Eset Found Trojan

Status
Not open for further replies.
Z

Zedx148

Posts: 12   +0
Bobbye,

Just a reminder that you recently helped me out with my desktop computer and now I've rolled up my sleeves and am attempting to tackle my laptop. (I subscribe to the "teach a man to fish philosophy".)

There were no symptoms I just thought I'd better run some checks. I followed the 8 steps and have included the logs, but skipped combofix. I found "win32/agent trojan" while scanning with Eset.

Thanks again.
 

Attachments

  • mbam-log-2010-06-26 (06-35-00).txt
    891 bytes · Views: 2
  • GMER.log
    6.6 KB · Views: 2
  • DDS.txt
    13.6 KB · Views: 2
  • Attach.txt
    14.7 KB · Views: 0
Good job! It's always helpful when someone knows the 'drill.' I do see 3 entries for McAfee security and it looks like Avast is the AV program.

Go ahead and run the Uninstall: unless you want to keep McAfee and remove Avast.
McAfee Removal

Then follow with: ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
====================
Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
I can move that entry from Eset. This will likely be a quick one. Leave the two logs and I'll check this afternoon.
 
Got it!!

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Processes	
:Files 
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::

Folder::
c:\documents and settings\All Users\Application Data\Spiralfrog
Registry::
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
 
Here are the logs from OTM and Combofix. Thanks again Bobbye!
 

Attachments

  • 06272010_193809.log
    4.6 KB · Views: 1
  • ComboFix.txt
    13.8 KB · Views: 1
Bobbye,

I think that you got reply #6 mixed up with someone else. I haven't run hyjack This yet, and I don't have an ipod.

Let me know what you think.
Thanks again.
 
Oh my word! You're right- his name is Ved. Sorry about that but thanks for the heads up so I could just move them to the right thread,
 
Status
Not open for further replies.

Similar threads

M
Solved Trojan found
2
Replies
47
Views
10K
Broni
Broni
B
  • Locked
Inactive-A Found Trojan:Win32/Fuery.B!cl on my Win7 Laptop
Replies
7
Views
6K
Broni
Broni
M
Solved Trojan found
Replies
18
Views
6K
Broni
Broni

Latest posts

Back