Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Agent.bxy.2 and TR/Agent.66048.153


  • This topic is locked This topic is locked
22 replies to this topic

#1 signofzeta

signofzeta

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 24 April 2014 - 06:04 PM

I am using an windows XP machine and I am looking to do some last cleaning up so I can turn it into a dedicated computer that plays old games that don't work or run poorly on Vista, 7, and 8.  I know whatever viruses I got is not because I used the XP machine after the end of support date, but is something that was already there and would like to get rid of them.

 

I ran Avira and I got:

 

TR/Agent.bxy.2   The file that is associated with this, according to Avira is A0077808.exe

TR/Agent.66043.153  The file tha is assoctiated with this according to Avira is A0077807.exe

 

I already ran avira before and deleted whatever it found, and I ran the scan again after restarting the computer, and what I mentioned above was what I got, and I am going to quarantine them.

 

I want to know what those two viruses do, and how to get rid of them, or if it is worth the effort to get rid of.  Ideally, I would probably try to run the computer in safe mode, run avira again, and then try to delete them, and then boot in regular mode, and run avira to see if avira finds anything.  I will not do that quite yet, as I want your input before using avira the third and fourth time.

 

I will also run malwarebytes quick scan to see if there are any malware left on that computer.  I will delete everything from the first scan and post back what malwarebytes found, after restarting the PC and running the scan the second time.

 

I would like to keep this computer offline as much as possible. I have a laptop running windows vista, and another one running windows 8.  The one running windows 8 is a 12 days old, so I am fairly certain it is clean.

 

I also mention something about restarting my pc and running the scan again. Is there a way to check if there are no viruses or malware without having to restart the PC and run the scan again?


Edited by signofzeta, 24 April 2014 - 06:06 PM.


BC AdBot (Login to Remove)

 


#2 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 24 April 2014 - 07:09 PM

Malwarebytes found nothing after the second scan.  Running Avira scan a third time to see if the two viruses above are detected by avira again.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 24 April 2014 - 08:05 PM

EDIT -

Click the Follow this Topic at the top right of the page so you know if you get any responses .........

 

Ask if you are not sure of any procedure rather than just guessing -

 

Do you have Malwarebytes Anti-Malware Version 2.0.1 installed ??

 

 

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At most the tool will run for about 2 minutes

Post the RKill log back here..

 

 

Important: Do not reboot your computer until you complete the next step.

 

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

If the review looks OK then continue
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE

  • Unzip the contents to a folder in a convenient location. (usually desktop)
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
  • If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

 

 

 

Scan with ESET Online Scan
1. Please go to Here to run the Online Scannner from ESET.
2. Temporarily Disable Your Anti-virus while performing the online scan
3. Tick the box next to YES, I accept the Terms of Use.
4. Click Start
5. When asked, allow the ActiveX control to install
6. Click Start
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click on Advanced Settings and ensure these options are ticked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

9, Click Scan
10. Wait for the scan to finish. This can take quite a while to download the program and then updates for a first scan.

Expect a scan time of 2 hours or so (can be more)
11. If any threats were found, click the 'List of found threats' , then click Export to text file....
12. Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Please post all the requested logs, and a report on how the computer is running now when you are finished -


Edited by noknojon, 24 April 2014 - 08:07 PM.


#4 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 24 April 2014 - 11:54 PM

I have malwarebytes version 1.75.0.1300

 

I ran Avira a third time, and it didn't detect the 2 viruses I mentioned in the opening post, but it did detect three instances of TR/trash.gen

 

TR/trash.gen is found in A0077834.dll, A0077836.exe, and A0077837.exe

 

I tried to search for those three things in my hard drive and I couldn't find anything that resembles those 3 files.

 

I would also have to let you know that that I would like to keep that XP computer offline as much as possible due to the whole XP end of support scare, and I don't want anything new infecting that computer.  The computer is not connected to the internet between the time of the second Avira and third Avira scans.

 

I just want to know if you would do anything different knowing that that computer will not go online, by my own choice.


Edited by signofzeta, 25 April 2014 - 12:07 AM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 25 April 2014 - 01:24 AM

Note : the whole XP end of support scare, is now for life, not for a week or 2.

I just want to know if you would do anything different knowing that that computer will not go online, by my own choice.

If you do not wish to use the offered tools, there is very little that we can do to help you -



#6 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 01:39 AM

Note : the whole XP end of support scare, is now for life, not for a week or 2.

I just want to know if you would do anything different knowing that that computer will not go online, by my own choice.

If you do not wish to use the offered tools, there is very little that we can do to help you -

 

What is the risk of my windows xp computer getting a virus leaked in while running the ESET scan because of the XP end of support?

 

I want to know if it is a better idea to connect the xp computer back online just to run the ESET scan, or just skip the scan and leave the computer offline?  I can probably run the other three programs by downloading them on a clean computer and transfering the files to the windows xp machine.

 

Do these three steps also work on windows vista?  I am looking to see if there are any infections on my laptop as well.  I made a new thread about it.


Edited by signofzeta, 25 April 2014 - 01:42 AM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 25 April 2014 - 02:34 AM

What is the risk of my windows xp computer getting a virus leaked in while running the ESET scan because of the XP end of support?

You must run some programs, or there is nothing that we can do for you !!!!!!!

I have an XP based system so I know what it is like, but you can use it, or just give up .........

 

Do you update your Avira, as this means you need to access the internet to do this ??

 

You have 3 choices - Lock up your XP computer, just continue to use it, or update it to Windows 7.

