siliconman01
Global Moderator
Trojans! Chew 'em Up, Spit 'em Out...
Gender: 
Posts: 5466
|
 |
TrojanHunter's "Quarantine" Method
« on: Mar 31st, 2006, 4:43am » |
|
Described herein is the technique used by TrojanHunter Scanner and TrojanHunter Guard to neutralize or "quarantine" a detected malicious element.
To invoke automatic removal of a detected trojan or other malicious element:
TrojanHunter Guard
1. In the notification tray (systray), right click on the THGuard icon and select the Settings window from the menu.
2. Check mark Automatically remove trojans .
3. Check mark Enabled if not already enabled.
4. Click on OK to save the setting and close the Settings window.
TrojanHunter Scheduled Scan.
1. Open TrojanHunter Scanner.
2. Click on the Schedule icon in the left menu bar.
3. Under "Scheduled Scanning", specify the time and frequency of the scheduled scan.
4. Check mark Enable scheduled scans.
5. Check mark Automatically remove trojans found during scheduled scans.
NOTE: If Automatically remove trojans found during scheduled scans is not check marked for scheduled scans, the scanner will alert the user that a trojan has been detected during the scan. It will instruct the user to perform a manual scan to locate and clean/quarantine the trojan.
TrojanHunter Manual Scan.
If the TrojanHunter scan is manually initiated, the user must instruct TrojanHunter Scanner to "clean/quarantine" any malicious element that the scanner declares as a Trojan.
To clean a trojan or malicious element, TrojanHunter removes the file from its current location, encrypts the file, and places it under Quarantine in the Quarantine folder found at C:\Program Files\TrojanHunter 5.0\Quarantine.
- The Quarantined item can be viewed by:
1. Open TrojanHunter scanner.
2. Click on the Quarantine icon in the left menu bar.
- The Quarantined item can be restored by:
1. Open TrojanHunter scanner.
2. Click on the Quarantine icon in the left menu bar.
3. Check mark the item to be restored.
4. Click on Restore selected files.
5. Confirm the restoration.
- The Quarantined item can be completely deleted by:
1. Open TrojanHunter scanner.
2. Click on the Quarantine icon in the left menu bar.
3. Check mark the item to be deleted from the user's system.
4. Click on Remove selected files.
5. Confirm the removal/deletion.
NOTE:
1. The only time that a file should be restored from Quarantine is when the detection has been confirmed as a False Positive by Mischel Internet Security. If the user suspects that TrojanHunter is falsely detecting the file, the user should submit the file to Mischel Internet Security for analysis via the link below.
http://www.misec.net/forum/board/FAQ/1139308293
2. It is normally safe to completely delete/remove Quarantined files from the user's system after 1-2 weeks. During this time frame, the user should be able to confirm that the computer system is running satisfactorily and that the detection was NOT a False Positive.
3. As of TrojanHunter V5.0, TrojanHunter does NOT quarantine Registry keys. This is scheduled to be corrected in V5.1 of TrojanHunter.
Applies to TrojanHunter V5.0 and higher.
|
Mischel Internet Security Forum
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register