Trojan-Downloader.Win32.agent

[dayz]

yup i have this trojan thing too, and yup i cant, well i can but its not advisable, play wow, which is what notified me of this issue

now im up to step 11 of preliminary removal, so far nothing has actually found anything

before i go onto 12 and 13 thought id leave here the results of rootkit, if it means anything

c:\WINDOWS\system32\dmast.exe - Hidden File

c:\WINDOWS\system32\csnnx.exe - Hidden File

ill be back in a bit with all the info from steps 12 and 13

thanks for your time

 

[chamillitarysk8]

go to lavasoft.com and download and run Win32_Pipeline_Remover

 

[dayz]

ok ill try that

im back from steps 12 and 13, ill post al lthe info just incase

*edit* tool posted in above message found nothing?

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system has some very nasty infections.

Run AVG Antirootkit and have it fix these entries.

c:\WINDOWS\system32\dmast.exe - Hidden File

c:\WINDOWS\system32\csnnx.exe - Hidden File

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Rename HJT as per the instructions HERE.

Post a fresh HJT log as well as a Combofix log and the C:\fixwareout\report.txt .

Regards Howard :wave: :wave:

This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[dayz]

as per your intructions

your time is much appreciated

 

[howard_hopkinso]

Your didn`t attach an AVG Antispyware log as requested. Please do so in your next reply.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAAFCAC-B13B-48C9-87D4-D95B0AC2E968}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log and an AVG Antispyware log.

Regards Howard

This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[dayz]

sorry about the AVG, must of forgot about it, followed above steps, result:

 

[howard_hopkinso]

Your HJT log is now clean.

Run the ccleaner programme as per the instructions in step9 of this thread HERE.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.