Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PSW.Agent.VQA found AVG not fixing


  • Please log in to reply
9 replies to this topic

#1 klogilvie

klogilvie

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 19 October 2008 - 03:44 PM

My AVG Internet Security (paid version) found 6 unhealed trojans called PSW.Agent.VQA all in Program Files/Quicken files. I don't even use Quicken.

This occured on the same day that I accepted a friend request on Facebook for a friend that was tagged without a link in several of my photos and I had previously set my photo privacy to "friends of friends" (now I have it set to "friends only"). The fake friend never responded to my message and also has since deleted from my friend.

I feel like this was a planned attack. Maybe other people are experiencing this?

Other symptoms - cursor is always lagging and acting strange. My computer usage is always very high and computer is slow.

Thanks for any help! I will let Facebook know as well.
Katherine

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 19 October 2008 - 04:20 PM

:thumbsup: I THINK you may have a serious infection on there that may well require an HJT log to be analysed :flowers:

Could you please first run a couple of scans for the Team to check out?
instructions for malawarebytes can be found here
http://www.bleepingcomputer.com/forums/ind...st&p=959453

and for superantispyware
http://www.bleepingcomputer.com/forums/ind...st&p=959604

PLease DO let FaceBook know of your problem

Also it might be useful to know if you do Internet Banking etc on the affected computer?Are you of the impression that you are not in control of your computer?

#3 klogilvie

klogilvie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 19 October 2008 - 04:54 PM

I am running the scans (malwarebytes has found problems already) and have let facebook know. Yes, I do internet banking, this morning actually I did some bill paying. I only feel not in control of my computer in that the cursor sometimes acts funny, is slow to move forward or backwards. Also one time a few days ago the screen seemed to open and close not in the same way I was intending, hard to explain, it was like I minimized and it maximized or maybe the other way around. But it only happened that one time. At night I usually just put my computer to sleep and when I get up it is still sleeping. But all day it is on. Thanks for helping!

#4 klogilvie

klogilvie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 19 October 2008 - 05:03 PM

Malwarebytes' Anti-Malware 1.29
Database version: 1290
Windows 5.1.2600 Service Pack 3

10/19/2008 3:00:39 PM
mbam-log-2008-10-19 (15-00-39).txt

Scan type: Quick Scan
Objects scanned: 76341
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#5 klogilvie

klogilvie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 20 October 2008 - 09:45 AM

Wow - this scan took 10 hours!!! It found lots of cookies. Does that mean that the viruses are gone? I think I should run Malwarebytes on my I external backup drive as well, I wasn't sure if the quick scan did that.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2008 at 02:12 AM

Application Version : 4.21.1004

Core Rules Database Version : 3602
Trace Rules Database Version: 1588

Scan type : Complete Scan
Total Scan Time : 10:37:39

Memory items scanned : 191
Memory threats detected : 0
Registry items scanned : 7164
Registry threats detected : 0
File items scanned : 268696
File threats detected : 141

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@a.findarticles[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@a.findarticles[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@account.toontown[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@accounts[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@accounts[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@accounts[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@accounts[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@acvs.mediaonenetwork[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ad.tradingcharts[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.airamericaradio[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.allaboutvision[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.as4x.tmcs[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.as4x.tmcs[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.associatedcontent[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.associatedcontent[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.cantonrep[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.cnn[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.cnn[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.foodbuzz[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.mediaturf[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.ogdenpubs[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.plos[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.plyrics[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.pugetsoundsoftware[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.smallworldlabs[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.swiftnews[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.techguy[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.techguy[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@ads.techguy[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@adserver.thegearjunkie[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@app.insightgrit[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bear-tracker[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bizrate.lycos[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bizrate[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bizrate[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bizrate[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@bizrate[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@centralmediaserver[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@clicktorrent[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@collective-media[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@collective-media[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@collective-media[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@counter.surfcounters[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@crossmediaservices[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@digimediafinance[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@dmtracker[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@find-me-a-gift.co[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@find-me-a-gift.co[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@findagrave[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@findarticles[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@householdtraditions[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@housingtracker[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@indexstats[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@kads1.keebali[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@link.mercent[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@link.mercent[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@link.mercent[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@link.mercent[5].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@m1.webstats.motigo[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@media.medhelp[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@media.medhelp[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@media.sensis.com[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@media.sensis.com[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@mediaonenetwork[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@montereycountyweekly[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nextag[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nextag[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nextag[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nextag[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nextag[5].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@nir.regaccount[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@publicrecordfinder[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@rdsa.tripod[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@richmedia.yahoo[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@richmedia.yahoo[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@richmedia.yahoo[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@richmedia.yahoo[5].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@roi.clicklab[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sales.liveperson[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sales.liveperson[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sales.liveperson[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sales.liveperson[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sales.liveperson[5].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@saletrack.co[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@saletrack.co[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@server.iad.liveperson[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@server.iad.liveperson[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@server.iad.liveperson[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@showcount.vendio[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sitebrand.discountdance[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sitestat.mayoclinic[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sitestat.mayoclinic[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@sitestat.mayoclinic[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@socialmedia[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@stat.dealtime[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@stats.rubbermaid[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@stats01.pointshop[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@Stats[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@track.bestbuy[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@track.bestbuy[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@track.bestbuy[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@track.searchignite[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@track.trackads[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tracking.dsmmadvantage[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tracking.foxnews[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tracking.foxnews[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tracking.hearthstoneonline[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@trackvia[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@traffic.buyservices[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@trafficdashboard[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@trafficdashboard[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@traffictrack[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tripod[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tropicaltraditions[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@tropicaltraditions[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@velveteenmind[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@vhost.oddcast[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@vhost.oddcast[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@webstat.pge[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@webstat.pge[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@webtrack.dhlglobalmail[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.accountonline[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.accountonline[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.adxtn[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.dentalfind[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.discountdance[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.elitecarseats[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.findgift[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.findgift[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.findgift[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.findgift[4].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.findgift[5].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.friendlytrack[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.life-enhancement[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.montereycountyweekly[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.poolclick[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.trackingx[1].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.tropicaltraditions[2].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.tropicaltraditions[3].txt
I:\New Backup Job #1\MP\IE\Cookies\owner@www.velveteenmind[1].txt

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 AM

Posted 20 October 2008 - 11:55 AM

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Also let me know how your computer is running and if there are any more reports/signs of infection.

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

The type of cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. They are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners. Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups nor do they install malware.

As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize this by reading "Blocking & Managing Unwanted Cookies" and "Block Third-Party Cookies in IE7".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 klogilvie

klogilvie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 20 October 2008 - 02:24 PM

MBAM found nothing! My computer seems to be working well. I am going to check my msconfig for unecessary processes, see if that helps the slow loading of software..computer usage sometimes goes to 80+%. Thanks!

-------------------------------

Malwarebytes' Anti-Malware 1.29
Database version: 1290
Windows 5.1.2600 Service Pack 3

10/20/2008 12:02:55 PM
mbam-log-2008-10-20 (12-02-55).txt

Scan type: Quick Scan
Objects scanned: 77858
Time elapsed: 30 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 AM

Posted 20 October 2008 - 02:32 PM

If your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 klogilvie

klogilvie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 21 October 2008 - 12:49 PM

My computer seems to be running good! Thanks for all the help! I will go through the list of recommendations for slow computers.

Thanks again so much!!!!!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 AM

Posted 21 October 2008 - 12:53 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users