Hall of Fame

1. richrumble95,281
2. DaveHowe81,572
3. Paranorm...79,841
4. PowerIT56,312
5. Admin3k52,030
6. CoccoBill44,484
7. jakopriit37,102
8. ahoffmann35,975
9. Mestha33,300
10. uetian170730,517
11. MikeHolcomb27,567
12. xmachine26,906
13. rpggamer...26,598
14. Tolomir26,324
15. warturtle25,086
16. dstewartjr24,050
17. mkline7121,400
18. Kelvin_King19,932
19. aleghart19,783
20. jahboite19,300
21. lrmoore16,939
22. dpk_wal16,325
23. johnb676716,212
24. Ray_Pas...15,730
25. sarangk_1415,568

1. richrumble766,808
2. PowerIT386,809
3. Sheharya...371,467
4. Tolomir344,674
5. rpggamer...338,864
6. war1296,462
7. ahoffmann286,312
8. r-k266,691
9. tim_holman175,246
10. DaveHowe171,904
11. lrmoore161,874
12. CoccoBill154,131
13. sunray_...121,147
14. decoleur115,226
15. jakopriit113,945
16. rsivanandan102,611
17. PeteLong99,498
18. Paranorm...98,593
19. chicagoan93,255
20. KCTS92,205
21. SunBow91,148
22. younghv82,520
23. kbbcnet73,468
24. Admin3k73,426
25. sirbounty71,839

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.2

TrojanDownloader.Win32.Agent.j virus!

Asked by jebschmied in Miscellaneous Security

Tags: virus

Ive been finding solutions on this site for some time, but this is the first time Ive posted for help. Im working on a computer that was totally infected with spyware and viruses. It is XP Home and is now up to date with all service packs, anti-spyware tools and anti-virus software. Ive cleaned up all the spyware and viruses except for one remaining one that I cant get rid of. It is detected in memory by Kaspersky and Antiy Ghost as TrojanDownloader.Win32.Agent.j but it is not detected anywhere on the hard drive. Therefore, the file containing the infection cannot be cleaned or deleted. Other software, such as Norton Antivirus Corporate Edition does not detect it at all. It was originally detected in several files by AVG 6.0 and all those files were removed, but it is still showing up in memory with all startups disabled. I might have assumed that the system was clean and that it was just a mis-detection if it wasnt for the fact that symptoms are still showing up. The start and search pages are constantly changing. The virus still shows up in memory even when booting into safe mode, so it is something that is not easily disabled by just removing it from startup. It must be loading as a dll required by some system device that is needed even in safe mode. It is not loading as a task or a process that can be killed either. It shows up in memory as a loaded dll module with a location of c:\windows\system32\logphip.dll but on the hard drive, no such file exists. Ive run updated versions of AdAware, Spybot, SpySweeper, AVG 6.0, CW Shredder, and HijackThis, and have removed everything that is suspicious. Below is the current log from HijackThis. Notice the entries for the search pages. Ive removed them many times, but they keep coming back.. even in safe mode. Let me know what other information I can provide. Im and my wits end with this one.

Logfile of HijackThis v1.97.7
Scan saved at 3:40:11 PM, on 6/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Linda\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Get your answer NOW

	Title
1	Help with interpreting HiJackThis log
2	AntiSpyware Master Infection - have …
3	How do I detect and remove a virus or …
4	Web browser hijack - HIJACKTHIS log
5	Please Assist With the Contents of a Hi…
6	Possible virus

TrojanDownloader.Win32.Agent.j virus!

Asked by jebschmied in Miscellaneous Security

Tags: virus

About this solution