Win32 trojan agent 2

By SerpentCultist
Apr 19, 2009
  1. Hi, I tried searching the forums for answers before posting, but I just couldnt find anything that could compare.

    So a few days ago I noticed that whenever I click a search engine link, I get redirected, and I could not visit most anti virus websites, and even if I could download an Anti-Virus, it would not run.

    I then downloaded SuperAntiVirus and ran it in alternative mode, it cleaned up some stuff and I was able to visit anti virus websites (still cant run most anti-virus applications though, and websearches are still redirected. Firefox now runs more slowly as well.), so I download Avira (didnt do anything), Vipre (didnt do much), and Ad-Aware.

    Ad-Aware finds a bunch of infected files and removes them, one of which is "Win32TrojanAgent2." This virus keeps coming back with EVERY Ad-Aware scan, even though Ad-Aware keeps deleting it, it is the only thing that keeps coming back.

    I did everything, but I cannot get rid of it.

    I realized that you guys usually ask for Hijack This logs, so heres mines... I cant run Mbam, so I couldnt give it sorry.

    I took the "h" out of "http", and a "w" out of "www" so it would let me post this... Excuse me for that.

    I hope you guys can help me, I would really appreciate it, as this thing is making me go crazy!

    Thank you.
  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    You _will_ find the help you need here...

    First, if you have not already done so...

    You need to read, understand, and strictly follow the directions
    which you find at the top of this board.

    Start with...
    Then ...
    Followed by ...

    Once you have posted the three (3) logs mentioned in the 8 steps,
    one of the experienced helpers will be more able to assist you.

    How to post your Hijackthis log-file as an ATTACHMENT:

    Good Luck. Repost if you have difficulties along the way.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The moderator will be around and delete the pasted log, but since I see it now, let's handle it:

    Real Time Protection needs to be temporarily disabled while scanning. You are running AdWatch:
    You have a DNS Changer malware infection:
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,

    You'll recognize this Trojan by checking the DNS server assignments on the computer that does not update. Do this by following these steps:

    Reset router
    Please run Malwarebytes, Superantispyware and rescan with HijackThis. Attach logs from all three programs.

    There are several entries in the HJ log that will need to be removed, but the other 2 programs need to be run first, then HJ again. Please do not add or remove any programs or entries unless told to do so by your helper.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...