Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan. Agent.Ai keeps returning!


  • This topic is locked This topic is locked
9 replies to this topic

#1 IcedPrincess89

IcedPrincess89

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 13 June 2015 - 05:10 PM

My malwarebytes has detected a trojan named Trojan.Agent.Ai multiple times. I have deleted it with MBAM and restarted computer, only for it to find it again hours later. I am using Avast free version and MBAM. I have also use adwcleaner which found nothing and rogue killer. I have read about this virus and it worries me because I have logged into my bank account and other sites that use my personal information.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:51 AM

Posted 13 June 2015 - 05:21 PM

Hello,

 

can you tell us the file path? In which folder it was found?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:51 AM

Posted 13 June 2015 - 05:24 PM

Also, I see that you have already started topic here: http://www.bleepingcomputer.com/forums/t/579088/redirect-virus-cannot-upload-logs/#entry3731658, and you are waiting for answer. So, I don't think that you should search for help elswhere. 

Also, you must copy FRST log there again, it is not complete. 


Edited by severac, 13 June 2015 - 05:25 PM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#4 IcedPrincess89

IcedPrincess89
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 13 June 2015 - 05:28 PM

I will find out the file path for that, but in regards to your second comment. It would not let me put the log in. I tried to paste the text and it said "content too long". and when i try to upload the log it times out with an error saying website offline.



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:51 AM

Posted 13 June 2015 - 05:29 PM

Then try to write in two or more messages. Split it. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 IcedPrincess89

IcedPrincess89
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 13 June 2015 - 05:30 PM

file path is C:\Users\Ashley\AppData\Local\Temp\Quarentine.exe


ok will try that now



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:51 AM

Posted 13 June 2015 - 05:33 PM

It is false positive. 

 

https://forums.malwarebytes.org/index.php?/topic/164916-possible-false-positive-quarantineexe/

 

That file is created by AdwCleaner.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 IcedPrincess89

IcedPrincess89
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 13 June 2015 - 06:03 PM

I am just really worried about everything that is happening with the remote access.

Temporarily prioritize this connection only:
local: [fe80::f5a0:b1cc:c475:4205]:55494
remote: [ff02::1:3]:5355

Temporarily prioritize protocol: DNS_C
Temporarily prioritize program: routed
Temporarily prioritize program & protocol: routed / DNS_C

there are 5 or 6 instances of this happening at all times

 



#9 IcedPrincess89

IcedPrincess89
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 13 June 2015 - 06:06 PM

and this stuff that is in a network folder under my profile name <?xml version="1.0" encoding="UTF-8"?>
<xbel version="1.0"
      xmlns:bookmark="http://www.freedesktop.org/standards/desktop-bookmarks"
      xmlns:mime="http://www.freedesktop.org/standards/shared-mime-info"
></xbel>



#10 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:51 AM

Posted 13 June 2015 - 06:09 PM

Hello, please stay with your Malware removal topic in the other forum, a helper will be able to help you secure your system and remove any malware that exists, you need to stay with that topic however and not make any changes until told to do so by a Malware Response Team member, this way the helper doesn't have any surprises when asking you to make a change. 

 

I will now close this topic to avoid any confusion and have you continue with your topic here: http://www.bleepingcomputer.com/forums/t/579088/redirect-virus-cannot-upload-logs/

 

If you have any other questions please ask the helper in that topic. :) 


sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users