TechSpot

How to get rid of JS/ Downloader Agent ..newbie

By umrici
Feb 20, 2008
  1. Hi everyone.
    I need some serious help in getting rid of this Virus. AVG cant cure it....i don't kbow how to get rid of it....


    Can you'all help?

    RT
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  3. umrici

    umrici TS Rookie Topic Starter

    Working on it

    Thanks for your prompt reply... Working on the process , will post soon
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, if you have any issues STOP the process. Do not keep going without posting your issue in this thread. Thanks
     
  5. umrici

    umrici TS Rookie Topic Starter

    Log Question

    I am new at this so please help and bear with me. I got the Hijack this log .. how do i get the other 2 ?
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, first I want you to update your Java Runtime

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 4
    • After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
    • Go to add/remove programs and you should have 2 Java versions listed, uninstall the old version in your case Java 6 Update 2

    Then proceed through the instructions in the link I provided in my first response (15 steps -> you are definitely infected)
     
  7. umrici

    umrici TS Rookie Topic Starter

    GIves me an Error Message .. SO could not do it .... Also here is the other log from Combofix .
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    KillBox
    • Download KillBox and unzip/extract it to your desktop from HERE
    • Launch Killbox and place a check in 'Delete on Reboot'.
      In the 'Full path of file to delete' box,copy and paste:
      Code:
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe
    • Then press the option ALL Files button
    • Then press the red button with the white cross.
    • A confirmation box pops up asking if you want to reboot now. Select NO
    • In the 'Full path of file to delete' box,copy and paste:
      Code:
      C:\WINDOWS\KesenjanganSosial.exe
    • Then press the red button with the white cross. It will provide a window for you to confirm the delete and it will ask if you now wish to reboot,select YES.
      Allow it to reboot.
      If it does'nt reboot automatically,reboot manually.
    ----------------------------------------------------------------------------------------------------------------------------------
    Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Once the updates have been installed,exit SuperAntiSpyware.

    With nothing else open, Launch Hijackthis select Do a System Scan Only
    Put a check next to the following entries

    • F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
      F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
      O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
      O1 - Hosts: <html><head>
      O1 - Hosts: <title>404 Not Found</title>
      O1 - Hosts: </head><body>
      O1 - Hosts: <h1>Not Found</h1>
      O1 - Hosts: <p>The requested URL /News/cmbrotlu3/Host16.css was not found on this server.</p>
      O1 - Hosts: <hr>
      O1 - Hosts: <address>Apache/2.0.54 (Unix) DAV/2 PHP/4.3.11 Server at www.20mbweb.com Port 80</address>
      O1 - Hosts: </body></html>
      O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Select Fix Checked
    ------------------------------------------------------------------------------------------------------------------------------
    Scan with SuperAntiSpyware
    • Start SuperAntiSpyware.
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.

      It's possible that the program will ask you to reboot in order to delete some files.

      Obtain the SuperAntiSpyware log as follows:
      Click on 'Preferences'.
      Click on the 'Statistics/Logs' tab.
      Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
      It will then open in your default text editor,such as Notepad.
      Attach the notepad file here on your next reply
    --------------------------------------------------------------------------------------------------------------------------------


    ***Your next reply please post
    1)Superantispyware log
    2)New Hijackthis log
    3)New Combofix log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...