Trojan.downlaoder.win32.agent

Status
Not open for further replies.
K

kipperoo15

Posts: 18   +0
I finally got around to fixing my laptop, got wow all installed on it, downloaded some stuff, and now my avg scans are showing all sorts of crazy stuff... and when I open wow, it says I have a "trojan.downloader.Win32.Agent varient. Please help!

I attached the results from hijack this, superantipsyware, etc.
 
in Mbam you did not do anything with the trojans
When scan is done look at the file list or report and then remove everything
did you remove everything in SAS?
tell me whats happening with your comp
 
I deleted the quarantined items in mbam and sas. It seems like it's better now, I'm not getting the WoW warning and nothings showing up in scans.
 
When I try to open either of my harddrives (E and C) from My Computer, I get a Windows Popup saying "E:\resycled\boot.com is not a valid Win32 Application." I know enough to know this is not good. I don't really want to reformat my laptop because I don't have all the disks where I'm living right now, I've moved around a lot the past year. Any help, again, is quite appreciated.
 
Ahh you need to delete Autorun.inf. Is Wow world of warcraft? i don't remember it giving pop ups

If you can fix your comp i hope you know how to delete files through CMD.
The autorun is just in the root of the drive.

i'm very sorry but i'm kinda bad at CMDS
Please post a new hijackthis log
 
hell kipperoo15

When any cleaner is ran, it is possible that after one run that removes certain powerful Malware, then it exposes more that were not even seen on the first run.

The goal is to get these to come up clean or find something it can not handle.

So run both MBAM and SAS again and post the logs.

I can tell from the quantity and the quality of what they did find that you in fact have much more.

Good job so far.

Mike
 
I ran both mbam and Sas, the mbam log is attached, but this time Sas didn't come up with anything.

Thanks for helping, this is a total life saver.
 
Hi kipperoo15

Good job!

Run MBAM again until it comes up clean or finds something it can not remove if clean let me know, post log if it does find something it can not handle.

Then do the below

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-clickto RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

Copy and paste the Report.txt file to your next post.

Mike
 
Ok Kipper

Sorry you took the time to run the third time. After these issues are fixed you should run these programs every 2 weeks or so, but if they come up twice with exactly the same thing no need to run it more.

OK now do the SDFix above to get these we may need to run another tool to finish up.

So do the SDFix it does not take nearly as long as the others.

Mike
 
OK good that was clear.

Again this one doesn't take long either it should find and fix DNSCHanger.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

Don't forget to Attach instead of pasting to the thread.
 
And you are doing a fabulous job.

Run SAS it had much found and removed but we need to see it clean then MBAM should finish all the rest.

If they are clear then no need to post them but do get me a final HJT log.

I hope we are close to finished I think so!

Mike
 
OK Kipper

We found one that needs special handling.


Drag mouse copy each line one at a time
Code: 
%System%\drivers\winsys.sys
%System%\wincom.exe

Then

Open MBAM click and update it (new update today)

Then More Tools-Run Tool

In the File name: paste it click ok chose delete on boot an the paste the second line same way.

Reboot to remove file run SAS again to confirm it gone!

Mike
 
I can't get the first line to work, it gives an error that says
%System%\drivers\winsys.sys
Path Does not exist
Please verify the correct path was given.

Thanks :)
 
Hit me with a HJT log before logging off.

Use the computer but when you go to bed or work update mbam leave it in a scan. Post log in morning.

Good job.

I will leave a thread closing for you tomorrow .

Good job!

Night,
Mike
 
Status
Not open for further replies.

Similar threads

learninmypc
Help with iTunes
Replies
0
Views
857
learninmypc
learninmypc
Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
708
Dood123
Dood123
midian182
Skull and Bones has the lowest Metacritic user score of 2024 so far
2
Replies
27
Views
517
trieste1s
T

Latest posts

Back