Anti-virus programs will find and remove Trojan horses, but free anti-virus programs have had a poor reputation for finding them in the past, so it's worth running a specialist anti-Trojan program as a double check, especially before installing a firewall- it's no use securing a system that has already been taken over by a hacker. Anti-virus and anti-Trojan programs will find Trojan horses, but if an infection is found, there's a chance that cleaning will not remove every element of the attack.
Clean or Rebuild?
An active Trojan horse may mean that a hacker has control of your computer. That hacker may have made changes to your system to allow them to control it, and to keep control despite attempts at cleaning. This is done by the installation of backdoors or rootkits. The only way to guarantee that an infected computer is clean may be to rebuild, or flatten the system. The Microsoft document below gives information in the section entitled Clean or Rebuild? The decision may be different depending on the use to which the computer is put. Security may be more critical on a computer used to store valuable or confidential information or for shopping with a credit card than on one used for casual web browsing and games.
1The Antivirus Defense-in-Depth Guide microsoft.com
The complete Windows Trojans paper Frame4 Security
Anti-Trojan Warfare The NoHack Project
Anti-Trojan Programs
The distinction between Trojan horses and other forms of malware (if it ever really existed) seems to have broken down. Anti-virus products now detect Trojans. Anti spyware programs detect Trojans- and some are adding virus detection. Some products that called themselves Trojan scanners a few years ago now call themselves anti-malware scanners; others have been bought by AV companies or simply ceased to exist.
a-Squared
(successor to Anti-Trojan 5.5)
and Pest Patrol
are now an anti-spyware
products.
Ewido was
bought up by AVG, transformed into AVG
AntiSpyware and eventually incorporated into its anti-virus product and
discontinued.
Tauscan and TDS-3- discontinued.
The only product still calling itself a Trojan scanner seems to be TrojanHunter, which features "a scanner capable of thoroughly examining your files, system registry, open ports and running processes," and is capable of cleaning process-injecting Trojans. A free trial is available.
Mischel Internet Security's TrojanHunter
For a review of free and non-free anti-Trojan utilities
Anti-trojan Software Reviews
For a review of non-free anti-Trojan utilities wilders.org
Rootkits are used to hide malware on a computer- if the malware can't be seen, it can't be removed. The war against malware is an arms race- malware writers were winning the war for a while with hidden malware before anti-malware companies responded with special tools to remove rootkits. Recent Statistics suggest that rootkits are becoming less common as anti-malware products become better able to deal with hidden malware- although it's still true to say that there are some very nasty and difficult-to-remove malware infections out there, especially some of the latest spyware infections.
F-Secure Shines BlackLight on Malicious Rootkits eweek.com
The Threat- Rootkits f-secure.com
Where are Rootkits Coming From? eweek.com (2005)
Microsoft: Bot, Trojan Infections High; Rootkits Low eweek.com (2006)
Rootkit detection and removal tools
BlackLight f-secure.com
RootkitRevealer sysinternals.com
GMER antirootkit.com
McAfee Rootkit Detective antirootkit.com
Panda Anti-Rootkit softpedia.com
UnHackMe greatis.com
Sophos Anti-Rootkit sophos.com
Rootkit Buster Trend Micro
For more anti-rootkit tools, instructions in how to use them or advice in removing rootkits, visit:
Rootkit Revelations castlecops.com
antirootkit.com
Removal tools for spyware using rootkits
Gromozon:
The Strange Case of Dr. Rootkit and Mr. Adware (PDF)
Gromozon Rootkit Removal Tool prevx.com
Vundo:
Vundo Rootkit Detection and Removal Procedure wiki.castlecops.com
Removal tools/instructions for specific rootkit
Removal Tool - WinKRootKit/CommonName McAfee
Haxfix Haxdoor Removal forum.hijackthis.de
rdrivrem (rdriv.sys removal tool) atribune.org
Rustock.b geekstogo.com