Need Help with a client workstation. I keep catching a trojan.agent with malwarebytes and when rebooting and i scan again it comes up with trojan.agent again. Here are my logs for malwarebytes and hijack.
I have ran mcafee corporate editon;cc cleaner;malwarebytes; and super anti spyware. I am stil getting pop ups while browsing with firefox...

Thanks,

Attached Files

	hijackthis.log (7.5 KB, 4 views)
	mbam-log-2009-04-03 (14-23-13).txt (949 Bytes, 5 views)

I offered poor suggestons the first time...
I should have simply referred jmolina to the Virus and Malware removal board,
especially the initial notes by Julio!

ok, Thanks I will try this out..

I deleted the files mentioned;I had already tried this but it keeps recreating a different dll and the scan will still come up with Trojan. agent on malwarebytes>>>

Attached Files

	hijackthis2.log (7.6 KB, 1 views)
	mbam-log-2009-04-03 (17-12-43).txt (949 Bytes, 0 views)

B00kWyrm, please refer to this: http://www.techspot.com/vb/topic120350.html

jmolina, please refrain from doing any Registry Edits.

If you followed the steps set up here: http://www.techspot.com/vb/topic58138.html
You will see that you are missing the SuperAntispyware log. But we'll go with what we have for now:

Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
They will need to verify if this is a company or work Domain: If it is leave the entries. If it is not, check for HijackThis to remove:
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.


Uninstall, then reinstall Spybot Search & Destroy. Be sure Teatimer is disabled for now

Download and Install SDFix from HERE and save to your desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run SDFix
Please update and run Superantispyware after SDFix and follow that with a new HijackThis scan. Attach all logs and report.

It might be good for someone to delete my previous post.
That way it won't be an issue later for someone else stumbling across this thread.
If someone knows how to see that that happens...

1. Registry edits should not be attempted by the casual or novice user,
and should never be advised without adequate caveats...
no matter how certain I may have been that that edit would have done no harm.

2. The eight steps are certainly "Best Practice" strategy for dealing with an infection.

3. The Virus & Malware removal board rules should have governed my reply,
because that is exactly the topic of the question... even if not on that board.

My bad, on at least three counts.

So, jmolina, my sincere apologies, and I hope I did you no harm.

Still getting the Trojan.Agent with malwareBytes after runnig 8step and the recommended scan here are all my logs.

Attached Files

	mbam-log-2009-04-06 (10-12-07).txt (976 Bytes, 1 views)
	ReportSDfixlog.txt (3.2 KB, 0 views)
	SUPERAntiSpyware Scan Log - 04-03-2009 - 19-20-11.log (465 Bytes, 0 views)
	hijackthis3.log (7.5 KB, 0 views)