TechSpot

Trojan.Agent and Downloader.BI

By j4m32
May 20, 2005
  1. hi,

    i have XP on my New Pc eeuhhh.... puke: :dead: :knock:
    i was searching on google when a few pop ups appeared i closed them then...
    explorer startede messing around then i changed a few setting i fixed them with good ol regedit and got rid of 99 % now the trojan is still paying around with me i have used trendmicro activscan etc none clear it fully please help

    forward notice any help is appreciated...

    j4m32,
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Go HERE and follow the instructions carefully. Print them out if you can.

    Once you have done that, go HERE for instructions on how to post your Hijackthis log.

    Regards Howard :)
     
  3. j4m32

    j4m32 TS Rookie Topic Starter Posts: 49

    Sorry for got to reply sooner...

    i have managed to clear it using these programs in this order i found out it replicates it self and the somethin32's.exe usualy are the downloaders.... others are the trojans them selves:

    1. Run Spybot S & D - should find loads of registry keys that initialse the trojan...... :)

    2. Then Run A-Squared or a² it should find some Trojans either in memory or in C:\WINDOWS or C:\WINDOWS\System32 usualy in system 32 they are something32.exe and in windows something.exe :( :(

    3. Get Bullguard and finally scan with this :cool:

    4. Click Start Run then type "msconfig" and goto the startup tab and get rid of any of the file names that were found to startup incase they replicate under the same name again..... :dead:

    5. Run Anything like Trendmicro Housecall or Panda Active scan just in case :)

    The side affects from this trojan is it changes your theme the little bum!!
    so goto "HKEY_CURRENT_USER\Software\Policies\\Microsoft\" and delete unusual policies infered on the regeistry.....

    if you cannot delete a registry key in Spybot S & D and need to restart try Regedit in start run following the registry key and deleting it manually...

    if it is an exe you cant delete you can with this trojan rename some of these files more likely with something.exe's then 32.exe

    thanx ne ways any need for explination / help e-mail me at j4m32@xasamail.com
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.