Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse PSW.Agent.ABKU


  • Please log in to reply
12 replies to this topic

#1 pcrak

pcrak

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 December 2014 - 10:02 PM

Hi there. So i've got an old Dell 5150, running Windows XP. I just took it out of storage to practice on for my comptia A+ certification.  I put AVG, Avast on there, upgraded the MBAM and was able to get a ton of errors off while in Safe Mode. However, when I upgraded AVG to the 2015 version, the trojan PSW.Agent.ABKU popped back up after it seemed like everything was good. I ran a safe mode scan again and was able to bring the total number of errors from down, but just can't seem to get this last little bit off. Also, the only thing that seems to detect this trojan is AVG, could the Trojan actually be attached to AVG or is that not possible?


Edited by pcrak, 08 December 2014 - 10:03 PM.


BC AdBot (Login to Remove)

 


#2 aka_jonny

aka_jonny

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 08 December 2014 - 10:27 PM

I would run Adwcleaner on it....  You can find out how to download and use them under the downloads section.  I had a bugger of a time eliminating some tough malware after MalwareBytes was unable to detect and remove them from a 64-bit version of Windows 8.1 Pro.  I even own and run the fully licensed version of MalwareBytes Pro.  It doesn't get everything; but once I used Adwcleaner I'm confident they are all gone. Additionally, if it's just Windows XP, and it's a Dell (the XP license key should be attached to it), it would be easier to simply format the hard drive and reload XP on it.  An XP installation takes under 45 minutes; just be sure to download SP3 before you apply any security patches.  
 
Good luck!

Mod Edit by quietman7: Removed instructions to run FRST....PROHIBITED Malware Removal advice

#3 pcrak

pcrak
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 09 December 2014 - 12:06 AM

Ok, thanks Jonny, i'll give this a try. Unfortunately I bought this laptop way back in 2004 and have no idea where any of the original disks are to reload XP onto it. 



#4 aka_jonny

aka_jonny

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 09 December 2014 - 01:00 AM

Actually you can get your XP Key using KeyFinder/Magic Jelly Bean, and you can download the ISO image of XP here: http://getintopc.com/softwares/operating-systems/windows-xp-home-edition-sp3-free-download/   You can google Windows XP ISO image and you'll probably find it in a lot of places.  Burn the ISO to a CD and you'll have a bootable XP CD you can use to load using the license key you extracted.  

 

Good luck!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 09 December 2014 - 06:46 AM

aka_jonny...Please read the pinned sticky Instructions for posting advice in Am I Infected

Posting instructions for the use of the following by non-staff members is prohibited in this area, as well as in ALL other areas of the BC forums. This list contains tools and procedures that are forbidden, the instructions for using similar tools or procedures should not be posted here, or elsewhere on Bleeping Computer forums, without prior Staff approval.

  • ComboFix instructions or discussion.
  • HiJackThis, DDS, OTL, ZOEK, RSIT, RogueKiller instructions.
  • FRST (Farbar Recovery Scan Tool).
  • Manual rootkit removal using non-automated and advanced ARK tools (MBRCheck, MBR.exe and Esage Bootkit Remover).
  • Automated registry cleaners.
  • Advanced Registry instruction. Simple registry fixes are permitted but they must be accompanied with a warning to back up the registry first.
    The BC staff will monitor (review) registry fixes and if we determine they are dangerous or incorrect, the instructions will be removed.
  • Custom scripts, batch files.
  • Other specialized fix tools the BC Staff deems untrained members should not recommend for use.
Note: This list is not limited and we may add to it as necessary. These restrictions are in place to ensure that only safe and effective methods are given to members seeking help with a malware problem.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 09 December 2014 - 06:48 AM

I put AVG, Avast on there

See the IMPORTANT NOTE about not using more than one anti-virus program in this topic: Choosing an Anti-Virus Program

It would be helpful if you can advise the specific file(s) name associated with the detection and where it is located (full file path) on your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 11 December 2014 - 05:46 AM

