Trojan Horse Agent2.guf

By liltakashi
May 13, 2009
Topic Status:
Not open for further replies.
  1. Trojan horse Agent2.GUF
    I am running Vista Home edition sp1. I also have AVG Free edition loaded (v8.5.325) with the latest db (270.12.26/2110).

    Whenever I load IE the AVG resident shield chimes in and tells me about a multiple threat : "C:\Windows\System32\gxvxcfuvnfipwnefjysniqyrocquoqivkrsic.dll";"Trojan horse Agent2.GUF";"Infected"

    AVG does not get rid of it.

    I have followed the 8 steps and have attached the output from Hijackthis. I installed the malaware anti-malware but it does not run. WHen I click on it I get a box containing "A program needs your permission to continue" when I click on continue it just disappears.

    I also cannot install Superantispyware. It comes up with the same question as Malaware but then goes to "SuperAntispyware.exe has stopped working".

    Any suggestions please?

    Thanks in anticipation.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:22:27 AM, on 5/13/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16830)
    Boot mode: Normal
  2. touch

    touch Newcomer, in training Posts: 978

    Hello liltakashi

    Download malwarebyte from here:
    http://www.download.com/Malwarebyte...4-10804572.html?tag=mncol;pop&cdlPid=10878968

    Save the file as setup.exe

    Run the setup.exe file
    When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
    If automatic update fail, download the manual update ->
    http://www.gt500.org/malwarebytes/mbam-rules.exe

    Reboot to safe mode

    Go into the Malware folder in through Program Files
    Rename the mbam.exe to 123.exe and run it.
    Do a full computer scan
    Check all and remove/fix/delete them.

    Restart your computer and attachthe log
  3. davidstenglein

    davidstenglein Newcomer, in training

    I have downloaded mbam but will not run. Need help
    david
  4. touch

    touch Newcomer, in training Posts: 978

    Ok. We´ll try combofix then ->

    Please download combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  5. davidstenglein

    davidstenglein Newcomer, in training

    Thank you Touch. The combofix seems to have worked.
    Having trouble posting logfile.
  6. touch

    touch Newcomer, in training Posts: 978

    What kind of trouble ?

    "To attach a log click on New Thread (or use Post Reply in your existing thread).
    Scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
    Click on the Browse button, find the requested log file, and doubleclick on it.
    Now click on the Upload button in the popup. When done, click on the Close this window button."
  7. davidstenglein

    davidstenglein Newcomer, in training

    It worked this time, thank you.

    Attached Files:

    • log.txt
      File size:
      16.4 KB
      Views:
      5
  8. touch

    touch Newcomer, in training Posts: 978

    Great :)

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    If you can update and run malwarebyte now, then please post that log as well
  9. glitchpop

    glitchpop Newcomer, in training

    Thanks touch!
    I had the same problem so i followed your advice.
    Had to run combofix too.
    Here are my logs.

    I ran mbam after combofix and it came up with these three issues. It got rid of them then I ran it again and it came up with nothing! =D

    Thanks for this. Is there anything else I should do now?

    I still have to run avg again.
  10. touch

    touch Newcomer, in training Posts: 978

  11. Lipgloss

    Lipgloss Newcomer, in training

    Thanks touch!
    I had the same problem so i followed your advice.
    Had to run combofix too.
    Here are my log.
  12. touch

    touch Newcomer, in training Posts: 978

    Lipgloss -Why do you post in other users topic, haven´t you read this:
    In your own new thread, as it is confusing with more log´s in same thread.

    I´ll prefer you run the steps in this guide:
    8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Post attached log´s from:

    Malwarebyte
    Superantispyware
    Hijackthis

    In your own new Topic
  13. Lipgloss

    Lipgloss Newcomer, in training

    sorry Touch....no didn't know that...i am new !!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.