Trojan horses are programs that appear to be useful, critical or part of the operating system but perform malicious tasks. Trojan horses have filenames such as “svchost.exe” or “lsass.exe” to make it appear harmless or preventing the user from deleting the file. Due to its nature, there is no ultimate method for a Trojan removal but in this case there are two examples how to remove Trojan horses in a form of an executable program.
The prerequisite rule for Trojan horse removal is that your PC must be equipped with a good anti virus software. An anti virus software comes with a real time monitor for on-the-spot Trojan horse detection. Another prerequisite is that hidden and system files must be visible. In order to show hidden and system files, open My Computer and go to the Tools menu. Click Folder Options and go to the View tab. Make sure that you have selected to “show hidden files and folders” and the “Hide protected operating system files” check box is unmarked.
A Trojan can appear as svchost.exe. Such filename can throw off users to delete the file because it appears to a system file as a part to run Windows. The real svchost.exe is located in system32 directory, not system.
Manually deleting the file won’t work at once. Disable your anti virus monitor or real time protection and the Trojan horse must be terminated first through Task Manager by pressing ctrl-alt-del.
In the Task Manager, svchost.exe runs in several processes: system, network service or local service. But as shown in the second screenshot, a process of svchost.exe has a user name of the user logged in. Highlight the suspicious svchost.exe and click end process. Then you can manually browse for the Trojan horse file and delete it permanently by pressing shift + delete.
Sometimes a Trojan horse can appear with several supporting files. A system folder like Recycler is supposedly not present in a USB Flash drive and autorun.inf is generally paired with an executable file. Therefore all files and folders involved must be selected and permanently deleted.
To ensure safety, go to Start menu and click Run. Type msconfig, go to the startup tab and look for the Trojan horse if present by checking its directory path under the Command row. Unmark its checkbox and restart your computer.
Ideally you may want to restore your folder settings back to avoid accidental deletion of legitimate system files. And as a safe resort, clear all temporary internet cache and cookies as well.
