Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.agent.ht


  • Please log in to reply
3 replies to this topic

#1 Rezwalker

Rezwalker

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 15 September 2006 - 09:47 PM

Hello. first of all i would like to apologise for my poor english.
Spyware doctor detects trojan.agent.HT
after removed i have run the application winpfind2.exe to scan my pc for possible other infected elements.
here is the log file.
i will apriciate any answers from advanced users about the analysis.
i would like to know if there are still some infectes elements. thanx in advanced.

Logfile created on: 09/16/2006 04:49
WinPFind2 by OldTimer - Version 1.0.9 Folder = C:\Documents and Settings\stratos\Desktop\New Folder\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Add On's >

>>>>Output for AddOn file TRAgent_HT.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders - No SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders -
DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee} -

KEY - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer - No SUBKEYS
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer -
Explorer\\WebFindBandHook - {68F2D3FC-8366-4a46-8224-58EFA2749425}
Explorer\\FileFindBandHook - {FFAC7A18-EDF9-40de-BA3F-49FC2269855E}
Explorer\\Logon User Name - stratos
Explorer\\ShellState - 24 00 00 00 53 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0D 00 00 00 00 00 00 00 02 00 00 00
Explorer\\CleanShutdown - 0
Explorer\\EnableAutoTray - 0
Explorer\\FaultCount - 0
Explorer\\FaultTime - 0
Explorer\\IconUnderline - ;
Explorer\\SearchSystemDirs - 1
Explorer\\SearchHidden - 1
Explorer\\IncludeSubFolders - 1
Explorer\\CaseSensitive - 0
Explorer\\SearchSlowFiles - 0
Explorer\\Browse For Folder Width - 318
Explorer\\Browse For Folder Height - 288
Explorer\\link - 01 00 00 00
Explorer\Advanced -
Explorer\AutoComplete -
Explorer\AutoplayHandlers -
Explorer\BitBucket -
Explorer\CabinetState -
Explorer\CD Burning -
Explorer\CLSID -
Explorer\ComDlg32 -
Explorer\CopyMoveTo -
Explorer\DataViewSettings-21 -
Explorer\DataViewStream-21 -
Explorer\Desktop -
Explorer\Discardable -
Explorer\FileExts -
Explorer\HideDesktopIcons -
Explorer\HideMyComputerIcons -
Explorer\MenuOrder -
Explorer\MountPoints2 -
Explorer\MyComputer -
Explorer\NewShortcutHandlers -
Explorer\PropSummary -
Explorer\RecentDocs -
Explorer\RunMRU -
Explorer\Shell Folders -
Explorer\ShellImageView -
Explorer\SmallIcons -
Explorer\StartPage -
Explorer\StreamMRU -
Explorer\Streams -
Explorer\StuckRects2 -
Explorer\tips -
Explorer\TrayNotify -
Explorer\User Shell Folders -
Explorer\UserAssist -
Explorer\VisualEffects -
Explorer\Wallpaper -
Explorer\WebView -
Explorer\SessionInfo -

KEY - HKCU\Control Panel\Desktop - No SUBKEYS
HKCU\Control Panel\Desktop -
Desktop\\ActiveWndTrkTimeout - 0
Desktop\\AutoEndTasks - 1
Desktop\\CaretWidth - 1
Desktop\\CoolSwitch - 1
Desktop\\CoolSwitchColumns - 7
Desktop\\CoolSwitchRows - 3
Desktop\\CursorBlinkRate - 530
Desktop\\DragFullWindows - 1
Desktop\\DragHeight - 4
Desktop\\DragWidth - 4
Desktop\\FontSmoothing - 2
Desktop\\FontSmoothingOrientation - 1
Desktop\\FontSmoothingType - 2
Desktop\\ForegroundFlashCount - 3
Desktop\\ForegroundLockTimeout - 0
Desktop\\GridGranularity - 0
Desktop\\HungAppTimeout - 5000
Desktop\\LowPowerActive - 0
Desktop\\LowPowerTimeOut - 0
Desktop\\MenuShowDelay - 400
Desktop\\PaintDesktopVersion - 0
Desktop\\PowerOffActive - 0
Desktop\\PowerOffTimeOut - 0
Desktop\\ScreenSaverIsSecure - 0
Desktop\\ScreenSaveTimeOut - 720
Desktop\\ScreenSaveActive - 0
Desktop\\TileWallpaper - 0
Desktop\\UserPreferencesMask - 9E 2C 07 80
Desktop\\WaitToKillAppTimeout - 20000
Desktop\\Wallpaper - C:\Documents and Settings\stratos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\\WallpaperStyle - 2
Desktop\\OriginalWallpaper - C:\Documents and Settings\stratos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\\WheelScrollLines - 3
Desktop\\Pattern Upgrade - TRUE
Desktop\\ConvertedWallpaper Last WriteTime - FA AF 84 E6 C5 D5 C5 01
Desktop\\SmoothScroll - 1
Desktop\\PrevWallpaper - C:\Documents and Settings\stratos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\\PrevTileWallpaper - 2
Desktop\\ConvertedWallpaper - C:\Documents and Settings\stratos\My Documents\My Pictures\balls_by_letsmac_by_LetsmacLEAR.jpg
Desktop\\Pattern -
Desktop\\LowLevelHooksTimeout - 20000
Desktop\WindowMetrics -

