Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

*** TROJAN HORSE  DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN

Posted on 2004-09-23
8
Medium Priority
?
36,239 Views
Last Modified: 2008-02-20
AVG Complete Test Details:

Object

E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\localNrd.cab:\polall1l.exe


Result

Trojan Horse  Downloader.Agent.AS


Status

Infected, Embedded object


After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
0
Comment
Question by:Serotonin_X_Infinite
8 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12137695
Hello Serotonin_X_Infinite =)

open ur Task Manager, look if this polall1l.exe is running, if yes then right click it and End Task it
now goto E:\Documents and Settings\Serotonin\Local Settings\Temp and select all contents
hit Shift+Del and delete all files and folders present here !!

Also dont forget to empty the Temp Internet Files of IE from Internet Tools !!
Reboot and now check ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12137816
or if this doesn't help then do this, Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12138091
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 12187794
Wasn't running in Task Manager
0
 

Expert Comment

by:balbatdj
ID: 12372668
I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus
0
 
LVL 4

Expert Comment

by:tmenasco
ID: 12378043
Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.

Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.

DON'T REBOOT

Next, open REGEDIT.

check everyhting in the following places and delete what you dont like. Back them up if you are not sure.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Good Luck....
0
 

Expert Comment

by:TomErulz_MKD
ID: 12536186
Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6

Run a scan then clean all parasites.
Reboot your computer.
Thats all.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12536758

Tom,

The question is closed. Answer was accepted:

http://www.experts-exchange.com/Security/Q_21143009.html#12137695

Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:

Quote:
 has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.

From:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Cheers.

Zee
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question