Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.win32.agent2.cvif


  • This topic is locked This topic is locked
2 replies to this topic

#1 shuggyo

shuggyo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 30 September 2010 - 02:46 PM

I apologize in advance if this is too long-winded to start out with ... I have a Dell XPS 400 desktop with an XP operating system. My C Drive is at about 40 percent capacity – 85.6G of free space vs. 58.4G used. I also have a 298G second hard drive that I only use to store music files on – it’s at about 70 percent capacity. XP is updated through Service Pack 2 (long story – trying to install Service Pack 3 causes my machine to not be able to boot and the free hotline for SP3 couldn’t fix the problem in three days).

The problem originally manifested Sept. 28 as popups on my monitor claiming it was from a company called Antimalware Doctor that had found viruses on my machine. I closed all appearances immediately, but afterwards I could not access the Internet, my e-mail or Word documents.

I did scans with (newly updated) Malwarebytes AntiMalware, SpyBot Search and Destroy, SuperAntiSpyware, my AVG antivirus program, Windows Defender and Windows Malicious Software Tool Remover. Each one found viruses, spyware, malware, etc. that the others hadn't (full scans were done about two weeks before this that showed zero infections). I now have full function of my system and can get online.

None of the software, however, can repair the remaining problem - being redirected to fake antivirus or insurance sites when I use either Internet Explorer or Firefox. I don't know if these fake sites are continuing to dump more crap on my machine. It doesn't look like it, but I can’t be sure.

As an example, if I click on the link to the MalwareBytes site using Firefox, this Web address shows up instead:
hxxp://googleads.g.doubleclick.net/pagead/nclk?sa=L&ai=1&u=http%3A%2F%2Fwww.malwarebytes.org%2F Sometimes it takes me to a fake or scam site, usually anti-virus, insurance or travel related, and sometimes Firefox prevents the page from redirecting.

I see from other reports that this problem is not unique to me.

The Kapersky online scanner says I have been infected by Trojan.win32.agent2.cvif, and that it is being activated through one of my svchost.exe files. Kapersky, however, does not make any mention of how to get rid of it or what files it is made up of.

When you look through my logs, could you possibly also keep an eye out for a solution to a lesser ongoing problem that started about a year ago – I publish a magazine from home and after a couple of hours of using Photoshop, Word, Quark and other software, the Task Manager shows that the virtual memory size of “explorer.exe” is at 1.2 million K and operations have slown to a crawl or frozen, forcing me to reboot. This never happened in four years until a few months ago. None of the publishing software has been added or upgraded in the four years.

As an aside, as I write this, I have eight instances of svchost.exe showing up on Task Manager and all I have open is a Word document. Is this normal?

I await your words of wisdom with Hijack This, ComboFix, DDS, GMER and Root Repeal already installed, caches and temp files cleared out, and defragmentation done on both drives. I have the XP Recovery Console on a CD-ROM, but it is not installed on the drive.

Thanks in advance!

Edited by Orange Blossom, 30 September 2010 - 10:31 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:17 AM

Posted 30 September 2010 - 10:32 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:17 AM

Posted 01 October 2010 - 09:15 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic351008.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users