Solved

Need Instructions for Deleting Troj Agent Variants

Posted on 2004-10-16
10
899 Views
Last Modified: 2010-04-11
Hi Everyone:

        Tonight, I went online at trendmicro.com and checked for viruses/trojans even though my latest McAfee did not find any infections.  When scanning from trendmicro.com, 5 different trojans appeared, (1) Troj Agent.AE, (1)Troj Agent.BF, and (3) Troj Agent.BN.  Unfortunately, the entire pc locked up and had to be restarted following this.  At this point, I am needing any suggestions which come to mind for deleting the trojan files.  

       I look forward to hearing from everyone regarding this post.

       Thank you

       George
0
Comment
Question by:GMartin
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 7

Accepted Solution

by:
shahrial earned 200 total points
ID: 12331373
Download Lavasoft Ad-Aware SE Personal Edition below:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Run the update and scan your system and see if it can safely remove the trojans...;-)


0
 
LVL 15

Assisted Solution

by:Cyber-Dude
Cyber-Dude earned 100 total points
ID: 12331654
Heres a link for a banch of software may able to assist you. My reccomendation is vary; If it is a spyware or an addware than you may use any Spybot or Ad-Aware software. If it is truely a Trojan, I would suggest you try using Bazooka software. Etherware all of them are 'Freeware':
http://www.webattack.com/freeware/security/fwantispy.html

PS
A great software but NOT free is 'Spy Sweeper':
http://www.snapfiles.com/get/spysweeper.html

Hope this is a helpful post

;)

Cyber
0
 
LVL 9

Assisted Solution

by:woodendude
woodendude earned 50 total points
ID: 12331872
http://vil.nai.com/vil/stinger/     download and install Stinger, reboot into safemode  and run this application.
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 50 total points
ID: 12332283
Are you able to login to safe mode and then scan using trendmicro ?
Does it say the location of those file...

If it says, go to those locations and remove them ..  Make sure those exe files are not running in task manager .If they are running , you got to kill those exe files before removing them..

Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 50 total points
ID: 12332302
Hi!

Download a2 Anti-Trojan (free version) from:
http://www.gatesofdelirium.com/ee/tools/
Update it
Run it, and take note of any infected files or folders.
Then, reboot into "safe" mode and run it again.
It has an option to destroy files, which I've had some success with.

Here's links to some info on Tro Agent.AE -
http://www.sophos.com/virusinfo/analyses/trojdloadery.html
http://www.sophos.com/virusinfo/analyses/trojbizexf.html

Let us know.

Good luck!

RF
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 50 total points
ID: 12332945
regarding "any Spybot or Ad-Aware software" , I think that's a sweeping generalization. Some free software actually componds the problem by installing it's own adware and spyware agents. The reason anti-virus software doesn't pick up these apps is that the user is conned into installing something when visiting a page. Terms like "macromedia compatible toolbar" and "media player' are used to lull the unsuspecting surfer into clicking the YES button.

I've used SPYBOT S&D with good success, though if the machine operator is prone to poor decisions, a commercial product that constantly monitors things may be in order (i.e. Pest Patrol).

http://www.pchell.com/support/spyware.shtml
0
 

Author Comment

by:GMartin
ID: 12334849
Hi Everyone:

       Before I begin, I want to thank each expert for their input.  I found each response rich in content and germane to this post which certainly made it difficult when it came time to award points.  In any case, I want each person to acknowledge how much I value the quality of responses by my attempt to distribute points to each person.  

       Now, to the problem which is now resolved.  It started out with the detection of Trojans by trendmicro.com with the pc locking up during the scan.  Secondly, the problem asl manifested itself by the browswer's home page changing to about:search with the inability to change it within the Properties section of Internet Options. And, finally, there was a noticeable slow down of all internet activity with respect to the loading of pages and downloads.  

       With respect to the utilities ran, I found a wide array of differences with respect to outcome of scanning.  For instance, one utility called Trojan Remover, did not detect anything.  However, when I ran Adaware SE Personal Edition, CWShredder, and the a2 program which detected the malware, several problems were found.  While I was unsure of every entry found as being corrupted by the utilities, I simply went ahead and deleted all of them.  Now, my pc is running much smoother with regards to internet functionality.  

        Thanks again everyone for your help.

        George
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12334888
Thanks George for your timely closing of question and Happy that you got ur issue solved..

SR
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 12335271
Hi!

Me too!

And thanks!
(Stop back, if other problems!)
Regards...
"Clown Boy"  :)
0
 
LVL 9

Expert Comment

by:woodendude
ID: 12335322
Thank you George, keep Stinger handy you will find it useful.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now