Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan.Win32.Inject and/or PWS.Win32!IK

  • Please log in to reply
2 replies to this topic

#1 teedubblu


  • Members
  • 3 posts
  • Local time:03:42 PM

Posted 03 December 2009 - 05:58 AM

Hi,all. I wonder if you guys would be good enough to help with this one? I have a virus /Trojan I can't find an easy solution to. AVG shows 'multiple threats detected'. ‘File Name : C\WINDOWS\system32mswsock32.dll’ and Threat Name ‘ Trojan horse Agent2ABKB’ I can’t seem to remove it though, with AVG. I downloaded Asquared Antivirus, which found: ‘Trojan.Win32.Inject!IK’ in C\Qoobox\Quarantine|C|Windows|system32|sdra64.exe.vir and in C\WINDOWS\System32\1D.tmp . It also found ‘PWS.Win32!1K’ in C\WINDOWS\system32\33.tmp. I quarantined them, but the threat reappeared the moment I opened Chrome browser. (My Iexplorer failed some time ago, and I used Firefox until recently when that stopped re-acting to the mouse! Then I loaded Chrome) I’ve run LSP fix, which shows clear now, and combofix, and hijackthis. I have hopefully atttached my latest hijackthis file successfully here. Please help if you can., I would be very grateful indeed.

BC AdBot (Login to Remove)


#2 teedubblu

  • Topic Starter

  • Members
  • 3 posts
  • Local time:03:42 PM

Posted 03 December 2009 - 06:12 AM

Here’s an addendum that could be helpful? Although LSP fix says ‘No Problems found’, in the ‘Keep’ Box, it refers to the following file and description:
File Description
mswsock32.dll Udp
mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (Protocol handler)
sliplsp.dll (Protocol handler)

(mswsock32.dll is where AVG says the infection is)

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,041 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:42 PM

Posted 03 December 2009 - 11:15 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users