What Is a Trojan Horse Constructor?

Trojan Facts

• A Trojan is a type of malicious program that usually causes harm to a computer. While many Trojans are detectable, some are not; these are the ones causing the most damage. Trojans install themselves alongside many different programs, such as a toolbar or other bundled software package, without the knowledge of the user. Trojans can do a lot of damage including stopping Internet access, stopping downloads and hiding from anti-virus and anti-malware programs.

Constructor Kit Facts

• The full name of the program is Trojan Horse Construction Kit 2.0 and is known by 13 other names. Some of the more popular names include Constructor.DOS.THCK.2_0 by Kaspersky, destructive program by F-Prot, THCK.Kit by Computer Associates, Trj/THCK.64.Drp by Panda and virus construction tool by F-Prot, among others, and is published by StingRay. This construction kit allows someone to build and program a Trojan infection. Technically, this is not an infection, but it creates infections, which is why it is classified as dangerous. Security programs first detected the kit and its other variants in 1998.

New Incidence

• On March 21, 2010, a report filed with Threat Security stated that a submission by a PC Tools user submitted a sampling of a code, seemed to a virus. In fact, the submission is now confirmed as the Trojan Horse Constructor in a different form, now known as the Constructor.Win32.SWLabs.3 by Kaspersky and the generic Trojan Horse by Symantec. However, Symantec has over 50 confirmed names for the variants of this Trojan, reports ThreatExpert.

Symptoms

• The symptoms of the original construction program include the inclusion of specific programs that show up as a running process within the task manager. The files include thck-fp.exe, thck-tbc.exe and thck-tc.exe. In addition, if the kit is installed on your computer, there will be files located within your Internet Explorer browser's program files. These include thck200.doc, thck200b.doc, thck-fp.exe, thck-tbc.exe and thck-tc.exe. The symptoms of the new incidence include a dialog box stating "I need to know where you keep your Word executable for 6.0." It goes on to state "If you don't have Word you can create source code but no live Viri!"

Removal

• If any of these programs are found anywhere within your PC, whether inside a program file or in the Task Manager, it is likely your computer is infected or being used to make Trojans and other viruses. If the names processes are running, highlight the process name in the "Processes" tab of the "Task Manager," then click the "End Process" button. A dialog box opens, asking if you are sure; click "Yes." Some antivirus programs can detect the kit but cannot remove all necessary files to make the PC safe. In a case you detect of files that a security program cannot remove, consult an IT technician to remove them manually.