Trojan.Win32.Agent.bxj

[Valerie1]

Hello, I recently ran Kaspersky online Scanner and the report stated I had one virus that infected 17 objects. It listed 'Infected: Trojan.Win32.Agent.bxj' on all 17 files. What is Trojan.Win32.Agent.bxj? How can I remove it? Any help,assistance, or direction would greatly be appreciated!

Error: 1146 Table 'majorgee_mac.esselbach_st_dlweekly' doesn't exist. I obtain this error message when trying to access certain web sites. I don't know what this error is and more importantly how to fix it. These are sites I have been able to access in the past w/out any complications. Any suggestions?

v

 

[howard_hopkinso]

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

Alright, here it goes. Online virus scanner, these were the results however it didn't fix them, Vulnerability in vector markup language could remote code execution (929969), cumulative security updated for internet explorer (931768),cumulative sercurity update for internet explorer (933566), MS07-045, MS07-050. I clicked the fix errors button, a new scan occured and the same results were listed. As for Panda Antirootkit, no rootkits. The AVG-Anti-Virus, no threats were found. SS&D, no problems. Do I need to change it back from advanced mode to default mode yet? Ad-Aware personal se found two cookies and I deleted them. Also, nothing was found on the vundofix and VirtumundoBeGone. I have attached the AVG Antispyware (report scan), Comobix, and HijackThis as requested. Let me know my next course of action. Thanks!

 

[howard_hopkinso]

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

Can you please gibve me some links to the websites you`re having problems with?

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

help please

Attached is the avenger text per your request. The combofix is presenting some problems. I tried to run it on several occassions. Each time the message stated combofix is preparing to run, could not find the file, then it would advance to the next screen stating it could take 10 minutes or longer. The next thing a would recieve a pop stating combofix has detected the presence of rootkit activity and needs to reboot. It rebooted over four times and still kept displaying the same information. I ran the AVG anti-rootkit, it came back clean. Ever since I ran combofix, my firewall is being disable. Each time I start my computer a message appears that my firewall is off. I go and turn it back on. Also, each time I start up my computer my display settings,times, and other things are different. I have to go and change them.


As far as the websites, the ones I was receiving the error messages for. I am able to access them now w/out any complications or problems.

 

[howard_hopkinso]

Delete Combofix from your system and reboot it.

Run the Panda Antirootkit scan as per step11 or these instructions and let me know the results.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

help please

alright, just wanted to let you know that i believe to have the comodo firewall working properly again. as far as the changes that kept occurring after i logged off and on, they longer seem to occur. i just now have about twenty connections trying to access. i just have been denying them for now because i honestly have no idea what they are. i can create a separate log for those or just wait until we finish up here. thanks!

 

[howard_hopkinso]

Please post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

help please

the panda anti-root kit found no rootkits. attach texts as request. Thanks!

V

 

[howard_hopkinso]

Your log files are clean.

Can you let me know what connections are asking for access?

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

glad to hear that the files are clean, so i no longer have trojan.win32.agent.bxj? here's a few of the programs that are trying to access,
aolsoftware.exe, explorer.exe, ehrec.exe, svchost.exe, mmcomponentmgr.exe (the message that displays w/this program, discover drop and display system are trying to act as servers and when i deny i receive a pop up that socket initialization failed), disstreamhub.exe (same message that it is trying to act server), avginet.exe. just started w/a few because there are many more

also, the online scanner that i ran @ the beginning, i recall it didn't find any errors just some vulnerabilities, will some of the programs that installed handled them or is there anything else that i need to do to protect myself from further malware,viruses, trojans, etc. i know i'm getting off the subject, sorry, just want to make sure my pc is fully protected. thanks again howard for all your patience and support during this time. i really do appreciate everything you have done so far to help me.

v

 

[howard_hopkinso]

mmcomponentmgr.exe=Music match.
aolsoftware.exe=Self explanatory.
explorer.exe=Windows
svchost.exe=Windows
ehrec.exe=Microsoft Windows Media Center Recording Process
avginet.exe=AVG Update downloader, part of AVG Antivirus.

The above are all safe applications that you should allow. I think you`re worrying unnecessarily.

In order to keep your system more secure, see this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

Hey Howard, I ran the kasperksy online scanner again and it still shows trojan.win32.agent bxj and it now shows another virus Trojan.Win32.Pakes.abl.

 

[howard_hopkinso]

Can you please give me the filepaths to the files that Kaspersky says are infected?

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

infected files

as requested. thanks!

 

[howard_hopkinso]

All those items are in your system restore points.

These can easily be deleted by doing the following.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

need more help

alright, i did the system restore and files :\System Volume Information\_restore Infected: Trojan.Win32.Agent.bxj are no longer there when I ran the kaspersky online scanner. That's great! The bad news is now its show other malware. This is what it came up with

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032/instbb.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032/instbb.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032/instbb.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032 CAB: infected - 3

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032 MimarSinan: infected - 3 skipped

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032 UPX: infected - 3

C:\Documents and Settings\HP_Administrator\.housecall6.6\Quarantine\exactofferd8.exe.bac_a04032 CryptFF.b: infected - 3

C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p


I ran all the scans again and everything came back clean.

 

[howard_hopkinso]

6 of those items are in Housecall`s quarantine folder. just delete it. I would have expected you to notice that.

The SmitfraudFix\Reboot.exe is not nasty and is part of the SmitFraudfix removal tool. It does sometimes get flagged by some antivirus scanners, but this is a false positive.

Killwind.exe is from HP and is not nasty.

I don`t know why you feel the need to keep doing online scans, but all you`re doing is worrying needlessly.

As far as I`m concerned, your system is clean.

Now stop worrying and enjoy it.

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Valerie1]

Http 404

I have not been able to access some websites. This is the message I receive;

This page was generated automatically via ispCP Omega. Please upload your own index.html file.

If you are the Administrator of this domain, please login here

I click the login here button the receive a http 404 error message. What is this?

 

[howard_hopkinso]

What websites are you trying to access?

Regards Howard

This thread is for the use of Valerie1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.