How to Find a Trojan Horse in a Computer's Files

By Jeff Grundy

Trojan horse viruses aren't designed to infect other computers. In most cases, they're the result of a targeted attack by a malware developer to compromise information on computers of a selected group of users or visitors of a specific website. Because Trojan horse files often mimic legitimate system files, then can be very hard to locate and eradicate with conventional virus scanners. Consequently, you must use some specialized software tools to identify and remove hard-to-find Trojan horse viruses.

Windows Defender

Press "Ctrl+I," then click "Control Panel." Click the "View By" drop-down list, and then select either "Large Icons" or "Small Icons." Click the "Windows Defender" link.

Click the "Update" tab. Click the "Update" button, then wait for Windows to download and install the latest Windows Defender malware and virus definitions. Depending upon the speed of your Internet connection, the definitions update may take several minutes.

Click the "Home" tab. Enable the "Full" option under the Scan Options header, then click "Scan Now." Wait for Windows Defender to do a complete system scan for viruses and malware. Depending upon how many files and installed applications you have on the computer, the scan may take several hours.

Follow the prompts to delete or quarantine any infected files Windows Defender finds. Restart the PC after performing the virus scan with Windows Defender.

Scan with Trojan Horse Scanners

Open your Web browser and download an application designed to search specifically for Trojan horse variants. Anti-Trojan applications such as McAfee Stinger, Microsoft Malicious Software Removal Tool and Kaspersky's Virus Removal Tools offer more in-depth heuristic and Trojan horse searches than do standard anti-virus applications. These utilities do not search for as many types of viruses, but they do a good job of locating and eradicating most known Trojan horse applications (links in Resources).

Press "Windows+E" to open File Explorer. Navigate to the folder where you save the Trojan horse removal tool, then double click its setup file. Follow the prompts to install the utility on the computer.

Launch the anti-Trojan utility on the computer. Click the "Scan" or "Scan Now" button, then wait for the utility to scan your system for Trojan horse programs. The scan could take several hours to complete depending up on the number of files on your computer.

Click the "Remove" or "Clean" button when prompted to remove the Trojan horse application from the computer. Restart the computer and removing the infection.

Removing Residual Malware

Open your browser and navigate to the Malwarebytes website. Download the free version of Malwarebytes and save it to your computer (link in Resources).

Navigate to the website and download the latest version of the free Combofix utility. Save the utility to a folder on your PC (link in Resources).

Open File Explorer, then navigate to the folder where you save the Malwarebytes setup file. Double-click the file to install and update the utility on your computer.

Launch Malwarebytes on your PC, and then click the "Scanner" tab. Enable the "Perform Full Scan" option, then click "Scan." Wait for the utility to scan your system and remove any malware not removed by the other applications. Restart the computer.

Open File Explorer again, and locate the Combofix installation file. Double-click the file and follow the prompts to install the Combofix utility on your computer. Click the "Run" button when prompted. Restart the system when prompted.


After you update and run all of the applications suggested above, restart the computer in Safe Mode and then run the utilities again. To start Windows 8 in Safe Mode, hold the "Shift" key and tap the "F8" key repeatedly as soon as you see the BIOS screen or the manufacturer logo. In the Windows Recovery screen that displays, navigate to the "Troubleshoot" option and press "Enter." Select the "Windows Startup Settings" option and then click "Safe Mode."

If you found Trojan horse applications on your computer, they may have already transmitted sensitive data over the Internet to hackers or others unscrupulous individuals so you should change any passwords used to access online bank accounts or other sensitive information immediately.

The most effective way of preventing Trojan horse from infecting your PC is to keep your anti-virus and anti-malware software updated. Updates for most anti-virus and anti-malware are available daily.