JS downloader.agent

Status
Not open for further replies.

etvousetmoi

Posts: 6   +0
Hi, my name is Nadia. I have a virus on my computer which is very stubborn. AVG repeatedly detects it as JS downloader.agent. I have run several scans, installed BitDefender, tried SmitfraudFix and nothing has worked. What should I do?
Any help would be appreciated. Thanks
 
Logs

Here is the SAS log. I completed the Panda Rootkit scan, but how do I access the log? No rootkits were found. Combofix is running now, so I should have that log shortly.
 
you dont need to post the log for panda just if it found something post what it found

download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here. to boot into safe mode reboot computer and start tapping the F8 key until you get to a menu select safe mode. Please post a fresh hijackthis log after running the software

SDFix:
http://www.bleepingcomputer.com/files/sdfix.php
 
Your logs look clean let me know how your computer is running also make sure to delete everything super anti-spyware found one more thing

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • 1. Turn off System Restore.
    • On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.
    2. Restart your computer.

    3. Turn ON System Restore.
    • On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      UN-Check Turn off System Restore.
      Click Apply, and then click OK.
System Restore will now be active again.
 
Just a few more things I would do to tidy up

Have Hijackthis fix these orphaned entries
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)


---------------------------------------------------------------------

Go to add/remove programs and uninstall anything related to Viewpoint
 
Thanks for all the help. I've followed all the instructions and everything seems to be working better than ever.
Just out of curiosity, what were the files in HJT that I deleted?
 
Blind Dragon said:
Just a few more things I would do to tidy up

Have Hijackthis fix these orphaned entries
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)


---------------------------------------------------------------------

Go to add/remove programs and uninstall anything related to Viewpoint

Blind Dragon:
Hey just wanted to ask I know that they are related to AOL but since I did not see any malware related would it be better to remove from now on when i see this.

etvousetmoi:
they are related to AOL Toolbar and one is for the viewpoint which I belive plays videos
 
At one point we considered it an optional removal (foistware) but now they suggest removing it always


How to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
<- This used to work
 
Status
Not open for further replies.
Back