JS/Downloader.agent help

[skat148]

I have AVG which has been finding this error for apparently the last few months, but has not been prompting me there is a problem.

Local Settings/Temp/Tempoarary Internet Files/Content.IE5/FZCHBWA6/426919.myshoutbox[1].htm


It says there was an error "healing" this virus, so I'm not sure what to do from here. Can anyone help me? I have attached my HJ .txt log just in case. Thanks.

Samm.

 

[Rik]

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.

You need to pay close attention to renaming hijackthis.exe as you have done it incorrectly.

C:\Program Files\Trend Micro\crusty\HijackThis.exe

Here is a correct example.

C:\Program Files\Trend Micro\HijackThis\Crusty.exe

This thread is for the use of skat148 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[skat148]

Rik,
Thanks for all your help. It took a LONG time, but well worth it, finally got a clean virus scan! I have included the attachments as requested, however, the Combofix wouldn't download, I kept getting a solid blue screen error so I had to use DSS instead. The Panda Rootkit found nothing. My computer is still running a touch slow, anything else I should do?

Your awesome, thanks so much for all your hardwork and help!

Samm

 

[Rik]

Again, hijackthis.exe is not re-named as per the instructions.

You need to post your DDS log instead if combofix wont run.




This thread is for the use of skat148 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[skat148]

I have included the attachments as requested, however, the Combofix wouldn't download, I kept getting a solid blue screen error so I had to use DSS instead. The Panda Rootkit found nothing.

I also went in and fixed re-named the file. My apologies.

 

[howard_hopkinso]

I have removed your log files as they are of no use.

Yiou need to rename HJT as per these instructions.

Since you seem to have problems following instructions, do the following.

Please note: If you have any problems with Combofix, please do the following instead.

Please download Deckard's System Scanner (DSS and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

Close all other windows before proceeding.

This means TURN OFF ALL other security programmes.
Norton Anti-virus, AVG Anti-spyware or any other security programmes you`re running.

Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

Re-enable your security programmes and reconnect to the net.

Go HERE and follow the instructions in step6 and step14 for AVG Antispyware.

That means you should now have four log files.

HJT, AVG Antispyware, Main.txt, Extra.txt.

Post these log files as attachments.

Regards Howard

This thread is for the use of skat148 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[skat148]

I believe this is what I need. Thanks.

 

[howard_hopkinso]

I have no idea what the logfile.txt is, but it sure aint any of the requested log files. Unfortunately, you have still not posted an AVG Antispyware log.

I see you have somehow managed to get a Combofix log, that`s excellent.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab

O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.grazemusic.com/activex/TPIMActiveX.cab

Click on the fix checked button.

Close HJT.

Other than the above, your log files are clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of skat148 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.