Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan.agent, cant get rid of it in registry

  • Please log in to reply
1 reply to this topic

#1 ptrwntzl


  • Members
  • 1 posts
  • Local time:11:12 AM

Posted 14 April 2009 - 12:40 PM

For a few days now I have been combating a virus that has gotten on to my roommates laptop. Last night i managed to narrow it down from a large infection to a small one where only one infection remained. Following the steps that a site admin had given for another person, I ran mbam, booted into sfae mode ran ATF and SAS. At this point SAS does not detect the the last infection but mbam does. ill post the logs of mbam and sas below. any help provided is greatly appreciated!

Malwarebytes' Anti-Malware 1.36
Database version: 1979
Windows 5.1.2600 Service Pack 2

4/14/2009 12:53:01 AM
mbam-log-2009-04-14 (00-53-01).txt

Scan type: Quick Scan
Objects scanned: 83291
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log

Generated 04/14/2009 at 03:24 AM

Application Version : 4.26.1000

Core Rules Database Version : 3842
Trace Rules Database Version: 1797

Scan type : Complete Scan
Total Scan Time : 01:09:45

Memory items scanned : 254
Memory threats detected : 0
Registry items scanned : 9210
Registry threats detected : 0
File items scanned : 150709
File threats detected : 0

BC AdBot (Login to Remove)


#2 rigel



  • Members
  • 12,944 posts
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:12 AM

Posted 14 April 2009 - 01:35 PM

Is this a work laptop?

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users