Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.win32.agent.eeu


  • This topic is locked This topic is locked
3 replies to this topic

#1 todds

todds

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 22 June 2008 - 02:43 PM

Hello,

I am running Windows XP Service Pack 3. My computer had what was being identified as "Trojan.win32.agent.eeu". It disabled task manager & took over the screen display with a solid blue screen and this message "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats. Click here to scan your PC for spyware." If I changed the display, the blue screen came right back. Here is a screenshot:

Posted Image


There was also a red box that popped up periodically stating that the computer was infected with Cool Web, different Trojans, and other peculiar file names. In addition an exclamation point in a yellow triangle appeared randomly in my tray. It displayed a message about the computer being infected with spyware, malware, etc.

Lastly, what appears to be a bogus windows security box pops up and claims that the computer is infected with trojandownloader.xs and when you click on it, it took you to a bogus site.

I had updated both Norton & Microsoft, though the problem was not picked up on full system scans done with either. At your advice I ran Kaspersky & Deckard's System Scanner and it appears to be gone. (Yippee!) The weird blue screen was still displayed, but after changing the desktop background it has not reappeared as it did before. Attached are the logs. I'm not very technical.... is the problem truly resolved? Hopefully this will help others. Thank you for your awesome website!!!


Susan

Attached Files



BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 July 2008 - 09:24 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 todds

todds
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 17 July 2008 - 10:53 AM

Hello Renato,

Thank you for your reply. We have fixed the problem by means described in my post. The task manager remained disabled and we had to change the key to fix it, but all is good now. Thanks, again for your time!!

Susan

#4 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 18 July 2008 - 09:20 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users