Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Agent.4.bc


  • Please log in to reply
2 replies to this topic

#1 ricoflor

ricoflor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 January 2010 - 02:59 AM

Hello Bleepingcomp.

1) I've this persistent trojan, which AVG labels as trojan agent.4.bc.

Previously, my laptop (HP DV6000, Windows XP Home SP3) ran only with Zone Alarm, A-Squared Anti Trojan and AVG, all free versions and had performed well. At my last update of Zone Alarm (sometime November, I think) the laptop became sluggish so I sometimes made the wrong decision to lower the security level of ZA or turn it off altogether. It was a month thereafter that this trojan (as associated with svchost.exe) appeared and remained persistent.

Pop ups in AVG identified agent.4.bc frequently (detected on start). Although it offered to remove the infection, it never was quarantined (in fact, the quarantine log showed December 2009 as the latest entires, no 2010 entries). In Asquared, most infections were caught, but those found in svchost.exe (there's another system32 file which name escapes me) were never removed.

This week, I resolved to research on this and several discussions pointed to using MBAM. Installed, it got 15 infections, but agent.4.bc remains. Reading further, there is mention of ESET scan, HJT, Combofix, and AdAware or Spybot (both anti Spywares which I used years ago but discontinued when Asquared, AVG and ZA combo worked for years). Basically in that order.

I've installed AVG by now, relying on recommendations to use the more effective MBAM.

ESET scan got 7 infections. I didn't dare try HJT for now without expert help. It turns out, when I read on Combofix, it also requires expert help.

By the way, I tried looking into past forum posts but failed to find the same problem (maybe these are at the back of the archive list already).

So, this request for assistance. MBAM installed, ZA is on, HJT and Combofix downloaded. Kindly?

On my wits' end.

Rico

BC AdBot (Login to Remove)

 


#2 ricoflor

ricoflor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 January 2010 - 05:04 AM

Title was: University of Phoenix PopUp (fake?), Unwanted PopUp, Infection Methinks ~ OB

I just noticed in the past week that there's a persistent pop-up page happening with my browser (Firefox 3.5.7). HP DV6000 running WinXP Home SP3. Might be related with my previous post:

Removed link since merged topics. ~ OB

Further assistance please? thanks!

Rico

Edited by Orange Blossom, 16 January 2010 - 10:08 PM.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,205 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:22 AM

Posted 16 January 2010 - 10:08 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users