Jump to content

Malwarebytes

Help! Trojan.Agent & Rogue.Installer

Started by kevbuck, Oct 06 2008 12:21 AM

5 replies to this topic

#1
kevbuck
Posted 06 October 2008 - 12:21 AM

    New Member

  • Members
  • Pip
  • 27 posts
Hi,
I am new to MBAM and forums in general, so please excuse me if I am posting in the wrong area.
I have limited pc problem solving experience(we have techs at work :))
I have attempted to provide you with a developer log posted herein. Each time that I entered the mbam.exe / developer a box saying " invalid command parameter" popped up and then MBAM opened, hopefully I have the file you need.
My problem is this, my computer was sluggish among other things so i did the usual clean temp files etc, ran AVG(also running Zonealarm)removed some cookies. I then went to download.com and installed MBAM(which had fantastic ratings) which found the Trojan.Agent & Rogue.Installer.
I have quarantined both but do not know if i should delete them or if this would somehow be detrimental(if they aren't harmful perhaps from other security software)Please help, also advise in the future should I quarantine/delete, quarantine/post on forum, run MBAM, Spybot & HJT and then post?
Up until now, I have googled & quarantined. Forum herein suggests deleting Trojan.Agent, is this always the case no matter where it is found?
I have spent the better part of this day reading these forums(have learned a fair bit) and i would greatly appreciate any recommendations(safe sites) that could help me better understand pc security.

Thank you for your patience and assistance

Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 3

10/5/2008 5:13:50 PM
mbam-log-2008-10-05 (17-13-50).txt

Scan type: Quick Scan
Objects scanned: 48782
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kevin\Local Settings\Temp\_is9.exe (Rogue.Installer) -> Quarantined and deleted successfully.

#2
wyrmrider
Posted 06 October 2008 - 01:48 AM

    New Member

  • Members
  • Pip
  • 17 posts
looks as if MBAM has it safely tucked away
I googled the CLSID and found
http://www.castlecop...09-no_file.html
which says
"X" - Certified spyware/foistware, or other malware

MBAM is usually pretty good about removing infections , however
I would go to the Malware Removal forum
READ THE STICKIES
be prepared to follow instructions EXACTLY
There an expert helper will try and determine if all the infection is gone
you can post your log there or a link to this thread
good work!

#3
kevbuck
Posted 07 October 2008 - 06:17 PM

    New Member

  • Members
  • Pip
  • 27 posts
Thank you wyrmrider,
I greatly appreciate the fast response and advice.
You say that you googled the CLSID. Excuse my ignorance(blush), but does this mean that anytime that something is found that i should take that string of numbers(CLSID) and google it to find out what it is?

I will most certainly follow your advice on posting it to the Malware Forum.
I would like to post a link to this thread. If you don't mind could you please advise on the procedure to do so.
I think i would go to the forum, create a new topic, click insert Topic Link(this is where i get lost as i am not sure where to find the topic id #).

Thanks again for your help and the patience with my inexperience

#4
JeanInMontana
Posted 07 October 2008 - 08:17 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.
Please follow the instructions here http://www.malwareby...?showtopic=2936 and post the requested logs in a new topic you start.

Researching CLSID's is tricky business for the inexperienced. I do not recommend you attempt to decide what is malware on your own.

#5
kevbuck
Posted 17 October 2008 - 07:37 AM

    New Member

  • Members
  • Pip
  • 27 posts

View PostJeanInMontana, on Oct 7 2008, 02:17 PM, said:

Please follow the instructions here http://www.malwareby...?showtopic=2936 and post the requested logs in a new topic you start.

Researching CLSID's is tricky business for the inexperienced. I do not recommend you attempt to decide what is malware on your own.


Thanks Jean,
My main concern is that i am running an older computer 512mb ram, windows xp sp3, I have AVG, MBAM and Zonealarm installed now. Can I install Panda, HJT and Spybot without any problems(so that i can run the scans needed? I have been so busy i haven't had the chance to do anything yet, but did check the links to your other forums-great info.
Once i have finished scans do i delete all the programs?(my computer is slow enough now)

Thanks for all the advice

#6
Raid
Posted 17 October 2008 - 08:35 AM

    Malware Researcher

  • Experts
  • PipPipPipPipPipPip
  • 1,549 posts
  • Gender:Male
  • Location:United States
You really need to follow Jean's instructions so that we may help you. We will be glad to answer questions not related directly to the malware after we get you cleaned up. Let's try to keep focused on the task at hand. :blink:
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us