I've read up on backdoor trojans & have seen a lot of "...to be able to totally trust your computer, you really need to re-format" advice, but that's always kind of 'generic' for all backdoors; I have yet to see anything specific to the different 'species'. And in the "When should I reformat? How should I reinstall?" link I found in one of those advice threads here @ bleepingcomputer, it said:
If the computer was connected to the Internet for a long time with the backdoor installed, or if the malware used ICQ to actively contact hackers, then it is more likely the backdoor was used. Therefore there is a high risk if re-formatting and re-installing is not done.
If the backdoor merely opens a port to listen the risk is slightly lower.
If the backdoor merely opens a port to listen and the computer was behind a working firewall or NAT router, then the risk of the backdoor being used is greatly reduced. Therefore there is probably a much lower risk if re-formatting and re-installing is not done.
Most search hijackers and pop-up producing adware contain a capability for the maker to automatically update them and to add additional adware. In other words, most of them install backdoors of some sort.
In a case where only search hijackers and pop-up producing adware are found we should not automatically recommend re-formatting provided the malware can be removed another way, and providing the computer requires only normal levels of security. Hijackers and adware are written for advertising money, and their authors are not normally interested in anything more malicious than getting click-through payments from advertisers. Seldom is a backdoor in adware used by the maker to install anything other than more hijackers and ad-ware.
That tells me some backdoors are worse than others...right? Is there a way to determine if the backdoor "merely opened a port" vs. doing more evil things?
Can you tell anything by the extension at the end of the trojan's name (mine being ".cfg")? My computer is for home use (games, email, etc), but we pay do bills on it, buy things via amazon/paypal, etc. I've always had a firewall & AV protection running.
What do you think...reformat or not?
Edited by deandome, 23 August 2011 - 05:13 PM.