Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Agent.its Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vostro

Vostro

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 06 May 2009 - 11:40 AM

I have the Agent trojan found by Avira anytime I open internet explorer or MS Word or the calculator or just about anything. Ive tried to adaware or spybot and cant get it cleaned.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Dr Keller at 11:53:55.73 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.384 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:Program FilesNETGEARWG311v3WinDomainlogon.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
svchost.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNETGEARWG311v3WinDomainlogon.exe
C:Program FilesNETGEARWG311v3WinDomainlogon.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32LMSAL1K.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesYahoo!Messengerypager.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsDr KellerDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [updateMgr] "c:program filesadobeacrobat 7.0readerAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Yahoo! Pager] "c:program filesyahoo!messengerypager.exe" -quiet
mRun: [ATIPTA] "c:program filesati technologiesati control panelatiptaxx.exe"
mRun: [SetRefresh] c:program filescompaqsetrefreshSetRefresh.exe
mRun: [LMSAL1K] LMSAL1K.exe
mRun: [WorksFUD] c:program filesmicrosoft workswkfud.exe
mRun: [Microsoft Works Portfolio] c:program filesmicrosoft worksWksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:program filesmicrosoft worksWkDetect.exe
mRun: [PunchClock Server] c:program filespunchclock server2PunchClock Server.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:progra~1yahoo!messen~1YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211379184468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1drkell~1applic~1mozillafirefoxprofilesw1pdfdot.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-4-23 11608]
R2 aawservice;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareaawservice.exe [2008-9-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-4-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-4-23 185089]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-4-23 55640]
S3 SlingAgentService;SlingAgentService;c:program filessling mediaslingagentSlingAgentService.exe [2008-12-10 88576]

=============== Created Last 30 ================

2009-04-29 11:07 <DIR> --d----- c:program filesTrend Micro
2009-04-29 11:05 <DIR> --d----- c:docume~1drkell~1applic~1Malwarebytes
2009-04-29 11:05 15,504 a------- c:windowssystem32driversmbam.sys
2009-04-29 11:05 38,496 a------- c:windowssystem32driversmbamswissarmy.sys
2009-04-29 11:04 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-04-29 11:04 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-04-29 11:00 <DIR> --d----- c:windowssystem32KB905474
2009-04-23 08:55 55,640 a------- c:windowssystem32driversavgntflt.sys
2009-04-23 08:55 <DIR> --d----- c:program filesAvira
2009-04-23 08:55 <DIR> --d----- c:docume~1alluse~1applic~1Avira
2009-04-17 09:08 473,088 -------- c:windowssystem32dllcachefastprox.dll
2009-04-17 09:08 401,408 -------- c:windowssystem32dllcacherpcss.dll
2009-04-17 09:08 284,160 -------- c:windowssystem32dllcachepdh.dll
2009-04-17 09:08 227,840 -------- c:windowssystem32dllcachewmiprvse.exe
2009-04-17 09:08 110,592 -------- c:windowssystem32dllcacheservices.exe
2009-04-17 09:08 60,416 -------- c:windowssystem32dllcachecolbact.dll
2009-04-17 09:08 715,264 -------- c:windowssystem32dllcachentdll.dll
2009-04-17 09:08 617,984 -------- c:windowssystem32dllcacheadvapi32.dll
2009-04-17 09:07 215,552 -------- c:windowssystem32dllcachewordpad.exe

==================== Find3M ====================

2009-03-21 08:18 986,112 -------- c:windowssystem32dllcachekernel32.dll
2009-03-06 08:00 284,160 a------- c:windowssystem32pdh.dll
2009-03-02 18:18 826,368 a------- c:windowssystem32wininet.dll
2009-03-02 18:18 826,368 a------- c:windowssystem32dllcachewininet.dll
2009-02-27 22:54 636,072 -------- c:windowssystem32dllcacheiexplore.exe
2009-02-20 04:20 70,656 -------- c:windowssystem32dllcacheie4uinit.exe
2009-02-20 04:20 13,824 -------- c:windowssystem32dllcacheieudinit.exe
2009-02-19 23:14 161,792 a------- c:windowssystem32dllcacheieakui.dll
2009-02-11 14:17 323,584 a------- c:windowssystem32AUDIOGENIE2.DLL
2009-02-10 18:31 453,120 -------- c:windowssystem32dllcachewmiprvsd.dll
2009-02-09 04:20 1,847,424 a------- c:windowssystem32win32k.sys
2009-02-09 04:20 1,847,424 -------- c:windowssystem32dllcachewin32k.sys
2009-02-09 04:01 728,576 a------- c:windowssystem32lsasrv.dll
2009-02-09 04:01 617,984 a------- c:windowssystem32advapi32.dll
2009-02-09 04:01 401,408 a------- c:windowssystem32rpcss.dll
2009-02-09 04:01 728,576 -------- c:windowssystem32dllcachelsasrv.dll
2009-02-09 04:01 715,264 a------- c:windowssystem32ntdll.dll
2009-02-06 04:32 2,186,112 -------- c:windowssystem32dllcachentoskrnl.exe
2009-02-06 04:29 2,142,720 a------- c:windowssystem32ntoskrnl.exe
2009-02-06 04:29 2,142,720 -------- c:windowssystem32dllcachentkrnlmp.exe
2009-02-06 04:22 110,592 a------- c:windowssystem32services.exe
2009-02-06 03:54 35,328 a------- c:windowssystem32sc.exe
2009-02-06 03:54 35,328 a------- c:windowssystem32dllcachesc.exe
2009-02-06 03:49 2,020,864 a------- c:windowssystem32ntkrnlpa.exe
2009-02-06 03:49 2,020,864 -------- c:windowssystem32dllcachentkrpamp.exe
2009-02-06 03:49 2,062,976 -------- c:windowssystem32dllcachentkrnlpa.exe
2005-10-06 14:17 280,576 ac------ c:windowsinfwg311v3WG311v3XP.sys
2005-10-06 14:17 280,576 ac------ c:windowsinfwg311v3WG311v3.sys
2005-03-01 10:16 212,992 ac------ c:windowsinfwg311v3CopyWHQLDriver.exe

============= FINISH: 11:54:58.90 ===============

here is the attachment...

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 06 May 2009 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 Vostro

Vostro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 14 May 2009 - 04:03 PM

I just ran Malwarebytes Antimalware and it corrected the problem! Thats odd because I had scanned before but to no avail. Problem solved!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:20 AM

Posted 14 May 2009 - 10:14 PM

Thank you for letting us know. This topic shall now be closed. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users