RESEARCH STARTER
Trojan (malware)
A Trojan, or Trojan horse, is a type of malware disguised as a legitimate software file that requires user interaction to install. Unlike viruses and worms that spread automatically, Trojans often trick users into executing them, leading to potential threats such as unauthorized access to personal information, system control, or spying on user activities. They can be embedded in seemingly harmless formats like text documents, music files, or images, and are commonly spread through email attachments or bundled with legitimate applications. Recognizable by their executable file extensions (like .exe or .vbs), Trojans may also use deceptive naming conventions to disguise their true nature. While some Trojans are easily detectable and removable with antivirus software, others can be more insidious, making them difficult to eliminate. Users are advised to be cautious when downloading files from untrustworthy sources and to keep their security software updated. In cases of severe infection, users may need to consult professionals or resort to reformatting their hard drives to remove the malware.
Authored By: Biscontini, Tyler 1 of 4
Published In: 2013 2 of 4
- Related Topics:
3 of 4
- Related Articles:
4 of 4
Full Article
A Trojan, or Trojan horse, is a type of malware that masquerades as a benevolent computer file. Trojan horses are usually executable files that need to be manually run by a user to install themselves. For this reason, they rely on tricking unwary computer users into activating the executable file. Trojan horses may be used to take control of a machine, steal personal information, or spy on users. Some Trojan horses are extremely difficult to detect and remove with conventional antivirus software.
Background
The term malware refers to any computer program installed with malicious intent. Trojan horses, viruses, worms, adware, rootkits, ransomware, and spyware are all common types of malware. These programs spread by exploiting vulnerabilities in computer security systems or by tricking computer users into accidentally installing them.
While the various types of malware are commonly confused, they are distinctly different. A virus is malicious code that copies itself to spread to other computers. Viruses spread through any type of file to which they can attach themselves. A worm is malware that spreads automatically through computer networks. Adware is an unwanted program or application that forcibly shows computer users advertisements, including pop-up ads. A rootkit is malware designed to allow unauthorized users access to a victim’s computer without triggering antivirus or other cybersecurity software. Ransomware is malware that encrypts a user’s files or system and demands payment for a decryption key; attackers may also steal data and threaten to publish it. Spyware is malware designed to spy on a computer. It is frequently coupled with adware, which may then deliver targeted advertisements based on the user’s search history.
Experts often advise that the best way to deal with malware is to be savvy enough to avoid downloading any in the first place. Never open suspicious email attachments, avoid untrustworthy websites, always ensure a computer’s firewall is active, and only download files from reputable sources. However, even the most careful computer users will occasionally have to deal with an infected machine. In most cases, running antivirus, antispyware, or antimalware software will remove the infection from the system. If suspicious activity continues, however, computer users should contact a professional.
Overview
Trojan horses are a type of malware that deceives users into thinking they are downloading a benign or legitimate program. Unlike viruses and worms, Trojan horses generally do not spread on their own and rely on users or other malware to download or run them. In some cases, Trojan horses come bundled with legitimate software to further disguise themselves. In other cases, a download’s sole purpose may be to spread malware.
Many Trojan horses are installed by executable files, but they may also be delivered through scripts, malicious macros, phishing links, compromised software installers, or fileless techniques. Executable files run a program or application when opened. They have specific, recognizable file extensions, including .exe, .vbs, and .bat. For a Trojan horse, the executable file’s purpose is to install the malware on a person’s computer. Hackers who design Trojan horses understand that knowledgeable computer users are wary of unexpected executables. For this reason, they often make the file name extremely long. Many email programs will shorten long file names, thereby hiding the executable’s extension. Hackers may also add a different file extension into the file name before the executable extension, such as “FILENAME.TXT.exe.” If file extensions are hidden, a file such as “FILENAME.TXT.exe” may appear to be a harmless text file. However, computers only read the last extension in a file name, which marks the file as an executable rather than a text file.
In most cases, plain-text files cannot run code, but Portable Document Format (PDF) documents and other files can deliver malware if they exploit vulnerable software. However, hackers have learned to hide executable files inside these normally safe formats. Armed with these advancements, hackers have hidden Trojan horses in executable files, scripts, macro-enabled Microsoft Office files, compressed archives, and files that exploit vulnerabilities in software used to open PDF documents, audio, video, or image files.
Email is one of the most common ways Trojan horses spread. Many Trojan horses hijack a victim’s email address, sending messages with an infected attachment to all the victim’s contacts. Because the email appears to come from the victim, their contacts are more likely to open the email and download the infected attachment. Once someone new is infected, the process repeats.
Many email and messaging programs have a preview feature. This feature allows users to see a smaller or compressed version of an attachment without opening the file. While convenient, preview features can expose a computer to malicious code only when a software vulnerability allows it. However, most programs with preview features have an option to disable this feature.
