3 replies to this topic

[wazinoz]

MS Windows XP Home SP3

Yesterday I acquired a trojan which is being quite persistent.

I noticed problems when my browser (firefox) opened a page to a supposed virus software page which was in turn popping up a

downloader. I could not close the page or get rid of the downloader. On usuing AVG it imediately showed a trojan

called, AGENT.AOQG

On looking this up on google I was unable to view pages from the search as I was directed to different pages to do with

virus software.

I posted on Computer Hope forum

http://www.computerhope.com/forum/index.ph...ic,72530.0.html

I was advised to install and run various scans and post the logs which can be viewed from the above link.

The problem I am having is that Malware log keeps showing an infected Registry Key but after reboot it is still there. Does anyone know how I can get around this?

Copy of the last log below.

Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

20/12/2008 12:43:50 AM
mbam-log-2008-12-20 (00-43-50).txt

Scan type: Quick Scan
Objects scanned: 54854
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will be very grateful to anyone who can shed some light on this.

[nosirrah]

The dll and BHO that go with this are missing so I bet this is a permissions problem , let me get a fix together for you .

[nosirrah]

Download and unzip the file attached to this post , you will get two files .

Copy subinacl into :

C:\windows\system32

Now run fix and reboot .


Run another scan and report back .

Attached Files

•  kill.zip   97.61K   37 downloads

[wazinoz]

nosirrah, on Dec 20 2008, 01:43 AM, said:

Download and unzip the file attached to this post , you will get two files .

Copy subinacl into :

C:\windows\system32

Now run fix and reboot .


Run another scan and report back .

Job done, thank you very much for your help. Below is the up to date log.

Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

20/12/2008 2:25:01 AM
mbam-log-2008-12-20 (02-25-01).txt

Scan type: Quick Scan
Objects scanned: 55106
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)