Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Spy-agent.bv.dldr And/or Generic.dx Trojans?


  • This topic is locked This topic is locked
6 replies to this topic

#1 stemsley

stemsley

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 03 January 2008 - 02:23 PM

Hello there.

I hope you are able to help me. On the 20th December 2007 I decided to be brave, ambitious and potentially a tad foolhardy by attempting to investigate a potential virus/trojan email I had received. Instead of running the suspicious attachment (tastefully entitled hardcore.scr), I actually saved it to my external hard drive to see if I could look into it at a later date. Of course, surprise surprise, the same day upon restarting my PC, McAfee warned me of a "Generic RootKit.a" trojan which had been automatically repaired (removed) - this related exactly to the offending file I had previously saved.

Since then, each time I have rebooted and gotten online, I have received another mcafee message of discovery and removal of a trojan element. The detection usually occurs as soon as I get online. I have noticed no significant changes in the general operation of the PC, however something is clearly there and McAfee has simply not been getting rid of it. Most worryingly, for the last few days when I use IE (normally I use firefox) the internet connection seems to be over active and constantly in use even if I have no online applications or significant processes functioning - is my downfall being slowly and secretly downloaded to my PC???

After having researched high and low I have ended up running the likes of Ad-Aware and Spy-Bot (regularly used anyway), SDFix, ComboFix, ATF Cleaner, Vundofix, SuperAntiSpyware, Kaspersky online scanner, Sophos anti-rootkit, sysinternal Rootkit revealer and, of course, multiple full system scans with McAfee security suite. I also regularly check the windows update situation and often run a cleanup utility called 12wash. Still the mcafee detection and "removals" have been occurring – typically however, after my most recent stint of windows update downloads and installations in the past few hours, for the first time since 20th December, I don’t seem to be getting the warnings and the internet activity seems to be behaving itself! Just as I have prepared this mammoth posting to you guys!

Nonetheless, I don't want the moronic sadists responsible for this kind of trojan stuff to gain any sort of victory and perhaps my posting will assist others to make sure their system is clean – in that regards it would be extremely useful if you could help me to make sure that I am actually rid of this troublesome annoyance by analysing my hijack this status and seeing if you think anything is not as it should be. As per your preparation guidelines, I have also run the mcafee stinger.

I have pasted a log of the mcafee detections since 20th December and my current Hijack this log, both below – there are certainly items on the hijack this log relating to applications that I did not expect to be running at all (namely the “running process” C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe and the lines relating to the AOL toolbar, flash saver, sothink SWF catcher, kapersky, skype, superantispyware and kservice).

So I would be grateful for any insight you may be able to offer!

Many thanks!

McAfee detection log (I've grouped the log into "similar items" and "one off items" in an attempt to make the log easier to view...):

Similar items:

Date Detection Name Status File Process Process Description
03/01/2008Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\system32\drivers\Uns67.sys.vir C:\ComboFix\catchme.cfexe C:\ComboFix\catchme.cfexe
02/01/2008 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\system32\drivers\Uns67.sys.vir C:\ComboFix\catchme.cfexe C:\ComboFix\catchme.cfexe
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
31/12/2007 Generic.dx Repaired (removed) C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
26/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\151640.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
24/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\127328.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
24/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\2984250.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\151234.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\282390.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\127609.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\127265.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\151546.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
23/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\TEMP\149515.exe C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services


One off items:

03/01/2008 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\SYSTEM32\DRIVERS\UNS67.SYS C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe SUPERAntiSpyware
22/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP472\A0085055.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services
02/01/2008 Spy-Agent.bv.dldr Repaired (removed) C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\rp478\A0088226.sys C:\Program Files\Internet Explorer\IEEXPLORE.EXE Internet Explorer
24/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\rp473\A0085110.sys C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services

23/12/2007 PrcViewer (Potentially Unwanted Program) Repaired (removed) C:\SDFix\apps\Process.exe P:\Axiom\Projects\General IT\DOWNLOADS\SDFix.exe P:\Axiom\Projects\General IT\DOWNLOADS\SDFix.exe
02/01/2008 PrcViewer (Potentially Unwanted Program) Excluded C:\SDFix\apps\Process.exe D:\Documents and Settings\John Hemsley\Desktop\SDFix.exe D:\Documents and Settings\John Hemsley\Desktop\SDFix.exe

23/12/2007 Spy-Agent.bv.dldr Quarantined P:\AXIOM\PROJECTS\GENERAL IT\SPAM AND VIRUS RESEARCH\HARDCORE.SCR
23/12/2007 Spy-Agent.bv.dldr Quarantined P:\AXIOM\PROJECTS\GENERAL IT\SPAM AND VIRUS RESEARCH\HARDCORE.ZIP
23/12/2007 Spy-Agent.bv.dldr Quarantined C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP473\A0085138.SCR

20/12/2007 Spy-Agent.bv.dldr Repaired (removed) C:\WINDOWS\System32\drivers\runtime.sys P:\Axiom\Projects\General IT\spam and virus research\hardcore.scr P:\Axiom\Projects\General IT\spam and virus research\hardcore.scr
20/12/2007 Generic RootKit.a Repaired (removed) C:\WINDOWS\System32\drivers\ip6fw.sys P:\Axiom\Projects\General IT\spam and virus research\hardcore.scr P:\Axiom\Projects\General IT\spam and virus research\hardcore.scr

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:07, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\TESTING_SERVER\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
D:\TESTING_SERVER\MySQL\bin\mysqld-nt.exe
D:\TESTING_SERVER\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\TESTING_SERVER\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\TESTING_SERVER\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179855984343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - D:\TESTING_SERVER\Apache\Apache.exe (file missing)
O23 - Service: Apache2 - Apache Software Foundation - D:\TESTING_SERVER\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySQL - Unknown owner - D:\TESTING_SERVER\MySQL\bin\mysqld-nt (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

--
End of file - 9223 bytes

BC AdBot (Login to Remove)

 


#2 stemsley

stemsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 January 2008 - 07:17 AM

Any thoughts about my Hijack This log, or am I all clear?!! Thanks

#3 stemsley

stemsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 11 January 2008 - 08:53 AM

Just when I thought it was safe... well, after 8 days of the PC purring like a kitten with no trojan warnings and thinking I'm in the clear, imagine my joy at receiving a new mcafee warning 10 mins ago warning about Spy-Agent.cj.gen.h being detected and removed. It seems there is still trouble in my system.

Any advice/help.... even a response would be much appreciated!

#4 stemsley

stemsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 11 January 2008 - 01:29 PM

Ever feel like you're talking to yourself?!! For interested parties (0 at the latest count...) I contacted mcafee through their website, opened up a free web chat with an advisor who advised me to download the lastest mcafee DAT files, turn off system restore and run a full scan of the PC in safe mode from the command line. 2.5 hours later, scan complete - the process did identify (and apparantly delete) the trojan Spy-Agent.cj.gen.h as hoped and upon reboot there has been no further warning. I'll post again should the trojan return.

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:54 PM

Posted 21 January 2008 - 09:52 PM

Hello and welcome BC. :thumbsup:
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it’s taking us longer to catch up. If you still require assistance please post a fresh HijackThis log and I’ll be happy to help you.

Thanks for your patience.

#6 stemsley

stemsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 22 January 2008 - 04:59 AM

Hi

Thanks for responding. All has been weel now since 11/01/08 so either I have just put the kiss of death on it and my fortunes will invert once more... or, I truly am trojan/virus free.

Cheers

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:54 PM

Posted 22 January 2008 - 06:29 AM

Hi,

Glad to hear things are OK and thanks for letting us know. Stay safe! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users