Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

*** TROJAN HORSE  DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN

Posted on 2004-09-23
8
Medium Priority
?
36,237 Views
Last Modified: 2008-02-20
AVG Complete Test Details:

Object

E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\localNrd.cab:\polall1l.exe


Result

Trojan Horse  Downloader.Agent.AS


Status

Infected, Embedded object


After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
0
Comment
Question by:Serotonin_X_Infinite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12137695
Hello Serotonin_X_Infinite =)

open ur Task Manager, look if this polall1l.exe is running, if yes then right click it and End Task it
now goto E:\Documents and Settings\Serotonin\Local Settings\Temp and select all contents
hit Shift+Del and delete all files and folders present here !!

Also dont forget to empty the Temp Internet Files of IE from Internet Tools !!
Reboot and now check ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12137816
or if this doesn't help then do this, Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12138091
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 12187794
Wasn't running in Task Manager
0
 

Expert Comment

by:balbatdj
ID: 12372668
I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus
0
 
LVL 4

Expert Comment

by:tmenasco
ID: 12378043
Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.

Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.

DON'T REBOOT

Next, open REGEDIT.

check everyhting in the following places and delete what you dont like. Back them up if you are not sure.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Good Luck....
0
 

Expert Comment

by:TomErulz_MKD
ID: 12536186
Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6

Run a scan then clean all parasites.
Reboot your computer.
Thats all.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12536758

Tom,

The question is closed. Answer was accepted:

http://www.experts-exchange.com/Security/Q_21143009.html#12137695

Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:

Quote:
 has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.

From:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Cheers.

Zee
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
What we learned in Webroot's webinar on multi-vector protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question