asked on

*** TROJAN HORSE DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN

AVG Complete Test Details:

Object

E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\localNrd.cab:\polall1l.exe

Result

Trojan Horse Downloader.Agent.AS

Status

Infected, Embedded object

After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?

ASKER CERTIFIED SOLUTION

SheharyaarSaahil

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SheharyaarSaahil

or if this doesn't help then do this, Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)

blue_zee

Please run two online virus scans:

http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/

Zee

Serotonin_X_Infinite

ASKER

Wasn't running in Task Manager

balbatdj

I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus

tmenasco

Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.

Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.

DON'T REBOOT

Next, open REGEDIT.

check everyhting in the following places and delete what you dont like. Back them up if you are not sure.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Good Luck....

TomErulz_MKD

Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6

Run a scan then clean all parasites.
Reboot your computer.
Thats all.

blue_zee

Tom,

The question is closed. Answer was accepted:

https://www.experts-exchange.com/questions/21143009/TROJAN-HORSE-DOWNLOADER-AGENT-AS-SAFEMODE-REMOVE-ATTEMPT-REBOOTS-LOGON-SCREEN.html#12137695

Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:

Quote:
has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.

From:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Cheers.

Zee