I need help with Trojan Dropper.Agent.GIT
- Thread starter buljo
- Start date
- Status
The AVG report says it has been cleaned and/or quarantined (ie gone)
To be sure, you should Disable System Restore (removing all restore points)
And then re-enable system restore (and then creating a new restore point
You can Disble system restore, by
right clicking on My Computer
Select Properties
Select System Restore
To be sure, you should Disable System Restore (removing all restore points)
And then re-enable system restore (and then creating a new restore point
You can Disble system restore, by
right clicking on My Computer
Select Properties
Select System Restore
Dropper.Agent.dgo is stil there
I desabled system restore as you sad to me, after that turned back on.
I restarted windows and after restart received massage:
_____________________________________________
RUN DLL
ERROR LOADING C:windows\system32\cehvhfcw.dll
The specified module could not be found
_____________________________________________
After that I couldn't update AVG antivirus, AVG antisyware, AD-Aware, Zone alarm...
My Internet conection is working fine but I can't update.
After all of this my AVG anti-Spyware alert me that he found Dropper.Agent again in Grisoft\AVG7\avgcc.exe
What should I do?
I desabled system restore as you sad to me, after that turned back on.
I restarted windows and after restart received massage:
_____________________________________________
RUN DLL
ERROR LOADING C:windows\system32\cehvhfcw.dll
The specified module could not be found
_____________________________________________
After that I couldn't update AVG antivirus, AVG antisyware, AD-Aware, Zone alarm...
My Internet conection is working fine but I can't update.
After all of this my AVG anti-Spyware alert me that he found Dropper.Agent again in Grisoft\AVG7\avgcc.exe
What should I do?
C:\WINDOWS\system32\byxyy.exe should have been removed.
But I am concerned that there are still more Dropper.Agent on your system.
AVG alerted you to another, did it disinfect it. Can you check AVG logs.
The "error loading..." is a startup entry (shortcut) to cehvhfcw.dll which is now gone.
To remove the startup entry you can use THIS tool, and remove it.
You can also disable other startup entries not required to start with Windows as well.
Due to your other issues with updating, I am asking for support from other members reading this post. To recheck if all malware is removed.
It is likely that any other member will ask for a new HijackThis Log to be created. Therefore can you please attach an updated log in a reply to this message; after restart of using Startup
But I am concerned that there are still more Dropper.Agent on your system.
AVG alerted you to another, did it disinfect it. Can you check AVG logs.
The "error loading..." is a startup entry (shortcut) to cehvhfcw.dll which is now gone.
To remove the startup entry you can use THIS tool, and remove it.
You can also disable other startup entries not required to start with Windows as well.
Due to your other issues with updating, I am asking for support from other members reading this post. To recheck if all malware is removed.
It is likely that any other member will ask for a new HijackThis Log to be created. Therefore can you please attach an updated log in a reply to this message; after restart of using Startup
AlbertLionheart
Posts: 1,997 +3
Pleas go to http://www.kaspersky.com/virusscanner and run the online scanner which will give you a report.
You can also try http://virusscan.jotti.org/ but this is often very busy and I do not have much experience with it.
Please also run hijackthis and post a log. Please make sure you have the latest version and run it as crusty.exe from c:\program files\hijackthis\
You can also try http://virusscan.jotti.org/ but this is often very busy and I do not have much experience with it.
Please also run hijackthis and post a log. Please make sure you have the latest version and run it as crusty.exe from c:\program files\hijackthis\
AlbertLionheart
Posts: 1,997 +3
Hi buljo - not sure what this means in terms of your time zone but look forward to hearing what you find.
Hello again.
This is the situation:
- Dropper agent is still here on my machine.
- Microsoft Internet explorer is for some reason blocked so I can't run http://www.kaspersky.com/virusscanne
- Firefox is working fine but Kaspersky work only with MS Internet Explorer
- I will try http://virusscan.jotti.org/ - result: too busy, try later...............
- HJT is reporting some error with program - ERROR#5, invalid procedure or something...
- This is the log from HJT after reporting error:
(Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.)
My friend told me that he will give me Norton Corporate od CD. What do you think about that idea?
This is the situation:
- Dropper agent is still here on my machine.
- Microsoft Internet explorer is for some reason blocked so I can't run http://www.kaspersky.com/virusscanne
- Firefox is working fine but Kaspersky work only with MS Internet Explorer
- I will try http://virusscan.jotti.org/ - result: too busy, try later...............
- HJT is reporting some error with program - ERROR#5, invalid procedure or something...
- This is the log from HJT after reporting error:
(Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.)
My friend told me that he will give me Norton Corporate od CD. What do you think about that idea?
AlbertLionheart
Posts: 1,997 +3
Please clear these entries using the Hijackthis fix tool
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\1XConfig.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\byxyy.exe
O2 - BHO: (no name) - {4F83066E-60A0-4E62-ABB6-9EB9975E74BC} - C:\WINDOWS\system32\byxyy.dll
O2 - BHO: {bd26969a-62b4-5438-8094-ee7a0367cb58} - {85bc7630-a7ee-4908-8345-4b26a96962db} - C:\WINDOWS\system32\ebeqjrtk.dll (file missing)
O2 - BHO: (no name) - {DD900A82-4DD3-417D-80DC-272DE892B9FB} - C:\WINDOWS\system32\qopno.dll (file missing)
O4 - HKLM\..\Run: [107ca3fe] rundll32.exe "C:\WINDOWS\system32\cehvhfcw.dll",b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
and report on your progress.
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\1XConfig.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\byxyy.exe
O2 - BHO: (no name) - {4F83066E-60A0-4E62-ABB6-9EB9975E74BC} - C:\WINDOWS\system32\byxyy.dll
O2 - BHO: {bd26969a-62b4-5438-8094-ee7a0367cb58} - {85bc7630-a7ee-4908-8345-4b26a96962db} - C:\WINDOWS\system32\ebeqjrtk.dll (file missing)
O2 - BHO: (no name) - {DD900A82-4DD3-417D-80DC-272DE892B9FB} - C:\WINDOWS\system32\qopno.dll (file missing)
O4 - HKLM\..\Run: [107ca3fe] rundll32.exe "C:\WINDOWS\system32\cehvhfcw.dll",b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
and report on your progress.
I decided to Format:C
I decided to Format:C
After that I reinstall my system and AVG, AVG anti spyware, AD-Aware and Zone alarm but Dropper.Agent.GIT i again on my machine in drive D:
This is the log from AVG anti spyware:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:46:23 22.1.2008
+ Scan result:
D:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP10\A0002788.exe -> Dropper.Agent.dgo : No action taken.
::Report end
I decided to Format:C
After that I reinstall my system and AVG, AVG anti spyware, AD-Aware and Zone alarm but Dropper.Agent.GIT i again on my machine in drive D:
This is the log from AVG anti spyware:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:46:23 22.1.2008
+ Scan result:
D:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP10\A0002788.exe -> Dropper.Agent.dgo : No action taken.
::Report end
AlbertLionheart
Posts: 1,997 +3
The virus is in the system restore file - you can either leave it there as it will do no further harm unless you open the file. Or you can clear the system restore files by turning it off (Control Panel > System Restore)
cheers
cheers
- Status
Latest posts
-
10 Things We Hate About Nvidia- Endymio replied
