How to get rid of JS/ Downloader Agent ..newbie
- Thread starter umrici
- Start date
Blind Dragon
Posts: 3,774 +4
Sure,
Can you please follow some preliminary instructions found Viruses/Spyware/Malware, preliminary removal instructions
Then post back in this thread with 3 logs
1)Hijackthis log
2)combofix log
3)AVG log
This thread is for the use of umrici only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Can you please follow some preliminary instructions found Viruses/Spyware/Malware, preliminary removal instructions
Then post back in this thread with 3 logs
1)Hijackthis log
2)combofix log
3)AVG log
This thread is for the use of umrici only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Blind Dragon
Posts: 3,774 +4
Ok, if you have any issues STOP the process. Do not keep going without posting your issue in this thread. Thanks
Blind Dragon
Posts: 3,774 +4
Ok, first I want you to update your Java Runtime
Update your Java Runtime Environment
Then proceed through the instructions in the link I provided in my first response (15 steps -> you are definitely infected)
Update your Java Runtime Environment
- Click the following link
Java Runtime Environment 6 Update 4 - After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
- Go to add/remove programs and you should have 2 Java versions listed, uninstall the old version in your case Java 6 Update 2
Then proceed through the instructions in the link I provided in my first response (15 steps -> you are definitely infected)
Blind Dragon
Posts: 3,774 +4
KillBox
Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
With nothing else open, Launch Hijackthis select Do a System Scan Only
Put a check next to the following entries
Select Fix Checked
------------------------------------------------------------------------------------------------------------------------------
Scan with SuperAntiSpyware
***Your next reply please post
1)Superantispyware log
2)New Hijackthis log
3)New Combofix log
- Download KillBox and unzip/extract it to your desktop from HERE
- Launch Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
Code:C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe - Then press the option ALL Files button
- Then press the red button with the white cross.
- A confirmation box pops up asking if you want to reboot now. Select NO
- In the 'Full path of file to delete' box,copy and paste:
Code:C:\WINDOWS\KesenjanganSosial.exe - Then press the red button with the white cross. It will provide a window for you to confirm the delete and it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.
Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
- Launch SuperAntiSpyware and click on 'Check for updates'.
- Once the updates have been installed,exit SuperAntiSpyware.
With nothing else open, Launch Hijackthis select Do a System Scan Only
Put a check next to the following entries
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <html><head>
O1 - Hosts: <title>404 Not Found</title>
O1 - Hosts: </head><body>
O1 - Hosts: <h1>Not Found</h1>
O1 - Hosts: <p>The requested URL /News/cmbrotlu3/Host16.css was not found on this server.</p>
O1 - Hosts: <hr>
O1 - Hosts: <address>Apache/2.0.54 (Unix) DAV/2 PHP/4.3.11 Server at www.20mbweb.com Port 80</address>
O1 - Hosts: </body></html>
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Select Fix Checked
------------------------------------------------------------------------------------------------------------------------------
Scan with SuperAntiSpyware
- Start SuperAntiSpyware.
- On the main screen click on 'Scan your computer'.
- Check: 'Perform Complete Scan then Click 'Next' to start the scan.
- Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
- Make sure everything found has a checkmark next to it,then press 'Next'.
- Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your next reply
***Your next reply please post
1)Superantispyware log
2)New Hijackthis log
3)New Combofix log
Similar threads
- Locked
Latest posts
-
Nvidia reaches historic 92% GPU market share, leaves AMD and Intel far behind- Squid Surprise replied
-
Resident Evil 9 returns to Raccoon City, coming next February- NumberNine replied
