Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with trojanproxy.agent infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 annaeswanson

annaeswanson

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 12 June 2011 - 03:44 PM

Hi,
I have:
win32/trojanproxy.agent.whs
Trojanproxy.agent
Trojan.agent

I have run:
AVG - scan was disabled
Superantispyware
Spybot Search and Destroy
Ccleaner Registry Cleanup
Malwarebytes

and all report no more infections but my google search results are still being hijacked/redirected and malwarebytes is continuing to block potentially malicious websites (Type: outgoing). I have started searching only via the AVG toolbar.

Any help and assistance is more than appreciated!

Edited by hamluis, 12 June 2011 - 04:27 PM.
Moved from AII to MRL at MRT request.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 12 June 2011 - 04:02 PM

Hi there,

Could you please post a DDS log so I can get a better idea of what's going on? :) I'll also ask a Mod to move this to the malware removal forum.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 annaeswanson

annaeswanson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 12 June 2011 - 07:19 PM

Id' love to...but I don't know how. Sorry! Can you send me instructions on where to find a dds log?
Thanks so much for your help!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 12 June 2011 - 07:36 PM

My apologies.....have a look here : http://www.bleepingcomputer.com/forums/topic34773.html :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 annaeswanson

annaeswanson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 12 June 2011 - 09:28 PM

Thanks! Here you go:
Attached File  dds.txt   17.18KB   2 downloads
Attached File  attach.txt   17.77KB   0 downloads

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 12 June 2011 - 10:12 PM

Thank you :)

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 annaeswanson

annaeswanson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 12 June 2011 - 11:17 PM

Thanks - It said it had one and I "cured" it. Attached File  TDSSKiller.2.5.4.0_12.06.2011_21.29.22_log.txt   45KB   2 downloads

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 13 June 2011 - 01:39 PM

Indeed it did. :) How is it running now?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 annaeswanson

annaeswanson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 13 June 2011 - 01:44 PM

It seems to be working well! Is there anything else I should do?

I REALLY appreciate all of your help!

Thank you,
Anna

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 13 June 2011 - 01:48 PM

Excellent to know, and you're most welcome. :thumbup2:

I see you have MBAM. Have a quick scan with it and let me know if it finds anything. It should be quiet, but I want to be sure before I let you go. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 annaeswanson

annaeswanson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 13 June 2011 - 11:00 PM

Looks good - here is the log from the Malwarebytes scan: Attached File  mbam-log-2011-06-13 (21-48-54).txt   918bytes   1 downloads

THANK YOU!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 14 June 2011 - 02:28 PM

Hello Ms. Anna,

You're most welcome....and I do believe you're good to go now. :thumbup2:

If you have any questions or concerns, please do ask. Otherwise............

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:20 AM

Posted 07 August 2011 - 01:01 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users