Solved

Need Instructions for Deleting Troj Agent Variants

Posted on 2004-10-16
10
905 Views
Last Modified: 2010-04-11
Hi Everyone:

        Tonight, I went online at trendmicro.com and checked for viruses/trojans even though my latest McAfee did not find any infections.  When scanning from trendmicro.com, 5 different trojans appeared, (1) Troj Agent.AE, (1)Troj Agent.BF, and (3) Troj Agent.BN.  Unfortunately, the entire pc locked up and had to be restarted following this.  At this point, I am needing any suggestions which come to mind for deleting the trojan files.  

       I look forward to hearing from everyone regarding this post.

       Thank you

       George
0
Comment
Question by:GMartin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 7

Accepted Solution

by:
shahrial earned 200 total points
ID: 12331373
Download Lavasoft Ad-Aware SE Personal Edition below:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Run the update and scan your system and see if it can safely remove the trojans...;-)


0
 
LVL 15

Assisted Solution

by:Cyber-Dude
Cyber-Dude earned 100 total points
ID: 12331654
Heres a link for a banch of software may able to assist you. My reccomendation is vary; If it is a spyware or an addware than you may use any Spybot or Ad-Aware software. If it is truely a Trojan, I would suggest you try using Bazooka software. Etherware all of them are 'Freeware':
http://www.webattack.com/freeware/security/fwantispy.html

PS
A great software but NOT free is 'Spy Sweeper':
http://www.snapfiles.com/get/spysweeper.html

Hope this is a helpful post

;)

Cyber
0
 
LVL 9

Assisted Solution

by:woodendude
woodendude earned 50 total points
ID: 12331872
http://vil.nai.com/vil/stinger/     download and install Stinger, reboot into safemode  and run this application.
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 50 total points
ID: 12332283
Are you able to login to safe mode and then scan using trendmicro ?
Does it say the location of those file...

If it says, go to those locations and remove them ..  Make sure those exe files are not running in task manager .If they are running , you got to kill those exe files before removing them..

Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

My recommendation would be to start with Spybot ,Ad-ware ,CWshredder.After installing them, First Update them and then run

Once running all the above tools and others given in that thread, download and run Hijackthis.
Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
Get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it. The analyser site is used so that you donot gum up the thread with the entire log.

Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 50 total points
ID: 12332302
Hi!

Download a2 Anti-Trojan (free version) from:
http://www.gatesofdelirium.com/ee/tools/
Update it
Run it, and take note of any infected files or folders.
Then, reboot into "safe" mode and run it again.
It has an option to destroy files, which I've had some success with.

Here's links to some info on Tro Agent.AE -
http://www.sophos.com/virusinfo/analyses/trojdloadery.html
http://www.sophos.com/virusinfo/analyses/trojbizexf.html

Let us know.

Good luck!

RF
0
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 50 total points
ID: 12332945
regarding "any Spybot or Ad-Aware software" , I think that's a sweeping generalization. Some free software actually componds the problem by installing it's own adware and spyware agents. The reason anti-virus software doesn't pick up these apps is that the user is conned into installing something when visiting a page. Terms like "macromedia compatible toolbar" and "media player' are used to lull the unsuspecting surfer into clicking the YES button.

I've used SPYBOT S&D with good success, though if the machine operator is prone to poor decisions, a commercial product that constantly monitors things may be in order (i.e. Pest Patrol).

http://www.pchell.com/support/spyware.shtml 
0
 

Author Comment

by:GMartin
ID: 12334849
Hi Everyone:

       Before I begin, I want to thank each expert for their input.  I found each response rich in content and germane to this post which certainly made it difficult when it came time to award points.  In any case, I want each person to acknowledge how much I value the quality of responses by my attempt to distribute points to each person.  

       Now, to the problem which is now resolved.  It started out with the detection of Trojans by trendmicro.com with the pc locking up during the scan.  Secondly, the problem asl manifested itself by the browswer's home page changing to about:search with the inability to change it within the Properties section of Internet Options. And, finally, there was a noticeable slow down of all internet activity with respect to the loading of pages and downloads.  

       With respect to the utilities ran, I found a wide array of differences with respect to outcome of scanning.  For instance, one utility called Trojan Remover, did not detect anything.  However, when I ran Adaware SE Personal Edition, CWShredder, and the a2 program which detected the malware, several problems were found.  While I was unsure of every entry found as being corrupted by the utilities, I simply went ahead and deleted all of them.  Now, my pc is running much smoother with regards to internet functionality.  

        Thanks again everyone for your help.

        George
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12334888
Thanks George for your timely closing of question and Happy that you got ur issue solved..

SR
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 12335271
Hi!

Me too!

And thanks!
(Stop back, if other problems!)
Regards...
"Clown Boy"  :)
0
 
LVL 9

Expert Comment

by:woodendude
ID: 12335322
Thank you George, keep Stinger handy you will find it useful.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question