Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan.Agent help needed

  • Please log in to reply
No replies to this topic

#1 jovan34


  • Members
  • 1 posts
  • Local time:04:54 AM

Posted 08 May 2009 - 03:49 PM

Hey. :thumbsup:

I have been pulling my hair out since Tuesday with this computer and am in desperate need of help before I'm completely bald! I would appreciate any help you could give me.
While browsing the web on tuesday night I suddenly got hammered with a BIG virus. (Lots of IE windows opening when I use Firefox, redirecting me to wrong websites, etc). I have run AVG, Spybot, Malware, SuperAntiSpyware and others to try and fix this.
For example, I run Malware and it finds some trojans and removes them. Not long later they are back on my computer again. It removed all my system restore points so I cannot go back. I also cannot create a new restore point. I can't update my anti virus program. I can't open any websites to do with anti virus programs or Microsoft. (I can in safe mode though! :D) It also randomly throws me to different websites to what I have clicked. Usually in google search.
It continually adds autochk and ChkDisk to my start up menu. I never log the computer off without opening msconfig and removing them AGAIN. It keeps throwing protect.dll into my documents and settings folder. (I know when it is happening as Spybot keeps popping up a box to tell me, and it happens over and over).

This is a copy of the last mbam I did.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

08/05/2009 21:25:04
mbam-log-2009-05-08 (21-25-04).txt

Scan type: Quick Scan
Objects scanned: 68559
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Katrina\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Katrina\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Katrina\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

It is the same files infected over and over. Sometimes another one or two are added as well. Also sometimes when opening files it brings up a box telling me the windows disk is not in the drive. I click cancel three times and it goes away and opens the file anyway. But it has never done that before.
Thanks in advance for any help.

Edited: I think it has something to do with Rundll.32.exe. When I open my system 32 folder, the dll files have the green and orange cog wheel type things on them. The run32dll file does not. (I don't know if this is normal or not). Also run32dll sometimes pops up on my task manager which it has never done before. That is usually when my firefox starts playing up. If I end the program, my firefox works again.

Edited by jovan34, 09 May 2009 - 03:42 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users