TechSpot

JS downloader.agent

By etvousetmoi
Jul 1, 2008
Topic Status:
Not open for further replies.
  1. Hi, my name is Nadia. I have a virus on my computer which is very stubborn. AVG repeatedly detects it as JS downloader.agent. I have run several scans, installed BitDefender, tried SmitfraudFix and nothing has worked. What should I do?
    Any help would be appreciated. Thanks
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  3. etvousetmoi

    etvousetmoi TS Rookie Topic Starter

    Logs

    Here is the SAS log. I completed the Panda Rootkit scan, but how do I access the log? No rootkits were found. Combofix is running now, so I should have that log shortly.
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    you dont need to post the log for panda just if it found something post what it found

    download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here. to boot into safe mode reboot computer and start tapping the F8 key until you get to a menu select safe mode. Please post a fresh hijackthis log after running the software

    SDFix:
    http://www.bleepingcomputer.com/files/sdfix.php
  5. etvousetmoi

    etvousetmoi TS Rookie Topic Starter

    I have completed all the steps in the guide. Here are the last logs, including the SDfix log you described.
  6. etvousetmoi

    etvousetmoi TS Rookie Topic Starter

    I forgot to include the HJT log.
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Your logs look clean let me know how your computer is running also make sure to delete everything super anti-spyware found one more thing

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    • 1. Turn off System Restore.
      • On the Desktop, right-click My Computer.
        Click Properties.
        Click the System Restore tab.
        Check Turn off System Restore.
        Click Apply, and then click OK.
      2. Restart your computer.

      3. Turn ON System Restore.
      • On the Desktop, right-click My Computer.
        Click Properties.
        Click the System Restore tab.
        UN-Check Turn off System Restore.
        Click Apply, and then click OK.
    System Restore will now be active again.
  8. etvousetmoi

    etvousetmoi TS Rookie Topic Starter

    The virus is completely gone. Everything is working perfectly. Thank you for all your help!
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Just a few more things I would do to tidy up

    Have Hijackthis fix these orphaned entries
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)


    ---------------------------------------------------------------------

    Go to add/remove programs and uninstall anything related to Viewpoint
  10. etvousetmoi

    etvousetmoi TS Rookie Topic Starter

    Thanks for all the help. I've followed all the instructions and everything seems to be working better than ever.
    Just out of curiosity, what were the files in HJT that I deleted?
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Blind Dragon:
    Hey just wanted to ask I know that they are related to AOL but since I did not see any malware related would it be better to remove from now on when i see this.

    etvousetmoi:
    they are related to AOL Toolbar and one is for the viewpoint which I belive plays videos
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    At one point we considered it an optional removal (foistware) but now they suggest removing it always


    How to prevent it from being recreated every time you run the AOL software:
    • Open AOL
    • Go to Help on the toolbar
    • Select About AOL
    • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
    <- This used to work
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.