Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent_r.TY


  • Please log in to reply
4 replies to this topic

#1 bineye

bineye

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 30 August 2010 - 04:59 AM

Hi.
OS: Windows Vista Home Premium SP2
Problem: I have AVG installed, and somehow a virus has made it's way onto my system (i say this because i lend my computer out to people and the second something goes wrong its dumped back to me and no one knows anything about it)
Anyway, the virus scanner is set off literally every few seconds by Trojan Horse Agent_r.TY in C:\Users\*Username*\AppData\Local\Windows\WinHelp.exe
The trojan tries to latch on to 3 places, in a cycling order:
*C:\Windows\System32\svchost.exe (Process ID 1112)
*C:\Windows\explorer.exe (ID 2008)
*C:\Program Files\Windows Defender\MSASCui.exe (ID 2072)

I tried scanning with MalwareBytes MBAM, AVG, Spybot and CCleaner and the problem still exists.

Anyone encountered this, or know how to get rid of it? I am really a computer noob so any help is appreciated. :thumbsup:

Thanks!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:22 PM

Posted 30 August 2010 - 06:44 AM

Can you post the logs from Malwarebytes Anti-Malware?

#3 bineye

bineye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 30 August 2010 - 08:57 AM

Yeah no probs! Thanks for the reply! Thing is the scan came up clean:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4390

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

30/08/2010 10:07:39
mbam-log-2010-08-30 (10-07-39).txt

Scan type: Quick scan
Objects scanned: 16220
Time elapsed: 17 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:22 PM

Posted 30 August 2010 - 09:03 AM

Can you do a full scan?

#5 bilbono

bilbono

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 30 August 2010 - 01:22 PM

Wow, I just ran across this same virus today. This thread was the only Google result for "trojan horse agent_r.TY", which is what AVG identifies it as. AVG couldn't do anything about it. It appears to have shut down Windows Security and Firewall and they can't be restarted. Looks like it also shut down the internet connection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users