MarkFlax Forum moderator / March 25, 2012 4:23 AM PDT
In reply to: but can a spyware...

But to do that you will have to have let the "Hacker" in in the first place. Using a firewall will help protect against that, but no firewall will prevent you as the user clicking Yes to some scam or other, or downloading and installing some software app that lets the hacker in.

No anti-virus will catch everything, not MSE, nor an of the other recognised anti-virus scanners. That's why we also use manual scanners like Malwarebytes' Anti-malware and SUPERAntispyware to help find those malware things that AVs do not detect.

But again, at the end of the day, malware writers and hackers are powerless if we are on our guard. We are the first defense and the best defense.

Mark

Collapse -
here it is...
by mgjen028 / March 26, 2012 3:52 AM PDT
In reply to: Yes.

here it is, it is because i have been worrying that my computer, which is a laptop, is hacked in the sense that it comes to the point that my built-in webcam is hacked.
it's really scary.
is this even possible?
if so, what can i do now?
i already ran a scan of microsoft security essentials and it found no related malicious files.
am i already safe? probably for now.
but, what about in the past?
what if i am being hacked in the past?
how do i know?
what if the hacker just stopped hacking because he sensed that my computer is getting protected by microsoft security essentials?
what if he just deleted the files that will be counted as an evidence of the compromising being done?
is this possible?
can he really spy on me and decide to stop spying after he discovered that he will probably be found out.
in the past, as i mentioned earlier, i used an antivirus which is avast.
i also do not let anyone other than me and my family touch my computer/laptop.
i also am not turning off my firewall which is windows built-in windows firewall, since the time i bought my laptop.
am i already safe at this point?
do i not have anything to worry about then now?
now, i am installing a free version of SUPERAntiSpyware, and will run a quick scan of it.
i wonder if it could find any malicious file related to a sinister action like webcam hacking.
i hope there will be no malicious files.

Collapse -
Answer
Absolutely.
by R. Proffitt Forum moderator / March 10, 2012 12:05 AM PST

But if you continue down this road you may end up being so paranoid that you remove all enjoyment of using these things.

There are ways to avoid all this such as running the OS from CD which is read only. Example at link.
http://news.cnet.com/8301-13554_3-9988099-33.html

Bob

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech Tip

Stuck without Internet and want to watch movies?

CNET shows you how to download movies and TV shows onto your device using Amazon Prime so you'll always be entertained.