Trojan horses are spread for a variety of purposes. They may serve as loaders that install additional malware, including ransomware, spyware, or credential-stealing programs. They may steal login information for various accounts used on the computer, including bank or credit card logins. They may spy on computer users, recording their online activity. They may also modify or delete important files. In some cases, Trojan horses may even seize control of a computer, adding it to a network of such computers called a botnet. A common type of Trojan horse is the Remote Access Trojan (RAT), which allows an attacker to control an infected computer from another location. Botnets are commonly created by hackers in a distributed denial-of-service (DDoS) attack. DDoS attacks overload the server of an important website, rendering it inaccessible.
While some Trojan horses are easy to remove with common antivirus software, others may prove substantially more difficult. As with all malware, some Trojan horses may not be detected by antivirus software or other security tools. If the user can discover exactly which Trojan horse has infected their computer, they may be able to find detailed instructions for its removal online. Should that fail, the user may need to restore the system from a trusted backup, reinstall the operating system, or contact a malware removal professional. In some cases, a user may choose to reformat the hard drive, which removes all information on it, including malware. The user will then have to reinstall their operating system and restore any lost personal information from backups. If the computer user cannot afford to lose any personal information stored on the computer, they may have to contact a malware removal professional for aid.
Bibliography
“About Viruses, Worms, and Trojan Horses.” Knowledge Base Indiana University, kb.iu.edu/d/aehm. Accessed 29 May 2026.
Baker, Kurt. “What Is a Trojan Horse?” CrowdStrike, 16 June 2022, www.crowdstrike.com/en-us/cybersecurity-101/malware/trojans/. Accessed 29 May 2026.
“Trojan Horse Attacks.” IRCHelp, irchelp.org/security/trojan.html. Accessed 29 May 2026.
“Trojan Horse Virus.” Fortinet, www.fortinet.com/resources/cyberglossary/trojan-horse-virus. Accessed 29 May 2026.
“Trojans.” Microsoft Build 2026, learn.microsoft.com/en-us/defender-endpoint/malware/trojans-malware. Accessed 29 May 2026.
“User Execution: Malicious File.” MITRE ATT&CK, 12 May 2026, attack.mitre.org/techniques/T1204/002/. Accessed 29 May 2026.
“What Is Malware and How to Protect against Malware Attacks?” Avast, avast.com/c-malware. Accessed 29 May 2026.
“What Is Malware and How to Protect all Your Devices against It?” Kaspersky, usa.kaspersky.com/internet-security-center/internet-safety/what-is-malware-and-how-to-protect-against-it. Accessed 29 May 2026.
“What Is Trojan Horse Virus and How to Remove It Manually.” Combofix, combofix.org/what-is-trojan-horse-virus-and-how-to-remove-it-manually.php. Accessed 29 May 2026.
Full Article
A Trojan, or Trojan horse, is a type of malware that masquerades as a benevolent computer file. Trojan horses are usually executable files that need to be manually run by a user to install themselves. For this reason, they rely on tricking unwary computer users into activating the executable file. Trojan horses may be used to take control of a machine, steal personal information, or spy on users. Some Trojan horses are extremely difficult to detect and remove with conventional antivirus software.
Background
The term malware refers to any computer program installed with malicious intent. Trojan horses, viruses, worms, adware, rootkits, ransomware, and spyware are all common types of malware. These programs spread by exploiting vulnerabilities in computer security systems or by tricking computer users into accidentally installing them.
While the various types of malware are commonly confused, they are distinctly different. A virus is malicious code that copies itself to spread to other computers. Viruses spread through any type of file to which they can attach themselves. A worm is malware that spreads automatically through computer networks. Adware is an unwanted program or application that forcibly shows computer users advertisements, including pop-up ads. A rootkit is malware designed to allow unauthorized users access to a victim’s computer without triggering antivirus or other cybersecurity software. Ransomware is malware that encrypts a user’s files or system and demands payment for a decryption key; attackers may also steal data and threaten to publish it. Spyware is malware designed to spy on a computer. It is frequently coupled with adware, which may then deliver targeted advertisements based on the user’s search history.
Experts often advise that the best way to deal with malware is to be savvy enough to avoid downloading any in the first place. Never open suspicious email attachments, avoid untrustworthy websites, always ensure a computer’s firewall is active, and only download files from reputable sources. However, even the most careful computer users will occasionally have to deal with an infected machine. In most cases, running antivirus, antispyware, or antimalware software will remove the infection from the system. If suspicious activity continues, however, computer users should contact a professional.
Overview
Trojan horses are a type of malware that deceives users into thinking they are downloading a benign or legitimate program. Unlike viruses and worms, Trojan horses generally do not spread on their own and rely on users or other malware to download or run them. In some cases, Trojan horses come bundled with legitimate software to further disguise themselves. In other cases, a download’s sole purpose may be to spread malware.
