Win32 trojan agent 2

By SerpentCultist
Apr 19, 2009
Topic Status:
Not open for further replies.
  1. Hi, I tried searching the forums for answers before posting, but I just couldnt find anything that could compare.

    So a few days ago I noticed that whenever I click a search engine link, I get redirected, and I could not visit most anti virus websites, and even if I could download an Anti-Virus, it would not run.

    I then downloaded SuperAntiVirus and ran it in alternative mode, it cleaned up some stuff and I was able to visit anti virus websites (still cant run most anti-virus applications though, and websearches are still redirected. Firefox now runs more slowly as well.), so I download Avira (didnt do anything), Vipre (didnt do much), and Ad-Aware.

    Ad-Aware finds a bunch of infected files and removes them, one of which is "Win32TrojanAgent2." This virus keeps coming back with EVERY Ad-Aware scan, even though Ad-Aware keeps deleting it, it is the only thing that keeps coming back.

    I did everything, but I cannot get rid of it.

    I realized that you guys usually ask for Hijack This logs, so heres mines... I cant run Mbam, so I couldnt give it sorry.


    I took the "h" out of "http", and a "w" out of "www" so it would let me post this... Excuse me for that.


    I hope you guys can help me, I would really appreciate it, as this thing is making me go crazy!

    Thank you.
  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,550   +18

    You _will_ find the help you need here...

    First, if you have not already done so...

    You need to read, understand, and strictly follow the directions
    which you find at the top of this board.

    Start with... http://www.techspot.com/vb/topic120350.html
    Then ... http://www.techspot.com/vb/topic58138.html
    Followed by ... http://www.techspot.com/vb/topic65943.html

    Once you have posted the three (3) logs mentioned in the 8 steps,
    one of the experienced helpers will be more able to assist you.

    How to post your Hijackthis log-file as an ATTACHMENT:
    http://www.techspot.com/vb/topic19133.html

    Good Luck. Repost if you have difficulties along the way.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    The moderator will be around and delete the pasted log, but since I see it now, let's handle it:

    Real Time Protection needs to be temporarily disabled while scanning. You are running AdWatch:
    AD-AWARE AD-WATCH
    You have a DNS Changer malware infection:
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.79,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.79,85.255.112.213

    You'll recognize this Trojan by checking the DNS server assignments on the computer that does not update. Do this by following these steps:

    Reset router
    Please run Malwarebytes, Superantispyware and rescan with HijackThis. Attach logs from all three programs.

    There are several entries in the HJ log that will need to be removed, but the other 2 programs need to be run first, then HJ again. Please do not add or remove any programs or entries unless told to do so by your helper.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.