TechSpot

Trojan-Downloader.Win32.agent

By dayz
Mar 28, 2007
Topic Status:
Not open for further replies.
  1. yup i have this trojan thing too, and yup i cant, well i can but its not advisable, play wow, which is what notified me of this issue

    now im up to step 11 of preliminary removal, so far nothing has actually found anything

    before i go onto 12 and 13 thought id leave here the results of rootkit, if it means anything

    c:\WINDOWS\system32\dmast.exe - Hidden File

    c:\WINDOWS\system32\csnnx.exe - Hidden File

    ill be back in a bit with all the info from steps 12 and 13 :)

    thanks for your time
     
  2. chamillitarysk8

    chamillitarysk8 TS Rookie Posts: 168

    go to lavasoft.com and download and run Win32_Pipeline_Remover
     
  3. dayz

    dayz TS Rookie Topic Starter

    ok ill try that

    im back from steps 12 and 13, ill post al lthe info just incase

    *edit* tool posted in above message found nothing?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system has some very nasty infections.

    Run AVG Antirootkit and have it fix these entries.

    c:\WINDOWS\system32\dmast.exe - Hidden File

    c:\WINDOWS\system32\csnnx.exe - Hidden File

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Rename HJT as per the instructions HERE.

    Post a fresh HJT log as well as a Combofix log and the C:\fixwareout\report.txt .

    Regards Howard :wave: :wave:

    This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. dayz

    dayz TS Rookie Topic Starter

    as per your intructions

    your time is much appreciated
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your didn`t attach an AVG Antispyware log as requested. Please do so in your next reply.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAAFCAC-B13B-48C9-87D4-D95B0AC2E968}: NameServer = 85.255.115.2,85.255.112.6

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.6

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log and an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. dayz

    dayz TS Rookie Topic Starter

    sorry about the AVG, must of forgot about it, followed above steps, result:
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Run the ccleaner programme as per the instructions in step9 of this thread HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of dayz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.