Many Trojan horses are installed by executable files, but they may also be delivered through scripts, malicious macros, phishing links, compromised software installers, or fileless techniques. Executable files run a program or application when opened. They have specific, recognizable file extensions, including .exe, .vbs, and .bat. For a Trojan horse, the executable file’s purpose is to install the malware on a person’s computer. Hackers who design Trojan horses understand that knowledgeable computer users are wary of unexpected executables. For this reason, they often make the file name extremely long. Many email programs will shorten long file names, thereby hiding the executable’s extension. Hackers may also add a different file extension into the file name before the executable extension, such as “FILENAME.TXT.exe.” If file extensions are hidden, a file such as “FILENAME.TXT.exe” may appear to be a harmless text file. However, computers only read the last extension in a file name, which marks the file as an executable rather than a text file.
In most cases, plain-text files cannot run code, but Portable Document Format (PDF) documents and other files can deliver malware if they exploit vulnerable software. However, hackers have learned to hide executable files inside these normally safe formats. Armed with these advancements, hackers have hidden Trojan horses in executable files, scripts, macro-enabled Microsoft Office files, compressed archives, and files that exploit vulnerabilities in software used to open PDF documents, audio, video, or image files.
Email is one of the most common ways Trojan horses spread. Many Trojan horses hijack a victim’s email address, sending messages with an infected attachment to all the victim’s contacts. Because the email appears to come from the victim, their contacts are more likely to open the email and download the infected attachment. Once someone new is infected, the process repeats.
Many email and messaging programs have a preview feature. This feature allows users to see a smaller or compressed version of an attachment without opening the file. While convenient, preview features can expose a computer to malicious code only when a software vulnerability allows it. However, most programs with preview features have an option to disable this feature.
Trojan horses are spread for a variety of purposes. They may serve as loaders that install additional malware, including ransomware, spyware, or credential-stealing programs. They may steal login information for various accounts used on the computer, including bank or credit card logins. They may spy on computer users, recording their online activity. They may also modify or delete important files. In some cases, Trojan horses may even seize control of a computer, adding it to a network of such computers called a botnet. A common type of Trojan horse is the Remote Access Trojan (RAT), which allows an attacker to control an infected computer from another location. Botnets are commonly created by hackers in a distributed denial-of-service (DDoS) attack. DDoS attacks overload the server of an important website, rendering it inaccessible.
While some Trojan horses are easy to remove with common antivirus software, others may prove substantially more difficult. As with all malware, some Trojan horses may not be detected by antivirus software or other security tools. If the user can discover exactly which Trojan horse has infected their computer, they may be able to find detailed instructions for its removal online. Should that fail, the user may need to restore the system from a trusted backup, reinstall the operating system, or contact a malware removal professional. In some cases, a user may choose to reformat the hard drive, which removes all information on it, including malware. The user will then have to reinstall their operating system and restore any lost personal information from backups. If the computer user cannot afford to lose any personal information stored on the computer, they may have to contact a malware removal professional for aid.
Bibliography
“About Viruses, Worms, and Trojan Horses.” Knowledge Base Indiana University, kb.iu.edu/d/aehm. Accessed 29 May 2026.
Baker, Kurt. “What Is a Trojan Horse?” CrowdStrike, 16 June 2022, www.crowdstrike.com/en-us/cybersecurity-101/malware/trojans/. Accessed 29 May 2026.
“Trojan Horse Attacks.” IRCHelp, irchelp.org/security/trojan.html. Accessed 29 May 2026.
“Trojan Horse Virus.” Fortinet, www.fortinet.com/resources/cyberglossary/trojan-horse-virus. Accessed 29 May 2026.
“Trojans.” Microsoft Build 2026, learn.microsoft.com/en-us/defender-endpoint/malware/trojans-malware. Accessed 29 May 2026.
“User Execution: Malicious File.” MITRE ATT&CK, 12 May 2026, attack.mitre.org/techniques/T1204/002/. Accessed 29 May 2026.
“What Is Malware and How to Protect against Malware Attacks?” Avast, avast.com/c-malware. Accessed 29 May 2026.
“What Is Malware and How to Protect all Your Devices against It?” Kaspersky, usa.kaspersky.com/internet-security-center/internet-safety/what-is-malware-and-how-to-protect-against-it. Accessed 29 May 2026.
“What Is Trojan Horse Virus and How to Remove It Manually.” Combofix, combofix.org/what-is-trojan-horse-virus-and-how-to-remove-it-manually.php. Accessed 29 May 2026.
More Like ThisRelated Articles
Related Articles (2)
Related Articles (2)
- Analysing the Malware by using Checksum and Signature-Based Detection Techniques.Published In: Grenze International Journal of Engineering & Technology (GIJET), 2023, v. 9, n. 2. P. 376Authored By: Reddy, M. Manjunath; Raghava, S.; Tarun, N. Naga; Reddy, S. Chetan; Rao, G. Ramakoteswara; Chandra, J. VijayaPublication Type: Academic Journal
- Trojan Analysis using Malware Detection.Published In: Grenze International Journal of Engineering & Technology (GIJET), 2025, v. 11, n. Part1. P. 599Authored By: Turukumane, Anil Vittalrao; Reddy, CH. Rohith Sai Kumar; Vijjada, Charitha Sree; Baig, Saaduddin; Abhinav, B. Y. SaiPublication Type: Academic Journal