Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent issues


  • Please log in to reply
7 replies to this topic

#1 Melhatesviruses

Melhatesviruses

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 28 December 2008 - 04:51 PM

This computer had issues before, and I wonder if I never fully got rid of them.

Issues start with random popups. Today, my desktop picture disappeared and I had warnings my home page and search preferences had been changed (message came up confirming and I denied access).

I ran the ATF-cleaner, then a malwarebytes' anti-malware, which said it found and deleted several issues including the Trojan.Fake Alert and Trojan.Agent.

I tried to start the computer in safe mode, but the system appears to have a start up issue. On normal boots, I get a screen asking if I want the recovery console or Win XP. It's been doing that for awhile and we just hit enter to choose the WIN XP. But when I attempted the safe mode, it kept circling back around to the same menu, saying there was an issue with safe mode. Not sure if this was caused by the infection or not, but from prior experience, I'm guessing it'll be an issue in cleaning if I can't get to safe mode.

Other than the ATF and MBAM software, my system has SUPERAntiSpyware Free and AVG Free Edition.

Looking for help getting this computer as clean as possible. Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 28 December 2008 - 10:49 PM

If you were to Update and run MBAM now it will come back all 0's? If not post that log,thank you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Melhatesviruses

Melhatesviruses
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 29 December 2008 - 06:29 PM

I ran another complete scan after updating and it does come back clear. It did that last time it was "clean" but then after being off for a week, as soon as we fired up we were getting AVG warnings like crazy about Trojans it was stopping.

My desktop picture has not come back and I'm getting a strange error about a program not being able to start upon start up. It's name is a row of boxes (perhaps a font or language not installed on my computer?).

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 29 December 2008 - 08:12 PM

OK.. I would like you to run SDFix

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Is that "strange error about a program " something like this....
A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message
The boxes just may be the file is corrupted.

desktop picture has not come back

Do you have a blue or white screen? Is it just icons are bad?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Melhatesviruses

Melhatesviruses
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 01 January 2009 - 11:34 AM

I've tried this a couple of times, but the problem now lies in the computer being able to boot- period. I've had the laptop near me while working on the desktop, the infected computer. So I've been reading the instructions. I used the information found on how to re-start in Safe Mode using MSCONFIG and now the computer is locked in a really ugly circle of attempting to boot.

I get the initial screen: choose which operating system to load, and it gives me the option of Win XP or a Recovery Console. Chosing WIN XP, I then get a black screen, white writing which says "We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this." I get the options for safe mode, but no matter WHAT I chose on that page, it acts as if it's going to boot, then takes me back to the initial screen which asks about the operating system. If I hit F8 for more advanced options, I get the safe mode options as well as some others, including "last known good config" and none of those will work.

So now I can't get into windows at all. I did get the SDF saved to desktop and hit run, that's as far as I got, then tried the re-boot in safe mode and am in this predicament.

Help!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 01 January 2009 - 03:06 PM

Hello again this is a very serious infection. it has unfotunately taken over. The following options are what you really only have left.
They are either a full wipe of the hard drive and reinstall the Operating system. Or to boot from the XP Cd and choose a repair install. That should give you a usable PC, saves your files but you still have an infectd PC. So at that point you will need to post a HJT log. You will need this link to do that.
Preparation Guide For Use Before Using Hijackthis
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Melhatesviruses

Melhatesviruses
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 01 January 2009 - 04:33 PM

I'm not sure how I can obtain a hijack this log if I can't even get into the system. By using the recovery start up, I was able to access the c: prompt and can "see" things, but can't get any programs to run.

I have a Windows CD and a separate F: hard drive that has a command.com and as far as I can tell, the back up of original config.

I backed up the my documents files of this computer a while back and those files haven't been updated. I don't have an issue wiping and resetting this computer back to original config, but I'll need some guidance how. If someone can walk me through how to use the F: drive to reboot, that would be great. I can see from using "Help" at the c: prompt there are a number of commands I can use, but it's been WAY too many years since I've worked with Dos like this and even then it was on a amatuer level.

Can you direct me to get this computer back up and running from here?


EDITED TO ADD: I rebooted the computer and it loaded, but it's not in safe mode. Can anything be done with it NOT in safe mode? Or should we address the safe mode issue first?

Edited by Melhatesviruses, 01 January 2009 - 05:31 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 01 January 2009 - 06:47 PM

Hello, I would recommend that the format /install option be used. considering the safe mode issue the PC is in serious trouble. Fortunately you are backed up so you won't lose your Data. I would recommend a low level format with Download KillDisk Suite(Free)v.5.0 -

There are some guide info here
Reformatting Windows XP

Michael Stevens Tech

You can also post the question in the XP forum at the top and you will be helped through this. As it's not a malware issue it is handled there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users