Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:adware-gen And Win32:agent-lts


  • This topic is locked This topic is locked
28 replies to this topic

#1 BN40

BN40

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 24 November 2007 - 08:38 PM

Hello,

Wonder if anyone can help me out. You guys always seem to be able to. Avast keeps alerts me with malware

win32:agent-LTS [Trj]
win32:adware-gen [Adw]

Avast advises me to place it in chest but it keeps alerting me with the same

win32:agent-LTS [Trj]
win32:adware-gen [Adw]

I use adaware and spybot
I use windows XP

If anyone can help that would be much appreciated.

BC AdBot (Login to Remove)

 


#2 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 04:15 AM

Help..what a mess! I have ran Adaware SE and it found

win32.TorjanDownloaderNewMedia

SpyBot found

smitfraud-C
NNC.MGRS

SB was unable to removesmitfraud. This all started when I was doing some computer changes and a programme said I needed to download a codec file. Thanks in advance if you can help. Really not sure even where to start.l

#3 buddy215

buddy215

  • BC Advisor
  • 12,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 AM

Posted 25 November 2007 - 08:10 AM

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

If SAS finds Vundo or virtumonde use the Vundofix tool in the link below.
http://vundofix.atribune.org/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Post back with results and further instructions.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 01:13 PM

Hi,

Thanks for the reply. I just ran the smitfraud-C fix. Not sure if it has fixed anything since I haven't run the SpyBot yet. I'll try the other programme you suggest. Can I run these with SpyBot , Adaware and Avast on my computer?

Thanks once again. Will let you know how it goes.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 PM

Posted 25 November 2007 - 01:50 PM

Can I run these with SpyBot , Adaware and Avast on my computer?

Yes and do your scans in "Safe Mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 02:14 PM

Hi Quietman7. Thanks for the reply. I tried to run SAS in safemode but pop up says 'system administrator has set policies to prevent this installation' Any idea of what to do? Thank again

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 PM

Posted 25 November 2007 - 02:33 PM

Are you logged into the "Administrator Account" or an "account with administrator privileges"?

Error Message: The System Administrator Has Set Policies to Prevent This Installation
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 02:38 PM

I'm not in administrators account but all accounts on the computer has access to changes. I'll go into admin account and try.

Thanks.

#9 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 02:54 PM

No luck, same message comes up in admin account in safemode. Any ideas?

#10 buddy215

buddy215

  • BC Advisor
  • 12,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 AM

Posted 25 November 2007 - 04:15 PM

You install SAS in normal mode. Then reboot to safe mode and run it.

Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
--------------------------------------------------------------------------------

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Click Close to exit the program and reboot normally.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 04:21 PM

Hi Buddy215, I have done the download in the regular mode and tried to open in safe mode but that is the problem. I double click on the SAS icon in safe mode and get the message 'system admin has set polocies to prevent this installation'. I tried some idea on some forums...adjust regedit but no. I adjusted gpedit also without success. Any ideas? Thanks in advance.

#12 buddy215

buddy215

  • BC Advisor
  • 12,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 AM

Posted 25 November 2007 - 05:17 PM

Run it in Normal mode.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 25 November 2007 - 06:56 PM

Thanks Buddy215. Wasn't sure if you could do that. It is running a scan now.
Cheers.

#14 BN40

BN40
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 26 November 2007 - 07:27 PM

Hi Buddy 215, I ran it in normal mode and seemed to work fine. It runs clean, adaware runs clean and spybot runs clean. Thanks for your help.

Sophos Rootkit finds C:\windows32\mydoc.dll but suggests not to remove it. Says it is unknown.

The only problem that still exists is win32:adware-gen [adw] and win32:agent-LTS[Trj] is still found by Avast. Any ideas. Thanks again for your help

#15 buddy215

buddy215

  • BC Advisor
  • 12,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 AM

Posted 26 November 2007 - 09:08 PM

What location is the malware being found? Is Avast saying it is in the Restore files?

Please give the exact path that Avast is giving for finding the malware.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users