@ prikansymon

Instructions for posting advice in Am I Infected

Posting referral links to non-Bleeping Computer malware removal guides is NOT permitted with the exception of well known security vendors like Kaspersky, Symantec, etc which sometimes release specialized fix tools with instructional documentation. This is because there are far too many untrustworthy and scam sites which mis-classify detections or provide misleading information and poor removal advice. It is impractical for our staff to monitor and review all such guides for accuracy, therefore, we will not permit members helping others to refer to any of them.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 pcrak

pcrak
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 December 2014 - 12:30 PM

I took AVG off of my computer and I'm only using Avast, CCleaner and MBAM and i haven't seen the trojan pop up since. am i good you think?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 17 December 2014 - 02:57 PM

I would recommend doing this for a second opinion.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Enable detection of potentially unwanted applications
    • Enable detection of potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 pcrak

pcrak
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 18 December 2014 - 11:10 AM

I can't run this ESET scanner. Every time I accept the terms and click start it prompts me to install an add-on. When I click to download the add it prompts me to retry then starts me right back at the beginning of the process. I enabled all the necessary active-x controls and it still won't allow me to run it.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 18 December 2014 - 11:29 AM

Do this instead.

Please download and scan with Emsisoft Anti-Malware 30 day trial version.
  • Double-click on the EmsisoftAntiMalwareSetup.exe icon to install.
  • If the setup program displays an alert about safe mode, please click on the Yes button to continue.
  • Agree to the license agreement and click on the Install button to continue with the installation.
  • You will get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
    .
    If you have an existing license key or want to buy a new license key, please select the appropriate option. Otherwise, select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.
    .
  • Emsisoft Anti-Malware will now begin to update it's virus detections.
  • When the updates are completed, select Enable PUPs Detection.
  • Select the Full Scan option to begin scanning your computer for infections.
    scan-selection.jpg
    .
  • When the scan has finished, the program will display the scan results that shows what infections where found.
  • Click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine.
    scan-results.jpg
    .
  • If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.
Note: By default Emsisoft Anti-Malware installs as a free fully functional 30-day trial version with real-time protection. After the trial period expires you can either choose to buy a full version license or continue to use it in limited freeware mode which still allows you to scan and clean infections. The freeware mode no longer provides any real-time protection to guard against new infections. However, even if the trial is still enabled, you can easily turn off all real time protection and just have it running as on-demand scanner only. After the trial period expires nothing really changes except that the options to activate real-time protection are no longer available without purchasing the full version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 pcrak

pcrak
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 18 December 2014 - 11:59 AM

Here's the prompt that I received when I tried to use the Emisoft... 

 

"when running on Windows XP, Service Pack 3 is required"

 

Told ya it had been awhile since I last used this thing! haha



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 AM

Posted 18 December 2014 - 02:20 PM

Ok...lets try this.

 

Please download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.


Be sure to print out and read the instructions provided in:
- How to Install Kaspersky Virus Removal Tool
- How to launch computer autoscan in Kaspersky Virus Removal Tool
  • Double-click the setup file (i.e. setup_11.0.0.1245x11_2012_18-23_13_03.exe) to install the utility.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • The required files will be exracted and installed...be patient as this will take a few minutes.
  • At the 'Welcome!' windows, check the box next to I accept the license agreement and click Start.
  • A new window will open with two tabs (Automatic Scan and Manual Disinfection) and two icons on the right.
  • For a more comprehensive (but longer) scan, click the icon which looks like a round gear...click Scan Scope and place a check mark in the box next to Local Disk (C:). System memory, Hidden Startups and Disk boot sector boxes should already be checked by default.
  • Click on the 'Automatic Scan' tab, and click the green Start scanning button to begin.
  • The time to finish and percentage completed will show as the scan is in progress...Important! Do not use the computer during the scan.
  • If no threats are detected, exit the program. If threats are detected, you will be prompted for action: Disinfect, Delete if disinfection failes.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • When finished, click the rectanular notepad icon > select Detected threats > click on to highlight and click the Save icon to save the results as a text file...name it avptool.txt).
  • Copy and paste the report results of avptool.txt with any threats detected in your next reply.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool.

-- If the above does not work, try a manual scan. If you cannot run this tool in normal mode, then try using it in "safe mode".

NOTE: For Comprehensive report of Automatic Scan > click rectanular notepad icon > select Automatic Scan report > click on to highlight the current and click the Save icon to save the results as a text file...name it avptool.txt).
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users