• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 36241
  • Last Modified:

*** TROJAN HORSE DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN

AVG Complete Test Details:

Object

E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\localNrd.cab:\polall1l.exe


Result

Trojan Horse  Downloader.Agent.AS


Status

Infected, Embedded object


After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
0
Serotonin_X_Infinite
Asked:
Serotonin_X_Infinite
1 Solution
 
SheharyaarSaahilCommented:
Hello Serotonin_X_Infinite =)

open ur Task Manager, look if this polall1l.exe is running, if yes then right click it and End Task it
now goto E:\Documents and Settings\Serotonin\Local Settings\Temp and select all contents
hit Shift+Del and delete all files and folders present here !!

Also dont forget to empty the Temp Internet Files of IE from Internet Tools !!
Reboot and now check ??
0
 
SheharyaarSaahilCommented:
or if this doesn't help then do this, Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)
0
 
blue_zeeCommented:
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Serotonin_X_InfiniteAuthor Commented:
Wasn't running in Task Manager
0
 
balbatdjCommented:
I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus
0
 
tmenascoCommented:
Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.

Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.

DON'T REBOOT

Next, open REGEDIT.

check everyhting in the following places and delete what you dont like. Back them up if you are not sure.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Good Luck....
0
 
TomErulz_MKDCommented:
Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6

Run a scan then clean all parasites.
Reboot your computer.
Thats all.
0
 
blue_zeeCommented:

Tom,

The question is closed. Answer was accepted:

http://www.experts-exchange.com/Security/Q_21143009.html#12137695

Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:

Quote:
 has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.

From:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Cheers.

Zee
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now