Solved I may have Trogan.Agent/Gen-backdoor

Here are the results of the single detection from the Sophos scan. One thing, the McAffree popped a note saying a trogan was detected while the software was loading and wanted to reboot the computer however I declined and said later. After posting this selected cleanup and exited. Thanks

2014-11-06 02:57:07.139 Sophos Virus Removal Tool version 2.5.3
2014-11-06 02:57:07.139 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2014-11-06 02:57:07.139 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-11-06 02:57:07.139 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2014-11-06 02:57:07.147 Checking for updates...
2014-11-06 02:57:14.160 Update progress: proxy server not available
2014-11-06 02:57:24.710 Option all = no
2014-11-06 02:57:24.710 Option recurse = yes
2014-11-06 02:57:24.710 Option archive = no
2014-11-06 02:57:24.710 Option service = yes
2014-11-06 02:57:24.710 Option confirm = yes
2014-11-06 02:57:24.710 Option sxl = yes
2014-11-06 02:57:24.712 Option max-data-age = 35
2014-11-06 02:57:24.712 Option EnableSafeClean = yes
2014-11-06 02:57:29.070 Option vdl-logging = yes
2014-11-06 02:57:29.099 Component SVRTcli.exe version 2.5
2014-11-06 02:57:29.100 Component control.dll version 2.5
2014-11-06 02:57:29.100 Component SVRTservice.exe version 2.5
2014-11-06 02:57:29.100 Component engine\osdp.dll version 1.44.1.2171
2014-11-06 02:57:29.100 Component engine\veex.dll version 3.56.0.2171
2014-11-06 02:57:29.100 Component engine\savi.dll version 8.1.4.2171
2014-11-06 02:57:29.101 Component rkdisk.dll version 1.5.30.0
2014-11-06 02:57:29.101 Version info: Product version 2.5
2014-11-06 02:57:29.102 Version info: Detection engine 3.56.0
2014-11-06 02:57:29.102 Version info: Detection data 5.04
2014-11-06 02:57:29.103 Version info: Build date 7/29/2014
2014-11-06 02:57:29.103 Version info: Data files added 868
2014-11-06 02:57:29.103 Version info: Last successful update (not yet updated)
2014-11-06 02:58:47.991 Downloading updates...
2014-11-06 02:58:47.992 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement IDE505 LATEST
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement IDE506 LATEST
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement IDE507 LATEST
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement IDE508 LATEST
2014-11-06 02:58:47.992 Update progress: [I49502] Found supplement IDE509 LATEST
2014-11-06 02:58:47.992 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-11-06 02:58:47.992 Update progress: [I19463] Syncing product SAVIW32 44
2014-11-06 02:58:51.388 Update progress: [I19463] Syncing product IDE505 175
2014-11-06 02:58:56.230 Installing updates...
2014-11-06 02:58:57.085 Update progress: [I19463] Syncing product IDE506 201
2014-11-06 02:58:57.085 Update progress: [I19463] Syncing product IDE507 162
2014-11-06 02:58:57.085 Update progress: [I19463] Syncing product IDE508 184
2014-11-06 02:58:57.086 Update progress: [I19463] Syncing product IDE509 140
2014-11-06 02:59:11.751 Update successful
2014-11-06 02:59:29.410 Option all = no
2014-11-06 02:59:29.410 Option recurse = yes
2014-11-06 02:59:29.410 Option archive = no
2014-11-06 02:59:29.410 Option service = yes
2014-11-06 02:59:29.410 Option confirm = yes
2014-11-06 02:59:29.410 Option sxl = yes
2014-11-06 02:59:29.411 Option max-data-age = 35
2014-11-06 02:59:29.411 Option EnableSafeClean = yes
2014-11-06 02:59:29.696 Option vdl-logging = yes
2014-11-06 02:59:29.713 Component SVRTcli.exe version 2.5
2014-11-06 02:59:29.713 Component control.dll version 2.5
2014-11-06 02:59:29.713 Component SVRTservice.exe version 2.5
2014-11-06 02:59:29.713 Component engine\osdp.dll version 1.44.1.2171
2014-11-06 02:59:29.713 Component engine\veex.dll version 3.56.0.2171
2014-11-06 02:59:29.714 Component engine\savi.dll version 8.1.4.2171
2014-11-06 02:59:29.714 Component rkdisk.dll version 1.5.30.0
2014-11-06 02:59:29.714 Version info: Product version 2.5
2014-11-06 02:59:29.715 Version info: Detection engine 3.56.0
2014-11-06 02:59:29.716 Version info: Detection data 5.04G
2014-11-06 02:59:29.716 Version info: Build date 7/29/2014
2014-11-06 02:59:29.716 Version info: Data files added 868
