Recurring problem "Virus identified JS/Downloader.Agent" by AVG

By fracas!!
Feb 2, 2008
  1. Hello all!

    Whenever I open a new web browser page I get the following warning popup from AVG.

    Threat Detected!

    While opening file:c:\...Local Settings\Temporary nternet Files\content.IE%\0RJA30T5\wpad[1].htm
    Virus identified JS/Downloader.Agent

    I have moved countless files like this to the virus vault as they occur then delete them.
    I have gone through the the Virus Removal Preliminary Instructions posted on this site ad these ere my results:

    1.Panda Antirootkit found no rootkits. No problems were found.

    2.I had poblems starting combofix.(I got what looked like a memory error) used DSS and saved main.txt and extra.txt as required.

    3.At step 14 though, after AVG antispyware had run, there were a couple of problemns fund and one was quarantined but I then clicked on the wrong button and everything was cleaned before I could save the log file!!! I run AVG again and hence no offending files were detected. I have still attached the log file for that scan.

    4.My laptop was slow but now it's starting up and running even slower than before..i guess it is because of all the security docs I've now got running downloaded.

    5. Generally all scans showed no serious problems apart from a few cookies.

    I hope all this helps and I'm ready to perform any further scans/downloads if ayone can point me in the right direction.I still don't know what this warning means or what the file actually does to my laptop!!

    Thanks in advance.Hope I've posted this the right way. If not..apologies!


    Attached Files:

  2. frankibo

    frankibo TS Rookie Posts: 67

    Try to do scanning in safe mode. The virus will probably not loaded then and you can delete it then.
  3. rf6647

    rf6647 TS Maniac Posts: 829

    I am merely a novice who stumbled on this thread.

    HJT is a handy tool. Most 'fixes' performed by this tool are reversable by using the right-hand side of the window (other stuff ! backup ).

    Link to HJT usage.

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF96435-52DE-47F9-8321-CF88FA1E4941}: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA0C8E2-5B9D-4C86-94F2-AB09992951F5}: NameServer =,

    O4 - this site is susceptible to malware
    O17 - Tracing route to []
    O17 - Is known to user?
    O17 - Tracing route to []
    O17 - seems to have good credentials.

    Based on your observaton, I am guessing that the browser brings a file into the temporary internet files directory, and AVG jumps on it. Use HJT to experiment. Zapp all 3 suspicious entries; open the IE browser; observe for AVG reaction. If AVG still barks, then I guessed wrong. Use HJT ! other stuff ! backups to reverse the fixes.

    I cannot validate the following:

    AVG should have detected trojans attacks here.

    On my computer, folder 'inetsrv' is empty. However 'inetinfo.exe' is valid if MS Information Server (IIS) is running. I have not located an explanation for this.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...