Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloader.html.agent.ag Found By Kaspersky


  • Please log in to reply
12 replies to this topic

#1 keyteem

keyteem

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 29 June 2006 - 06:47 PM

hi everyone , i came here originally to learn more about my computer thinking i had a small problem ,
i purchased a new compaq sr 1820 nx desktop and after getting online noticed i could update the norton
antivirus and such but the norton security would not update,,,, after retrying found same thing. i noticed strange things happenin and low and behold i ,, after loading spybot and checking startup ,, there are worms
and such on my system! i found thru kaspersky antivirus a TROJAN-DOWNLOADER.HTML.Agent.Ag
caught up in what looks like norton internet security, but looks almost as if it is quarantined?

? can i delete this "temporary norton service" somehow thru my registry and reload a new norton
disc , rescan and see what happens .

when i ran kaspersky and found this i hit the neutralize button but kaspersky reads back
cannot complete- write protected.

am very interested in the HJT and read your prep guide but my system seams to be getting worse
and didn't want to download any more to it untill this is resolved, can i download hjt and run it
then send the log .
i am not sure where to start.
i have avg , it found nothing.
adaware found and removed criticals and also spybot
i did also run norton antivirus after first trying to update it the second time and nothing came back .
am trying it right now one more time .

thank you for any help you can lend
den

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 29 June 2006 - 10:01 PM

Hello keyteem

You said you updated Norton Anti-virus, you found a trojan using Kaspersky anti-virus and then go on to say that you use AVG? Are you using three anti-virus programs?

The concern with using more than one anti-virus program is due to conflicts that can arise from them both running together at the same time in real-time protection mode. Anti-virus software componets insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their defintion databases are the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance.

While operating in real-time mode, each program will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to "False Positives". Further, if one Av finds a virus and then the other also finds the same virus, then both programs will be competing over exclusive rights on dealing with that virus. Each piece of AV software will attempt to seize the offending file and quarantine it. If one AV finds and quarantines the file before the other one does, then you encounter the problem of both AV's wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetivite cycle of endless alerts that continually warn you that a virus has been found.

...didn't want to download any more to it untill this is resolved, can i download hjt and run it then send the log .

You may have to download other tools to get your problem resolved and of course you can download Hijackthis and post a log. But first I suggest you start by removing all but one anti-virus program.

If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Print out the Ewido Install and Scan Instructions.

If this does not solve your problem, then download and run Hijackthis follwing the directions in the Prep Guide which you read. Post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 June 2006 - 05:01 AM

Thanks Quietman7, now that you say it i can see it's not smart to have too many av programs and maybe
this is why now it is running very slow, this makes sense. i am not sure how i missed it or when exactly
norton found the virus,but thats why i added avg and kasper, thinking that cause i "can't update norton
i better have something i can use". the virus is in nortons quarantine and restore file , which i found out last
night, i just don't know if all of it is yet. i will remove avg and kasper tonight after work.

In the quarantine and restore box for norton i can't click on the file and "send
to norton" for analysis. the send is not highlighted.


i will remove all but norton and then follow your suggestion for trying ewido tonight after work

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 30 June 2006 - 05:25 AM

If your having problems with Norton, why not remove it and keep Kaspersky instead? NAV is a resource hog anyway and IMO Kaspersky is more effective.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 June 2006 - 11:12 AM

Yes that might be a good idea , can norton be removed without first repairing that file?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 30 June 2006 - 11:40 AM

I'm not sure what you mean by repairing that file. You mentioned TROJAN-DOWNLOADER.HTML.Agent.Ag was picked up by Kaspersky and looks almost as if quarantined. It probably is quarantined in NAV and these files can be safely deleted at any time.

Norton products can be difficult to remove so read the entire discussion topic How To Remove Your Norton Products"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 June 2006 - 01:28 PM

I have never had a virus before , thats why i was askin if the file could be repaired , but i would just as well delete it if it's ok . thanks
i downloaded install and scan instructions for ewido and noticed
it says it's for win 2k and xp (32bit)
will it be ok to use for 64 bit also ?
thanks for the tip on removing norton.
thank you for your help i really appreciate it

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 30 June 2006 - 03:31 PM

will it be ok to use for 64 bit also ?

No.

Is ewido anti-malware compatible with 64-Bit versions of Windows?

Unfortunately, at the moment ewido anti-malware is only comaptible with 32-Bit versions of Windows.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 June 2006 - 08:08 PM

i will attempt a fix without ewido then,
just got in , working on my new computer now, deleting norton and avg ,
rerun kasperski, spybot , see what shows up.
than you

#10 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 01 July 2006 - 09:11 AM

:thumbsup:
i ran norton uninstall in add/remove , it worked
i uninstalled avg
reran update for kasperski and spybot
kasper this time was able to delete the virus,it wasn't able to before.
reran spybot and repaired what was found
then updated adaware and ran / found 3 citicals / removed them


my system seems ok
thanks for your advice Quieteman7
once again ,it's greatly appreciated!

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 01 July 2006 - 03:14 PM

Your welcome.

Now that your system is clean you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

To protect yourself against malware and reduce the potential for re-infection , you may want to read "Simple and easy ways to keep your computer safe" and "How to Prevent Spyware".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 keyteem

keyteem
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 02 July 2006 - 07:26 AM

Good idea , doing it right now.
thanx for the info links also

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:56 PM

Posted 02 July 2006 - 07:38 AM

:thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users