Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent


  • Please log in to reply
1 reply to this topic

#1 johnny1783

johnny1783

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 30 August 2011 - 11:06 AM

I don't know what to do about this. I start a malwarebytes scan, and the svchost.exe file is infected with trojan.agent. I tried removing it but it keeps coming back. I also run an AVG rootkit scan and results in me having 28 rootkits!!
Here is the exported log of the infection by Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7608

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/30/2011 11:02:22 AM
mbam-log-2011-08-30 (11-02-01).txt

Scan type: Quick scan
Objects scanned: 174448
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
------------------------------------------------------------
and here is the avg rootkit scan results
Scan "Anti-Rootkit scan" completed.
Rootkits;"28";"0";"28"

Scan started:;"Tuesday, August 30, 2011, 10:30:12 AM"
Scan finished:;"Tuesday, August 30, 2011, 10:31:41 AM (1 minute(s) 28 second(s))"
Total object scanned:;"153916"
User who launched the scan:;"SYSTEM"

Rootkits
;"File";"Infection";"Result"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CREATE -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CLOSE -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_READ -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_WRITE -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_INFORMATION -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_EA -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_EA -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SHUTDOWN -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_LOCK_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CLEANUP -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_SECURITY -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_SECURITY -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_POWER -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_QUOTA -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_QUOTA -> 0xFFFFFA80059B3647";"Object is hidden"
;"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_PNP -> 0xFFFFFA80059B3647";"Object is hidden"
------------------------------------------------------------------------------------------------
I think someone has hacked my computer, but I'm not sure. It would be greatly appreciated if someone could help.

Edited by johnny1783, 30 August 2011 - 11:08 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:40 PM

Posted 30 August 2011 - 11:10 AM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users