Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan Agent_r.apx


  • Please log in to reply
3 replies to this topic

#1 Onemoredale

Onemoredale

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 21 October 2011 - 11:02 AM

Greetings.

Today I managed to get my computer infected with a trojan horse virus called Agent_r.APX while trying to visit the robyn.com website. When accessing this website a Adobe Acrobat Reader window appeared and in a matter of seconds my AVG Free software reported that a trojan had infected my computer, although at first it reported that it had been dealt with.

After quickly closing my Mozilla Firefox software, disabling my internet-connection as well as closing the AVG report window, a second AVG report window appeared stating that it had encountered the same trojan and also a window stating that taskmgr.exe wants to be granted access to make changes on the computer. I have tried several times denying taskmgr.exe (assuming that it is not the actual taskmgr that is requesting this) but despite my efforts, it keeps asking for permission.

The next thing I did was to do a full scan on my computer, and the result was this:

File Infection Result
------------------------------------------------------------------------------------------
C:\Windows\explorer.exe (2244) Trojan horse Agent_r.APX Deleted
C:\Windows\explorer.exe (2244):/memory_03130000 Trojan horse Agent_r.APX Infected

Since this second file of the two still had not been dealt with directly, I tried to at first cure it, then quarantine it, but no success.

The next step was searching for this perticular problem online where I came to find your website. Here I have managed to find a similar thread to my problem (which I'm not sure if it was solved or not): http://www.bleepingcomputer.com/forums/topic419939.html/page__p__2416965__hl__taskmgr__fromsearch__1#entry2416965

I went on to check my C:\user\ where I managed to find the file taskmgr.exe just as in this prior case.

So I took up on where this thread left off and made a SystemLook scan. Below are the results.

SystemLook 30.07.11 by jpshortstuff
Log created at 14:11 on 21/10/2011 by Dale
Administrator - Elevation successful

=========== file ===========

C:\users\Dale\taskmgr.exe - File found and opened.
MD5: 545BF7EAA24A9E062857D0742EC0B28A
Created at 08:55 on 21/10/2011
Modified at 12:17 on 20/11/2010
Size: 227328 Bytes
Attributes: --a----
FileDescription: Aktivitetshanteraren (Dales note: This is the swedish word for Task Manager)
FileVersion: 6.1.7600.16385. (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: taskmgr.exe.mui
InternalName: taskmgr
ProductName: Operativsystemet Microsoft Windows (Operative System)
CompanyName: Microsoft Corporation
LegalCopyRight: Microsoft Corporation. Med Ensamrätt. (All Rights Reserved)

-= EOF =-

Also want to note that I am currently using Windows 7 (ServicePack 1).

(I have also tried to just remove the taskmgr.exe file from C:\User\, it was removed, but an error appeared saying that the task I requested could not be executed over and over again (roughly translated from swedish), probably caused by the virus attempting to contact the infected taskmgr.exe



So, is there anything I could possibly do to solve this problem of mine?

Most appreciative for your help, and hope you can reply to me as soon as possible.

Thanks!

/Dale

BC AdBot (Login to Remove)

 


#2 TM_Paul

TM_Paul

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:00 PM

Posted 21 October 2011 - 02:20 PM

Hey dude,

The taskmgr.exe is a legit windows file. The only problem is, the malware injected its malicious codes into it and/or perform a hook on taskmgr.exe.
What I would suggest is for you to run your computer in safe mode w/ network and run an antivirus scan. (there are some free antivirus scanner that can run on safe mode)


"I'll be your silent gaurdian. A watchful protector. A dark knight..."


#3 Onemoredale

Onemoredale
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 23 October 2011 - 11:21 AM

While I must admit I was sceptic about your solution at first, seeing it as something too simple to solve my problem, it actually removed two Generic24 trojans hidden in my system files. And now when I have rebooted the computer aswell as done another full system scan the Explorer.exe file doesn't seem to be infected anymore as well as the "taskmgr.exe does not keep asking about permission"-problem.

Thanks a lot for the help mate. Really appreciate it!

All the best,

Dale

#4 TM_Paul

TM_Paul

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:00 PM

Posted 23 October 2011 - 02:06 PM

There is good explanation for that. In normal mode, the virus hoooks up to the running process and they're granted permission to execute. And as long as they're running together with a legit file, virus scanners will have difficulty finding them because they would appear legi as well. However, with safe mode, windows only load the basic drivers to run the system and most of the hooks are disabled. meaning, the viruses file would appear as is

You're welcome dude, glad to help :thumbsup:

Edited by TM_Paul, 23 October 2011 - 02:13 PM.


"I'll be your silent gaurdian. A watchful protector. A dark knight..."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users