Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojandownloader.agent.acv Trojan Help


  • Please log in to reply
1 reply to this topic

#1 kris007

kris007

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 28 February 2006 - 10:13 AM

Guys this is my first post. I have Windows Xp professional without any service packs installed. This problem started around 2 weeks back. At that time I had Norton 2005 with the latest updates and PC-CILLIN also with the latest updates. The first sign was when Norton reported some files missing and asked to reinstall. I reinstalled the application. After 2 days my computer went haywire. When I started out the computer both PC-CILLIN and NORTON detected a virus in my temp directory. There were a large number of files being created in the TEMP directory. I had set up both of the antiviruses to delete the files. Files started from something 0000 to E345 . It used to stop after a while. I uninstalled Norton because it was not allowing access and PC-CILLIN detected the virus inside Norton quarantine. The messages stopped coming. I then installed ANTIVIR which did not detect anything. Now the main trouble started coming.
When I started my comp, some programs like firefox and azereus did not used to respond. They did not open up but when I opened task manager it showed that they were running. Also after a while the explorer just used to shut off and I had to restart the application. PC-CILLIN also went haywire as it kept on giving pop-ups. I tried to set that option off in the emergency centre but it denied me access.
So I heard on some forums that NOD32 was very good and so tried that and uninstalled ANTIVIR. It detected the following applications I have submitted the log list as shown below. I also uninstalled PC-CILLIN after really getting annoyed with the pop-ups. So now my computer runs half of the time. The first thing I check on starting my comp is whether firefox runs. If it does'nt I restart the system until I can do that. Nowadays it starts only once in 3 times I start off.
So guys can anyone please explain what is going on? And how to get my system back to normal without having to reformat the entire system. Also please suggest the settings for NOD32 and some really good antivirus.






Time Module Object Name Threat Action User Information
2/28/2006 16:19:22 PM AMON file C:\WINDOWS\win32ssr.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
2/28/2006 15:42:24 PM AMON file C:\WINDOWS\win32ssr.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
2/25/2006 2:16:52 AM AMON file C:\WINDOWS\system32\wbem\wmiprvi.dll Win32/TrojanDownloader.Agent.ACV trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
2/25/2006 2:15:49 AM AMON file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U5GVCRED\tds[1].exe Win32/TrojanDownloader.Agent.ACV trojan deleted NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
2/25/2006 2:15:19 AM AMON file C:\WINDOWS\system32\perfont.exe Win32/TrojanDownloader.Agent.ACV trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
2/25/2006 2:14:07 AM AMON file C:\windows\system32\perfont.exe Win32/TrojanDownloader.Agent.ACV trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
2/25/2006 2:13:45 AM Kernel file c:\windows\system32\perfont.exe Win32/TrojanDownloader.Agent.ACV trojan Alert was generated during the system startup file check.

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 AM

Posted 28 February 2006 - 12:15 PM

Its hard to tell from your post but have you been running two anti-virus programs at the same time.

The concern with using more than one anti-virus program is due to conflicts that can arise from them both running together in real-time protection mode. Each program will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to "False Positives". Further anti-virus software componets insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources.

While operating in real-time mode, if one AV program finds a virus and then the other AV program also finds the same virus, then both programs will be competing over exclusive rights on dealing with that virus. Each piece of AV software will attempt to seize the offending file and quarantine it. Further, if one AV finds and quarantines the file before the other one does, then you encounter the problem of both AV's wanting to scan each other's zipped or archived files. This can lead to a repetivite cycle of endless alerts that continually warn you that a virus has been found.

With that said, I suggest you only using one anti-virus and then download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users