Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN.AGENT.U HELP


  • Please log in to reply
7 replies to this topic

#1 maschari25

maschari25

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 26 March 2011 - 09:33 PM

Hello everyone, Im new. I have always came to this site to look for help but never had to ask questions always found my answers from others forum posts.
Today i noticed my Windows defender had a issue i looked at it and it said there was an infection. Scaned my pc with avira and MBAM and it picked up four infections got rid of all of them, except TROJAN.Agent.U . So i scanned again and removed it and it was gone scanned again and its still gone. but i am paranoid and my pc does not feel safe to me.

The only Symptoms my pc was really having was Firefox was running slow and once and a while when i would click a link it would take me to a sketchy looking site.

so i was to post a hijack this log so maybe i can get some sleep tonight lol. But i just downloaded Hijackthis and it doesnt give me the option to run as admin when i right click..... help

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 AM

Posted 26 March 2011 - 10:00 PM

Hello, I moved this from Vista to the Am I Infectedforum.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 maschari25

maschari25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 27 March 2011 - 08:32 AM

OK im working on it as we speak.thanks

#4 maschari25

maschari25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 27 March 2011 - 11:44 AM

ESET has been scaning for 3 hours and its only at 47%! 11 threats found this is taking forever. some of the threats are.

Win32/PrcView application
java/trojanDownloader.OpenConnection.JJ trojan
java/trojanDownloader.openStream.NAC Trojan
PDF/Exploit.Pidief.PDS.Gen Trojan

all of my other alerts are from a program called cheat engine i dont think it has anything serious in it but it looks like a trojan/malware to the program. should i diconnect from the net while this scans. for security purposes?

i was in google and searching one of the trojans info and i clicked a link and got sent to http://www.infomash.org/100/7274/search.php?k=java%2FtrojanDownloader.OpenConnection.JJ+trojan&nw=0&sid=5f04a7ab81cccc8108fe5491135840bc

the link that i clikced actually was http://www.securelist.com/en/descriptions/94999/Trojan-Downloader.Java.OpenConnection.d

Edited by maschari25, 27 March 2011 - 11:47 AM.


#5 maschari25

maschari25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 27 March 2011 - 12:50 PM

OK i ran the ESET scan and i have attached the log. MBAM picked up nothing so theres no reason to post the log.

I guess it seems to be runing ok but im nervious because i use my pc to do all of my banking and i buy alot of stuff online. i just want to make sure that theres nothing lurking there in the background. i have changed my passwords via another pc. and my bank account has not been touched. just nervous, feel like someone came into my home, i feel like they could come back at any time.
thanks,
--------------------------ESET---LOG--------------------------------------------------------------------------------------------------------------------------------------
C:\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application cleaned by deleting - quarantined
C:\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\plugtmp-15\plugin-dldmalkzkrgsez.pdf PDF/Exploit.Pidief.PDS.Gen trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\55a4ff8b-5dda1676 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5bb1127a-163e3a69 Java/TrojanDownloader.OpenConnection.JJ trojan deleted - quarantined
C:\Users\Tony\Desktop\DR\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Tony\Downloads\CheatEngine55.exe multiple threats deleted - quarantined
C:\Windows\System32\Process.exe Win32/PrcView application cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 AM

Posted 27 March 2011 - 02:20 PM

Hello,you should uninstall Smitfraudfix as it has not been updated in 4 years. MBAM will do the same functions now.

What version of JAVA is running,if any? There were no backdoors,rootkiys or infostealers found so your banking is secure.
Go into Control Panel> Programs > Uninstall a Program.
Go down the list and tell me what Java applications are installed and their version.

All those java trojans are removed.
When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 maschari25

maschari25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 27 March 2011 - 07:25 PM

I have done completed all of the instructions and my java is up to date version 6.0 i believe

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 AM

Posted 27 March 2011 - 08:37 PM

Ok,looks good here. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users