Serotonin_X_Infinite
asked on
*** TROJAN HORSE DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN
AVG Complete Test Details:
Object
E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\ localNrd.c ab:\polall 1l.exe
Result
Trojan Horse Downloader.Agent.AS
Status
Infected, Embedded object
After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
Object
E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\
Result
Trojan Horse Downloader.Agent.AS
Status
Infected, Embedded object
After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please run two online virus scans:
http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/
Zee
http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/
Zee
ASKER
Wasn't running in Task Manager
I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus
Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.
Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.
DON'T REBOOT
Next, open REGEDIT.
check everyhting in the following places and delete what you dont like. Back them up if you are not sure.
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\RunOn ce
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\RunSe rvices
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\RunSe rvicesOnce
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Run
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunOnc e
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunSer vices
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunSer vicesOnce
HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Run
Good Luck....
Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.
DON'T REBOOT
Next, open REGEDIT.
check everyhting in the following places and delete what you dont like. Back them up if you are not sure.
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_USERS\.DEFAULT\Softwa
Good Luck....
Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6
Run a scan then clean all parasites.
Reboot your computer.
Thats all.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6
Run a scan then clean all parasites.
Reboot your computer.
Thats all.
Tom,
The question is closed. Answer was accepted:
https://www.experts-exchange.com/questions/21143009/TROJAN-HORSE-DOWNLOADER-AGENT-AS-SAFEMODE-REMOVE-ATTEMPT-REBOOTS-LOGON-SCREEN.html#12137695
Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:
Quote:
has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.
From:
Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
Cheers.
Zee
http://tools.radiosplace.com/HijackThis.exe
Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!
After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)