Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Agent.huut


  • This topic is locked This topic is locked
2 replies to this topic

#1 71cranberry

71cranberry

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 18 June 2013 - 10:36 AM

   Removal ?   Hi, my handle is 71 cranberry, Thanks for dropping by!

 

     How do I remove this?

 

Win32.Agent.huut

 

    Spy bot  trapped it when it ran on next boot but i cannot access my registry backup files in ngopt or erund to restore holes left in operating system with extraction.

 

     I didn't know an opportunity to set them prior to start up. cant get to operating system because only working screen presently is spybot.  had previous problems with reoccurring 

 

   W3i.IQ5.fraud

 

     Trying to access system without undoing extraction- took many many attempts to expose and catch it. 

 

     when captured Spy bot also captured

 

 

 

Facebook.Messenger

 

Zango

 

FunWebProducts

 

iCrossRider

 

MyWay.MyWebSearch

 

MyWebSearch

 

W3i.IQ5.fraud

 

Win32.Agent.huut

 

   Any help removing these without releasing them from spy bot, or- help after I release them to re- capture and/ or remove them. 

 

    Hope everyone's having a fun and safe summer. Thanks for droppin in! :-)

 

 

 

 

 

 

 

 

 

 

   



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 19 June 2013 - 04:23 AM

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 24 June 2013 - 12:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users