1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Please help with two trojans

By thefranchise808 · 19 replies
May 11, 2009
  1. Hi My virus software found these two infections:

    ;"Trojan horse Agent2.GUF

    "C:\Program Files\Mozilla Firefox\firefox.exe (1776)"
    ;"Trojan horse Agent2.GUF

    They seem to be messing up my ability to open my spyware removal programs

    Attached is my hijackthis log.

    Any help is greatly appreciated

    Thank you
  2. touch

    touch TS Rookie Posts: 978

  3. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Hi, Thanks for responding.
    I've done all steps except for the Superantispyware and malware byte...i have the applications but i can't open them which I'm positive is connected to the infections. I've tried uninstalling and reinstalling the programs but still doesn't work.

    Here is the latest hijackthis log after doing everything else:

    Thanks again

    I know I still have bearshare installed....but a user on this site (Blind Dragon) once advised me that it should be okay to keep on while understanding it is a risk
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It's up to the support member to decide if they want to help you or not, whilst having P2P still installed.

    Here's some further reading on P2P ;)

    Info on using P2P Programs => https://www.techspot.com/vb/topic124748.html
    More info supplied here => https://www.techspot.com/vb/post752079-4.html
  5. BillyBurton

    BillyBurton TS Rookie

    Trojan Horse Removal

    Reading through these postings, I have exactly the same issue which just started yesterday (Monday). I can not perform a restore point, also can not run Malwarebytes or even install SUPERAntispyware. I tried to submit a hijack report earlier today but I'm not sure it went through correctly. AVG a/v is up-to-date and didn't indicate any issues except when I try to launch IE 8 or Firefox after a reboot, I get the warning message that Trojan Horse Agent2.GUF found in c:\Windows\System32\gxvx...dll was found (2 occurences) and it can only clean 1 until the next time them both reappear.

    Not sure what other important information you may need from me but I certainly appreciate any assistance I can receive to rid myself of the pest and move on.

    Thanks - Regards
  6. touch

    touch TS Rookie Posts: 978

    Hello BillyBurton.

    It is confusing with more log´s in same topic. I´ll suggest you -
    Run the steps in this guide:

    8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Post attached log´s from:


    In your own topic

    I´ts probably only hijackthis log you can attach ;)
  7. touch

    touch TS Rookie Posts: 978

    thefranchise808 -> Remove Bearshare. As The Free version contain some malware.

    Try malwarebyte again, slightly different ->

    Download malwarebyte

    Save the file as setup.exe

    Run the setup.exe file
    When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.

    If automatic update fail, download the manual update ->

    Reboot to safe mode.

    Go into the Malware folder in through Program Files
    Rename the mbam.exe to 123.exe and run it.
    Do a full computer scan
    Check all and remove/fix/delete them.

    Restart your computer and attach the log
  8. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Hi Touch,

    Removed Bearshare, followed the MBAM instructions.
    Here is the log after scanning in safe mode.

    Thanks again!
  9. touch

    touch TS Rookie Posts: 978

  10. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Ok...3 logs attached

  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Your MalwareBytes database is old, too old.
    You needed to update it first, err it's very time consuming to double up!

    Also regarding AVG
    I basically feel it doesn't protect that well. I recommend you uninstall your free AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
    Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe


    An alternative Antivirus that I recommend is Avira free Antivirus (also being in the 8-Step guide)

    Make sure Avira is fully up to date after install, and keep it live protecting

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed

    There you go ;)


    Here's a quote from about a year ago ;)
  12. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Hahaha...see I deleted it.....one year later =P

    anyway, about this problem...I've followed all these instructions, installed Avira, been doing MBAM scans...removing the trojans and the latest scan doesn't show any infections BUT My google searches are still being redirected which as I've read is due to some sort of malware.

    Thoughts from anyone here?

    Here is my latest hijackthis:

    Thanks again.
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    • Download [​IMG]Combofix to your desktop.
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
  14. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    combofix and hijackthis:
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please locate "BearShare" folder
    It lives in C:\Program Files
    And delete it

    Then run CheckDisk, info howto here: https://www.techspot.com/vb/post672297-2.html

    Then run CCleaner

    Then run ComboFix (in Normal Mode) again
    It runs for 10 mins, as you know, so it shouldn't take very long, except Check Disk which sometimes is about 5mins, and sometimes half an hour.

    Either way. The above should help ;)
  16. kritius

    kritius TS Guru Posts: 2,084

    Unistall Viewpoint

    Run CFScript
    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    c:\program files\BearShare
    Viewpoint Manager Service
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\mv3b5e21.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    "c:\\Program Files\\BitComet\\BitComet.exe"=-
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
  17. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Thanks to both of you...
    Here are logs.
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It looks good :grinthumb

    Remove non-essential Startups
    Please start up HJT Scan only
    Place a tick next to the following not required Startups
    Close any Internet Browsers, then select Fix
    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command

    Uninstall SuperAntiSpyware (User Choice)
    Any issues uninstalling this, download the SUPERAntiSpyware Uninstaller Assistant


    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Run CCleaner
    Check all Windows Security Updates are complete
    Check the drive with CheckDisk

    Lastly run a Defrag on your system

    After Restart, let us know how it seems to be running
  19. thefranchise808

    thefranchise808 TS Rookie Topic Starter Posts: 39

    Followed all the instructions and I don't seem to be having the google redirect problem anymore. On top of that, my system seems to be running and loading faster so I guess you helped me clear up some junk along the way.

    Couple questions:
    -What type of Spyware program shoud I use? SAS?
    -What's the difference between scanning with anti-virus such as Avira and MBAM?

    Thank you VERY much to you all: Touch, Kimsland, and Kritius

    Much appreciated.

    See you guys around.
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    "What type of Spyware program shoud I use"

    Generally on all tech forums it is requested to have two AntiSpyware programs
    Note: These programs do not need to be live protecting all the time. Nor do they need to be consistently starting with Windows on every startup.

    Depending upon your usage and basically where you browse (ie many websites are full of spyware) Is dependent upon how often you run a scan
    I tend to run a quick scan (updated first) say once a week.
    I use Malwarebytes and SuperAntiSpyware, both are the best I feel

    "What's the difference between scanning with anti-virus such as Avira and MBAM?"

    This is a good question. As many AntiVirus programs now come with AntiMalware components as well.
    If we look at Avira (which I use) Avira will remove Virus and "various types of malware"
    Avira is well perfect at finding and removing Viruses. But when it comes to Malware (ie Spyware Adware Trojan etc) Then a program such as MBAM (Malwarebytes) is more suited.

    Just as an extra bit of info. Some (many actually) Antivirus packages come as an all-in-one, Antivirus; AntiMalware and Firewall
    I personnally do not believe they are as good as
    1 Good Antivirus ie Avira ;)
    2 AntiMalware program
    This is because, generally these companies that make these programs specialize in specific Malware removal (ie not Firewall etc)
    And these all-in-one type programs tend to be too heavy in system resource, ie refer above about not having the AntiMalware starting with Windows.

    I hope this brings some clarity, Safe surfing :grinthumb
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...