 

Your choice -



#8 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 06:01 AM

I did update my avira virus definitions and that takes 5 minutes, but what I am afraid of is the ESET scan may take hours, and I think that may be too long for that computer to be online.  Upgrading to windows 7 is not an option, because of one piece of software that runs well on XP, but not so well on Vista, 7, or 8.

 

For this procedure, if the scanner doesn't require it to be online,  I won't connect my PC to the internet.  I will only connect it if the scanner needs to be online, like ESET.

 

I connected the PC online only to download the essential files that you said to download, and then I put it offline.  I then ran Rkill, and now am running AdwCleaner while the PC is offline.  So far, after I click scan, and after a while during the scan the window becomes white, with my cursor being an hourglass.  I don't mean the entire screen, but the window representing the AdwCleaner I opened is fully white.  I will post back in a few hours to see if the scan has been complete or not, as well as the Rkill log.  I am unsure if this white Adwcleaner window means that the program is scanning my system, or if the program is stalled?

 

I opened task manager and adwcleaner isn't responding.  I am going to end the task and re-run the program.  I will post whatever logs you tell me to post.

 

How long does an AdwCleaner scan usually take?  Currently it is trying to search for infected shortcuts.

 

Opened up task manager again, and it says AdwCleaner is not responding.  I am going to let it run, or not run, and leave the window open for a few hours.  If the scan hasn't been complete, I will post back about it.


Edited by signofzeta, 25 April 2014 - 06:21 AM.


#9 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 12:37 PM

It has been around 6 hours and AdwCleaner is still not finished.  It seems the program isn't responding.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 25 April 2014 - 06:11 PM

I also have 1 program that will never run on Windows 7, as it is simply too old and only just works on XP. However, I will continue to use what I have, and ignore most of the Doomsday Predictions. I am actually using the XP now -

 

 

Right click and Delete the edition of AdwCleaner on your desktop, and reload AdwCleaner by Xplode from <= this link.

AdwCleaner should not run more than 5 minutes on any normal day.

 

Now make a choice if you are going to use this as a typewriter, or a general computer for every day use

 

You have almost no chance of any infection while ESET is running, as it is more powerful than your Antivirus.

 

We all need to understand that "End Of Support" for XP systems has not thrown them to the dogs, plus this has been known for years. It is just in the last couple of months that people have finally understood (or think they understand) what it means. Please understand that Microsoft has already given a date for End of Support for Windows 8.1, (and Windows 9 will be out later this year).

 

Do you remember the "Y2K bug" scare as the year 2000 ticked over, and the worlds electronics would all fail ? Or the "Aztec predicted End of World date" ? All passed without any change, well I have decided to treat this in a similar manner.

 

I have installed a decent Antivirus, I run frequent Antimalware scans with Malwarebytes Anti-Malware and SUPERAnti Spyware, and I have installed " W O T " to notify me of sites that are called "suspect" (I already had these installed years ago)

 

Beyond this, I do know of dozens of people that are not even aware of the End of Support (my Doctor still uses XP).

 

So my version still stands, that you can use it as a "Typewriter", or a "Normal" Computer, and just take reasonable care.



#11 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 07:17 PM

Same problem happened.  AdwCleaner hangs and doesn't finish the scan.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 25 April 2014 - 08:00 PM

Hi -

Please download Rkill First (courtesy of BleepingComputer.com) to your desktop.

This can clear the way for other programs to run.

There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not Both of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

There may be an infection blocking any other program from running.

If this will not work, we will need to look at other options for you - Good luck with it -



#13 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 08:07 PM

Rkill log

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/25/2014 08:05:11 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\ehome\RMSvc.exe (PID: 3416) [WD-HEUR]
 * C:\WINDOWS\ehome\McrdSvc.exe (PID: 332) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * MSDTC [Missing Service]

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72,960 : 07/06/2007 04:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 06:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB937894$\mqac.sys : 72,960 : 08/09/2004 11:00 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 07/06/2007 05:05 AM : 157a32ddc6a019a4e31b19d604d2f127 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 01:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/25/2014 08:05:52 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
 



#14 signofzeta

signofzeta
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 25 April 2014 - 08:27 PM

I am attempting to run AdwCleaner again.

 

AdwCleaner does run.

 

The scan doesn't finish though.  It hangs on "Searching for infected shorcuts."

 

Should I disable Avira for now?



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:00 PM

Posted 25 April 2014 - 08:33 PM

Hi -

As I thought, there was / is a few problems showing.

 

Would you please post this up to the next area for the Experts to fix it for you -

It is not due to a small XP problem, but an already installed infection or 2 that needs decent cleaning.

 

As you need more assistance, please Fully read and follow the instructions in the Preparation Guide For Requesting Help starting at Step #6.

 

If you are unable to complete any step, still post the topic and leave a full description of your problems.

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT Here, for assistance by the Malware Response Team Experts.

 

 

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

Click on Follow This Topic, so you do not lose track of your new post, as you may need to allow a couple of days for a reply.

 

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

If HelpBot responds to your topic, please follow his Step #1 so the team will be notified.

 

P.S. Sorry for the small "lecture" on using XP, but if you intend to use this as a normal computer, then you must Bite the Bullet (as they say) and treat it as a normal operating system if you intend to use it on a regular basis.

This was in no way being personal towards "you", but there are still many millions of people who do still use XP on a regular basis, and I do know that most will keep using it for at least a few years .............

Please be aware that the Experts are fully aware of XP situations, and will not put your system at risk -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users