Solved

*** TROJAN HORSE  DOWNLOADER.AGENT.AS - SAFEMODE REMOVE ATTEMPT REBOOTS @ LOGON SCREEN

Posted on 2004-09-23
8
36,229 Views
Last Modified: 2008-02-20
AVG Complete Test Details:

Object

E:\Documents and Settings\Serotonin\Local Settings\Temp\THI408A.tmp\localNrd.cab:\polall1l.exe


Result

Trojan Horse  Downloader.Agent.AS


Status

Infected, Embedded object


After getting to safemode logon screen to run the suggested vclean.exe server reboots.
It says I should run vclean.exe in safemode - how should I proceed?
0
Comment
Question by:Serotonin_X_Infinite
8 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12137695
Hello Serotonin_X_Infinite =)

open ur Task Manager, look if this polall1l.exe is running, if yes then right click it and End Task it
now goto E:\Documents and Settings\Serotonin\Local Settings\Temp and select all contents
hit Shift+Del and delete all files and folders present here !!

Also dont forget to empty the Temp Internet Files of IE from Internet Tools !!
Reboot and now check ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12137816
or if this doesn't help then do this, Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

After fixing and deleting the Nasty files, restart and now try to clean the TEMP folder !!
Post back and Good Luck :)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12138091
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 12187794
Wasn't running in Task Manager
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Expert Comment

by:balbatdj
ID: 12372668
I hate virus people get them all day long, if your virus software does not get rid of it and, and its not system restore to save time, copy everything you need and reformat your hard drive, then you killed all virus
0
 
LVL 4

Expert Comment

by:tmenasco
ID: 12378043
Open TASK MANAGER and kill ANY process you are not sure of. If you are in doubt, put the process name in GOOGLE with the word virus or spyware next to it and you will find out about it.

Run MSCONFIG and take out EVERYTHING that you are not 100% sure should start when your system starts.

DON'T REBOOT

Next, open REGEDIT.

check everyhting in the following places and delete what you dont like. Back them up if you are not sure.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Good Luck....
0
 

Expert Comment

by:TomErulz_MKD
ID: 12536186
Download NoAdware from http://www.noadware.net/download/, then click Open.
Install software then register (Help/Register) with this S/N:
Username: NiTROUS
Serial: WEPBK-G9029-99BU6

Run a scan then clean all parasites.
Reboot your computer.
Thats all.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12536758

Tom,

The question is closed. Answer was accepted:

http://www.experts-exchange.com/Security/Q_21143009.html#12137695

Anyway, please be aware that NoAdware is not a reliable adware scanner, on the contrary:

Quote:
 has used aggressive, deceptive advertising (1, 2, 3); has exploited names of "ad-aware" (1, 2); earlier version was same app as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssasin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller - (Note: other domains associated with NoAdware include: adware-removal.biz, adwareremoval.net, downloadspybot.com, free-adware-scan.com, sdspybot.com, spybot-spyware.com) [A: 6-26-04 / U: 10-27-04]
Unquote.

From:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Cheers.

Zee
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
How to remove Odin ransomware ? 11 155
Cisco ACS mixed versions 8 53
Mobile penetration testing 2 69
MITM attack on Android phones 8 78
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now