Can't get rid of Trojan on Windows 7 Dell Laptop

Posted on 2012-09-11
Last Modified: 2013-11-22
We have purchased and run Malwarebytes several times, and each time after the restart, Malwarebytes  STILL reports a Trojan.

Trojan Agent

Memory Process



How can I clean this out?  I recall there being some very strong "medicine" I can use.


Question by:computerlarry
    LVL 38

    Accepted Solution

    Hi Larry,
    It is almost never good enough to just run one of the tools/scanners any more - regardless of how they...and MBAM is one of the best.

    Please follow the directions in these EE Articles for using a 'rogue process stopper' - and then running your scanners. Rogue-Killer-What-a-great-name Stop-the-Bleeding-First-Aid-for-Malware

    PLEASE be sure to post the logs from any tools/scanners you run so we can review the details of what is found.
    LVL 34

    Assisted Solution

    Boot into safe mode and then remove the trojan.

    HijackThis may be more effective:

    You can get ageneric report of what HijackThis finds @
    Then use HijackThis to remove the trojan
    LVL 38

    Assisted Solution

    @Michael-Best -
    Most current variants of malware aren't even running their processes during a "Safe Mode" boot and they will be invisible to any scanner - much less something as old and out-dated as "HijackThis".

    When Trend bought it from 'Merjin' (orginal developer) the wouldn't hire him to maintain it, so he moved over to the team at MalwareBytes.

    Anyone wanting to see the processes running will be better served to run "OTL" ( - but to run it in "Normal Mode" so that (a) the rogue processes are actually running and (b) they can be identified.

    Of course, in most instances running a rogue process stopper and one of the automated tools is light years better than trying guess what to do based on only a scan.
    LVL 30

    Assisted Solution

    Download the bootable security essentials disk from MS.

    Assisted Solution

    Use Malwarebites and windows security essentials they work very well for me. If that does not work try using Mbam.

    Author Comment

    This one is quite resistant!  It couldn't be removed by RogueKiller or Combofix.

    What's left to run?
    LVL 44

    Expert Comment

    If you followed the articles recommended by younghv, you would have run RogueKiller, let it do its prescan, then clicked its Scan button in the upper right corner... when that scan's done, minimize (DO NOT CLOSE/EXIT)  RogueKiller, then do a full scan with MalwareBytes AntiMalware (MBAM for short).
    LVL 91

    Expert Comment

    on severe cases, i gain more time by a full reinstall, than by cleaning the system, so that's my suggestion : a fresh install
    LVL 38

    Expert Comment


    <<This one is quite resistant!  It couldn't be removed by RogueKiller or Combofix.
    What's left to run?>>

    I suggest that you actually read the advice that has been offered, then follow the instructions.
    You might also review these suggestions from EE that seem to be applicable:

    "Three Rules":

    I am sorry, but I cannot assist you any further on this question.  Perhaps there may be another Expert here who can.

    I wish you good luck in this endeavor, and perhaps I will be able to help you on some future question.
    LVL 29

    Assisted Solution

    by:Sudeep Sharma

    Did you follow the instructions posted above by Younghv ?

    If yes then please post the logs of RogueKiller and MBAM.

    Author Closing Comment

    Good recommendations, but I had a serious problem. I ended up backing up the User files, extracting all the serial numbers, then erasing and re-installing.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
    This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now