Jump to content

Trojan Agent


Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello strider20 and welcome to Malwarebytes,

Post the scan results from the last scan with Malwarebytes:

Open Malwarebytes:

 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options: > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Please open Malwarebytes Anti-Malware.

 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



Let me see those logs, also let me know if you have any remaining issues or concerns...

Thank you,

Kevin.

 

Link to post
Share on other sites

AdwCleaner[S2].txt

Kevin

I had some problems.  The Sophos link download a version which was incompatible with my Win 7 Ultimate even after setting it to be compatible with Win 7.  I downloaded a version directly from their site.  That version found  my computer "clean".  That leaves the entries under web browsers in AdwCleaner[S2].txt.  I am an armature.  What do you advise?  I have been using FireFox for a long time and I hope I can edit out (with your help) whatever that problem is.  The only place that I know of that may have Chrome would be a version of Opera that I loaded but haven't had time to experiment with yet.  Thank you!  Eric

 

 

 

Link to post
Share on other sites

Hello eric

All of the entries listed by AdwCleaner need to be removed, run the scan again and use the "Clean2 option when ready...

In my last reply I did ask the you run Malwarebytes, was that done, did you make the required changes and then run a scan, if so can I see that log....

Regarding Sophos, I `m surprised it would not run on Ulitimate, it is supposd to ve with all versions of windows from XP through to W10....

Thank you,

Kevin

 

Link to post
Share on other sites

  • 2 weeks later...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/18/2016
Scan Time: 8:56 AM
Logfile:
Administrator: No

Version: 0.0.0.0000
Malware Database: v2016.06.18.01
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 237989
Time Elapsed: 6 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi,

I think I must not be following the directions correctly.  After your original reply I found the rootkit box had not been checked and corrected that.  When I run Malwarebytes and allow the reboot, Trojan Agent is always found on succeeding scans.  I blocked svchost.exe in my firewall but that did not make any difference.  Early on AdwCleaner did find one entry in Firefox which I allowed it to be removed.  Since then neither AdwCleaner nor Sophos Virus Remover has found anything.   I appreciate the help.  Sorry this is taking so long.  Further instructions?

 

Link to post
Share on other sites

The malwarebytes log in reply ID 5 does not show any found entries......

Run this please:

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

Run RogueKiller one more time, please read and follow the instructions carefully to get the log...

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement) only offered the first time run...
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...
 
Thank you,
 
Kevin
Link to post
Share on other sites

Zemana AntiMalware 2.21.2.29 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/26
Operating System       : Windows 7 64-bit
Processor              : 8X Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 128D434D2F9B711546080D
Scan Type              : Deep Scan
Duration               : 17m 24s
Scanned Objects        : 188173
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

Hi,

I am old school.  If it is worth doing, it is worth doing right.  So, I ran the deep scan.  Did I miss anything?

 

Link to post
Share on other sites

What is the current status of your system, do you have any remaining issues or concerns... Wikipedia and similare websites are not malicious per se, hence they do not always get flagged, it could be links within those search engines where the issue happens...

I see Firefox is your default browser, you already have AdBlock Plus, I`d also recommend  DrWeb Link Checker... http://free.drweb.com/linkchecker/

Run this final scan:

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

Post Sophos log, also let me know if you have any remaining issues or concerns....

Thank you,

Kevin

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Hi,

All recent scans were clean.  I did run Sophos and it came back clean.  I tried to run it again this morning but it came back "could not access network location data".  I tried to download a fresh copy and that failed also. 

There will be some rather long gaps in my communications.  They do not reflect a lack of interest on my part.  Unfortunately, have other activities which interfere.  Thank you for your assistance.

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 7/10/2016 6:49 AM, SYSTEM, ERIC15-PC, Protection, Malware Protection, Starting,
Protection, 7/10/2016 6:49 AM, SYSTEM, ERIC15-PC, Protection, Malware Protection, Started,
Protection, 7/10/2016 6:49 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/10/2016 6:49 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Started,
Update, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Scheduler, IP Database, 2016.7.8.1, 2016.7.9.1,
Update, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Scheduler, Domain Database, 2016.7.9.1, 2016.7.9.2,
Update, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Scheduler, Malware Database, 2016.7.9.7, 2016.7.10.3,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Refresh, Starting,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Stopping,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Stopped,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Refresh, Success,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/10/2016 7:44 AM, SYSTEM, ERIC15-PC, Protection, Malicious Website Protection, Started,

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.