TechSpot

8 Step results-TrojanHorseAgent2.GUF

By slayton
May 27, 2009
  1. AVG 8.5 showed I had TrojanHorse Agent2.GUF on my computer.

    Mistakenly I thought AVG was all I needed. After reading some of the threads on here I now know that I dont know much and could be doing a lot better.

    I completed the 8 Step clean, result logs are posted below, results show I also had/have

    Trojan.DNSChanger.

    Any assistance would be greatly appreciated.

    Thankyou
     
  2. slayton

    slayton TS Rookie Topic Starter

    I tried to eedit the above message to include some additional information. The symptoms that led me to realise there was something wrong with the computer were, obvious slowdown, then after 30 mins the computer would lock up, not specific to any program just no response on screen apart from mouse pointer moving, clicking on icons would show nothing and Alt-Tab or Ctl-Alt-Del would not change anything. Holding in Pwr button for 5 seconds would turn off the computer but on restart I would get an alert that an illegal attempt to complete BIOS Update had been attempted.

    Am running WinXP-Pro with AVG8.5, Zone Alarm and PeerGuardian. Am happy to remove AVG and load another recomended Anti Virus/Spyware.

    Other than that, have another home computer and the work laptop which is at home to get to on the weekend and clean up. Will start seperate thread for those, this is the priority computer and the others will not be turned on and used again until I get to working on them.

    Thankyou in advance for any help you provide.
     
  3. touch

    touch TS Rookie Posts: 978

    Hello slayton

    We´ll replace AVG8 with Avast or Avira when your computer are clean.

    According to malwarebyte log, I´ll think you have a rootkit hiding. I´ll therefore suggest you post a combolog ->

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  4. slayton

    slayton TS Rookie Topic Starter

    Combofix scan completed

    here are the log results for the combofix as requested. It did say that the recovery console was not installed, asked me for permission to download and install it, I responded with Yes but it could not find valid internet connection to complete the task and closed it down.

    Other than that, just let me know what is next and I will try to do it as soon as I can. One thing that is frustrating is it keeps on saying I am not logged in on this Techspot website and asks me to do so, at each step of entering information.

    Anyway,

    Thankyou
     
  5. touch

    touch TS Rookie Posts: 978

    Looks like combofix removed the remnant of the rootkit, meaning the log is clean.

    If you have your browser to empty internet cache, on exit, that´s why you´ll have to login every time you visite Techspot.
    If you don´t empty internet cache, make sure there are a checkmark in - Remember Me - on the right, where you type Username and Password.

    Now, let´s replace AVG8

    Uninstall your AVG Antivirus
    Run the AVGRemove Tool

    Install Avira Free AntiVirus, from here ->
    Avira
    Or: Avast

    Install, update the antivirus you have chosen, run a complete scan.

    Attach fresh hijackthis log, and tell how things are running ?
     
  6. slayton

    slayton TS Rookie Topic Starter

    Completed the AVG removal and AVIRA Install, log file of scan attached along with the fresh hijackthis log file. Only concern at this stage is the 3 BDS/Backdoor.Gen picked up by the Avira scan.

    One additional question I have is should I be using or completing a scan on a regular basis (ie 1 per week or more) with the other files used in the 8 step plan like the CCLeaner, Malwarebytes or Super Antispy?

    Thankyou very much for your help so far.

    Sean
     
  7. touch

    touch TS Rookie Posts: 978

    No need to worries, as Avira removed BDS/Backdoor.Gen. ;)

    And hijackthis looks clean.


    If you are doing a lot of surfing on the internet, I´ll recommend you run CCLeaner daily, and Malwarebytes or Super Antispy regularly, or once in a week.


    Click START then RUN
    Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    When shown the disclaimer, Select "2"
    The above procedure will ->
    Delete the following:
    ComboFix and its associated files and folders.
    VundoFix backups, if present.
    The C:\Deckard folder, if present.
    The C:_OtMoveIt folder, if present.
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Set a new, clean Restore Point.


    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    http://www.spywareinfoforum.com/index.php?showtopic=60955
     
  8. slayton

    slayton TS Rookie Topic Starter

    Hi Touch,

    I have completed "Combofix /u" , didn't get a disclaimer or have to select "2" but it said it ran and removed etc

    I will try and get to the other computers in the house and raise seperate help requests over the weekend.

    Anything else I need to do for this computer?

    Thanks for your help so far.
     
  9. touch

    touch TS Rookie Posts: 978

    Nope, you´re done and keep safe ;)
     
  10. slayton

    slayton TS Rookie Topic Starter

    Thankyou very much.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...