2014-11-06 02:59:29.716 Version info: Last successful update 11/5/2014 8:59:11 PM
2014-11-06 02:59:56.355 Warning: rootkit scan failed to open volume "\\?\Volume{24c953cd-1051-11e0-8748-842b2bb88db4}" (5)
2014-11-06 03:11:50.294 Could not open C:\hiberfil.sys
2014-11-06 03:17:26.429 Could not open C:\pagefile.sys
2014-11-06 03:25:54.425 Could not open C:\System Volume Information\{1958e0bd-618c-11e4-8e5c-842b2bb88db4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:25:54.425 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:25:54.425 Could not open C:\System Volume Information\{9f8182eb-61a0-11e4-b382-842b2bb88db4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:25:54.426 Could not open C:\System Volume Information\{9f8182ef-61a0-11e4-b382-842b2bb88db4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:25:54.426 Could not open C:\System Volume Information\{a80ca550-6206-11e4-a3b4-842b2bb88db4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:25:54.426 Could not open C:\System Volume Information\{b79af94e-6496-11e4-8d21-842b2bb88db4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\bcb9200-7437b728
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-06 03:28:25.421 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-2814169364-3148947929-1862132710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-06 03:28:25.422 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-06 03:28:25.423 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-06 03:28:25.427 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-06 03:28:28.728 Could not open C:\Users\Deb\AppData\Roaming\agaiics.dll
2014-11-06 03:53:27.537 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-11-06 03:53:27.571 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-11-06 04:31:20.351 Could not open LOGICAL:0004:00000000
2014-11-06 04:31:20.364 Could not open E:\
2014-11-06 04:31:20.364 Could not open LOGICAL:0005:00000000
2014-11-06 04:31:20.364 Could not open F:\
2014-11-06 04:31:20.364 Could not open LOGICAL:0006:00000000
2014-11-06 04:31:20.364 Could not open G:\
2014-11-06 04:31:20.380 Could not open LOGICAL:0007:00000000
2014-11-06 04:31:20.383 Could not open H:\
2014-11-06 04:31:20.383 Could not open LOGICAL:0010:00000000
2014-11-06 04:31:20.383 Could not open Q:\
2014-11-06 04:31:20.464 Could not open PHYSICAL:0081:0000:0000:0001
2014-11-06 04:31:20.465 Could not open PHYSICAL:0082:0000:0000:0001
2014-11-06 04:31:20.467 Could not open PHYSICAL:0083:0000:0000:0001
2014-11-06 04:31:20.468 Could not open PHYSICAL:0084:0000:0000:0001
2014-11-06 04:31:20.503 The following items will be cleaned up:
2014-11-06 04:31:20.503 Mal/JNLP-A
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Hi Broni,

I performed all of the above steps that you requested and my computer seems to be running great, however I do have a few questions for you.

1. I ran the Delfix program and it removed most of the fixit tools that were downloaded to my desktop except for the Malwarebytes Anti-Root kit, Sophos Virus removal tool and the MBAM setup exe. Should I remove these as well and is there a special way to do it?

2. Now whenever I go from one web page to another a warning box is constantly coming up. It says: Webpage Error. Do you want to debug this webpage? This webpage might contain errors that might prevent it fro displaying or working correctly. If you are not testing this webpage click no. Then below in a space it says Line: 2, Error: Access denied. How can I get rid of this pest:).
3. When this all started I ran an Mbam scan and nothing came up. The superanti spyware scan that followed indicated the backdoor trogan. So, I'm wondering why the Mbam didn't detect it or did I really not have an infection and it was a false indication of one. Should I continue to use superantispyware as a scanner as well.

I want to thank you for all your time. I'm convinced you're a computer genius and can't tell you how happy I am to of met you. I appreciate your advice and help and am sending you good cheer and energy along with a donation to go out and have a great meal of your liking as your truly deserve more.
 
Back