Trojan horse Agent2.GUF

[clarrieg]

I am running Vista Home edition sp1. I also have AVG Free edition loaded (v8.5.325) with the latest db (270.12.26/2110).

Whenever I load IE the AVG resident shield chimes in and tells me about a multiple threat : "C:\Windows\System32\gxvxcfuvnfipwnefjysniqyrocquoqivkrsic.dll";"Trojan horse Agent2.GUF";"Infected"

AVG does not get rid of it.

I have followed the 8 steps and have attached the output from Hijackthis. I installed the malaware anti-malware but it does not run. WHen I click on it I get a box containing "A program needs your permission to continue" when I click on continue it just disappears.

I also cannot install Superantispyware. It comes up with the same question as Malaware but then goes to "SuperAntispyware.exe has stopped working".

Any suggestions please?

Thanks in anticipation.
Richard

 

[clarrieg]

Extra info

I could not find the url listed for malaware and I suspect my browser is redirecting me on occasions.

When I googled this I only get french sites (3 of them), and when I google on other related search terms I get gogle results buit they donlt look like google - one line entries slightly differently formatted and even when there are only (say) 3 sites there also appears the next control at the bottom with loads of page numbers.

 

[msra7kl2]

I have exactly the same problem as you! my laptop would not turn on properly, it start up window keeps on freezing everytime i turn it on, and occasionaly it works(after almost 10 tries, by restarting the laptop over and over again). I just run AVG and its said i got trojan horse agent2.guf virus, and my MAlware would not work either, same case as you.
can anyone please please help!

 

[kazlin]

agent2.guf

Yup same problem the trojan wouldn't let me install removal tools or do a system restore, then I had an idea I tried a recovery disk did a sys restore from there and this seems to work all my old functions restored, when I had it it wouldn't let avg accses the internet for upate after the sys restore avg was able to check for updates.
Hope this is of some help. ps. The trojan also wouldn't let me do a defrag with defraggler it's now working I think it's definatly gone.

 

[msra7kl2]

thanks alot! so you reformated ur pc and it get rid of it? can you access the internet as normal? i can access to my normal document as normal with trojan, but its blcoking me from using the internet at the moment

 

[kazlin]

agent2.guf

No I didn't reformat, first I tried to restore from the hd but the trojan wouldn't let me, kept getting the message hd failure (like you it was doing wierd things to my internet connection) it also wouldn't let me insatall any spyware removal. I was by this time getting desperate then I remembered my recovery disk (Vista) I was going to reformat as a last option but on the recovery disk there were repair tools one of which was repair last restore, I think as long as you don't boot off of the hard drive you'll be ok. my guess is when you boot from the hd it sits in memory and the just writes back to the hd, with the recovery disk it loads it's own version of vista to memory thus bypassing the hd so the trojan is not in memory the system restore worked this time and so far it definately looks like its gone (no more weird internet connectons and the update manager to avg connects again) firefox has also strarted
behaving it's self again. Hope this helps. Kaz

 

[willmaryland]

not that it matters

I had chrome, IE 8, firefox, safari, and opera installed and all but chrome and opera are affected by this. so far no solution yet without reinstalling the os. Im really looking for a way to get this done as I cant seem to find the old repair option with windows vista as it was in windows xp. I have windows 7 on another machine and its installation process is a little more sound and with some poking around the repair option is available. maybe im missing something vista doesnt have this option with out a restore disk? ohh well. I will figure this one out Just wanted to let anyone with this issue know atleast those two browsers dont appear to be affected by this.

 

[bengerman]

I had the same problem, google redirects, blocked pages and applications, performance loss and so forth...
What I did is I used combofix (combofix.org) and just gave it some time to fix the system -- which it did! While it looks don't inspire a whole lot of confidence, it seems to work perfectly for this particular trojan.
I hope this helps you guys! Cheers, Ben

 

[willmaryland]

Think I got it

need to finish this off but here it goes.

after finding this while running safari, IE 8, & Firefox, I found Google Chrome and Opera Browsers had no issue with this trojan and was not affected,

What I have done so far and so far am virus free (not really free it will come back when I open one of the affected browsers) I originally was unable to run any other scanning engine with out renaming the main .exe file so that the tojan could not disable it in the registry (cant believe microsoft left that open) and was unsecussful in deleting the infection in normal windows modes. So I...

1- Ran scan with AVG found location and name in scan. Found it renames itself upon reboot but was easy to find it was a .dll file that had a long stream of random charicters. Noted it was in the system32 directory.

2- Rebooted into safe mode and deleted long random stream of charicters and then rebooted. Dll file name usually started with the letter G

3- booted into normal mode and have been able to run malwarebytes and AVG antivirus. So far no viruses after three hours.

So far I have only ran google chrome and opera browsers and am hesitant to run the others.

I am going to remove all three of the other browsers. manually delete their program file directories and remove the registry entries for firefox and safari only. I know since i have windows i cant remove the IE registry entries with out damaging IE since a removal is only a roll back to the original state of IE upon windows os installation.

If removal works and reinstallation causes no issues I will post back and let someone know how to get this gone. This was one pain in the *** so far. and hopefully this will allow better remidation/removal.

 

[jeffzonfyre]

bengermen

how did you run combofix?

each time i run it, the trojan seems to prevent it from running.

After my laptop beeps twice and says something like you should shut down AVG

and then combofix never loads from there..

anyone figure out a solution yet? really bothering me

 

[bengerman]

jeffzonfyre,

combofix ran quite fine with me... never even had to shut down avg. are you logged on with administrator rights? before I ran combofix, I made avast run a test before windows even booted up, so it might have killed some of its files and combofix just finished it off for good. or maybe it worked because I never downloaded the exe-file but opened it right out of the browser.
you have to give it some time, though, it took several minutes until it started working when I tried it. After that it will shut down must of your system and run what looks like a ms-dos application.

Hope this helps and good luck.

 

[willmaryland]

No fix

Well to no end there is no complete fix on a windows system.

to run any scanning software (such as malwarebytes antimalware, etc) you need to rename the executable to something new I took nbam.exe and renamed it to new.exe and ran the scan.

Ultimitally I found that running the computer in safe mode, and deleting the infected file, then restarting into normal mode and uninstalling, IE 8, firefox, and safari, and removing their program file folders.

That worked (atleast I thought it did) I used opera to download and reinstall safari and firefox. after the reinstall things went ok when opening firefox and safari. No notifications etc., even a scan showed no infections. Then i launched IE (which being a main windows component never got totally uninstalled it just reverted back to the operating system version that was pre installed) and IE infected my pc again. and now back to square 1. All three browsers are infected again. Safari, Firefox and IE.

I have went back through and completed the steps above. this time I have removed all links on my profile for Internet Explorer. I will blow my machine away and start from scratch but this allows me to run infection free until i have everything backed up and can start over.

 

[jeffzonfyre]

bengerman

thanks a lot

combofix ended up working

It just took around 5 minutes after i clicked combofix.exe to load the blue screen and after a restart later, combofix took about 20 minutes to completely clean everything up.

I think its fine now.


Thanks a bunch

 

[a1ddy]

i had it download avg antirootkit free from pc world its free and scatters it then defrag and run virus scan n problems solved