JS/Downloader.Agent Problem

Status
Not open for further replies.
K

kaushikparsha

Posts: 8   +0
Hey,

I am using a Laptop with Vista for 3-4 months now, and since yesterday I started getting a "threat detected" msg from AVG Anti-virus saying that a virus called "JS/Downloader.Agent" has been found.

Unfortunately AVG is unable to heal.... but is able to just move the file to the virus vault.
But that doesnt seem to solve the problem...as it is happening very frequently .....whenever i browse the internet using Internet explorer.

Can you guys please help me out with this....

Thanx.
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of kaushikparsha only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hey Howard...Thanx for the prompt reply

I tried my best to follow ur instructions.... Have been thru all steps upto 11 when the AVG anti-rootkit ( I am on VISTA) decides not to setup correctly....

Its just not working...its seting up OK but just not starting up.....
No error message.... nothing... Just doesn't start up....

Tried downloading the installer file from two different sources... but same problem

Did it after disconnecting from the net as directed....

Any way around the problem?
Can I by-pass this hurdle? Is there another way?



BTW... The SMITfraudfix found something and killed it ... I am attatching the Log file...

The VirtumondoBeGone and VundoFix found Nothing!!!
Also attached is the log file for the VirtumondoBeGone

Kindly do reply....
 
Yes, just skip the AVG Antirootkit.

I need you to post HJT, AVG Antispyware and Combofix logs.

Regards Howard :)

This thread is for the use of kaushikparsha only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here are the 3 Logs ...
But The problem still seems to be very much there......
Might have to redo the steps all over again....
Or you might point out something in the logs to solve the problem...
I hope...

And yeah.... now my Security center has stoped working ... attempts to get it started meet with a response saying "Security Centre Service Cannot Be Started"
 
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
Note: Please delete any existing copy of Flash Disinfector(if any) on your pc and download this one.

* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
* Restart your computer and see if problem still persists.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:


File::
C:\Windows\System32\sysmain.dll
C:\Windows\System32\ntprint.exe
Folder::
C:\qoobox
C:\VundoFix Backups
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eadfd876-0ed6-11dc-a0ef-0016d399b25b}]
Click to expand...


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard :)

This thread is for the use of kaushikparsha only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hey Howard,
Done all i am supposed to but doesnt seem to be working....
Hope there is some way around it.....
anyways here are the new combofix and HJT logs....

One more thing... Ever since i started getting Threat Warnings from AVG, three days now, the AVG scan reveals 2 files in the scan....

1. ntoskrnl.exe with the location at C:/Windows/system32/ntoskrnl.exe and,
2. hosts located at C:/Windows/system32/drivers/etc/hosts

The "RESULT/INFECTION" status in the AVG scan always says "CHANGED"....
But no action is taken.

It doesn't report them as an Infected file though.... but shows these two files everytime I run the scan.....

Could this mean anything?
Would you like me to attach a LOG file of the AVG anti-virus scan?

Also...Windows is reporting that the SECURITY CENTER cannot be started....any reason why?
 
AVG reporting those files as changed is nothing to be concerned about.

Please do the following.

Please RogueRemover; Save the file rr-free-setup.exe to your Desktop, do not Run it.

* Double-click on rr-free-setup.exe to install:

rogueremover.png


# The program should open automatically after installation. If it does not, Double-click on the desktop shortcut (or open C:\Program Files\RogueRemover <=this folder and double-click on RogueRemover.exe) to start the program;
# Select Check for Updates;
# When prompted, select Check for Updates;
# Your firewall may be blocking its check. Just keep clicking Check for Updates until you are prompted with a Download option.
# If prompted again, click Download to receive the latest updates;
# When updating completes, close the update window;
# Finally, select Scan and the program will walk you through the remaining steps.

Then, do this.

Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe to your desktop.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Attach the DrWeb.csv log

Regards Howard :)

This thread is for the use of kaushikparsha only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here are the contents of the log...

Process.exe;A:\Programmes\Anti-Virus\SmitfraudFix;Tool.Prockill;Deleted.;

restart.exe;A:\Programmes\Anti-Virus\SmitfraudFix;Tool.ShutDown.11;Incurable.Deleted.;

HPUpdateObjects.js;C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck;Probably SCRIPT.Virus;Incurable.Deleted.;

defrag.js;C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\objects;Modification of VBS.Generic.217;Incurable.Deleted.;

Doesn't seem to have helped...the problem still exists though!!

How do the HJT logs look like...any problems there?
 
Your log files look fine.

Delete this folder.

C:\qoobox

I`m not sure what`s causing your problem with the Windows security centre.

Maybe you should open a new thread for that particular problem in our Windows OS forum.

Regards Howard :)

This thread is for the use of kaushikparsha only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
N
Windows 11 review round-up: Better than Windows 10, but still a work in progress
2
Replies
30
Views
6K
loki1944
L
D
Solved PC Shutting Down During Malware Scans, Presumed Malware Infection (Windows 7)
2
Replies
27
Views
7K
Broni
Broni

Latest posts

Back