KEY - HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters - No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters -
parameters\\autodisconnect - 15
parameters\\enableforcedlogoff - 1
parameters\\enablesecuritysignature - 0
parameters\\requiresecuritysignature - 0
parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
parameters\\NullSessionShares - COMCFG;DFS$;
parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
parameters\\Lmannounce - 0
parameters\\Size - 1
parameters\\Guid - D5 F0 1C BC 6C A2 79 41 BF 85 14 B4 3B 34 0C A5
parameters\\AdjustedNullSessionPipes - 1
parameters\\hidden - 1
parameters\\AutoShareWks - 0

KEY - HKCU\Control Panel\International - No SUBKEYS
HKCU\Control Panel\International -
International\\iCountry - 30
International\\iCurrDigits - 2
International\\iCurrency - 3
International\\iDate - 1
International\\iDigits - 0
International\\iLZero - 1
International\\iMeasure - 0
International\\iNegCurr - 8
International\\iTime - 0
International\\iTLZero - 0
International\\Locale - 00000408
International\\s1159 - πμ
International\\s2359 - μμ
International\\sCountry - Greece
International\\sCurrency -
International\\sDate - /
International\\sDecimal - ,
International\\sLanguage - ELL
International\\sList - ;
International\\sLongDate - dddd, d MMMM yyyy
International\\sShortDate - d/M/yyyy
International\\sThousand - .
International\\sTime - :
International\\sTimeFormat - h:mm:ss tt
International\\iTimePrefix - 0
International\\sMonDecimalSep - ,
International\\sMonThousandSep - .
International\\iNegNumber - 1
International\\sNativeDigits - 0123456789
International\\NumShape - 1
International\\iCalendarType - 1
International\\iFirstDayOfWeek - 0
International\\iFirstWeekOfYear - 0
International\\sGrouping - 3;0
International\\sMonGrouping - 3;0
International\\sPositiveSign -
International\\sNegativeSign - -
International\Geo -

KEY - HKCU\Software\Microsoft\Internet Explorer\Main - No SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Main -
Main\\LastCheckedHi - 29806502
Main\\ShowedCheckBrowser - Yes
Main\\Check_Associations - no
Main\\Start Page - http://www.google.com.gr/
Main\\FullScreen - no
Main\\Window_Placement - 2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 1D 03 00 00 3A 02 00 00
Main\\Disable Script DebuggerX - yes
Main\\Error Dlg Displayed On Every ErrorX - no
Main\\Error Dlg Details Pane Open - no
Main\\Disable Script Debugger - yes
Main\\DisableScriptDebuggerIE - yes
Main\\Error Dlg Displayed On Every Error - no
Main\\Play_Animations - yes
Main\\Expand Alt Text - no
Main\\Move System Caret - no
Main\\NscSingleExpand - 1
Main\\NoJITSetup - 0
Main\\NoWebJITSetup - 0
Main\\Page_Transitions - 1
Main\\FavIntelliMenus - no
Main\\Enable Browser Extensions - yes
Main\\UseThemes - 1
Main\\Force Offscreen Composition - 0
Main\\NotifyDownloadComplete - yes
Main\\AllowWindowReuse - 1
Main\\Friendly http errors - yes
Main\\ShowGoButton - yes
Main\\Anchor Underline - yes
Main\\SmoothScroll - 1
Main\\Enable AutoImageResize - yes
Main\\Enable_MyPics_Hoverbar - yes
Main\\Play_Background_Sounds - yes
Main\\Display Inline Videos - yes
Main\\Show image placeholders - 0
Main\\Display Inline Images - yes
Main\\Print_Background - no
Main\\AutoSearch - 5
Main\\AddToFavoritesExpanded - 0
Main\\NoUpdateCheck - 0
Main\\Show_ChannelBand - No
Main\\Cache_Update_Frequency - Once_Per_Session
Main\\Do404Search - 01 00 00 00
Main\\Local Page - C:\WINDOWS\system32\blank.htm
Main\\Save_Session_History_On_Exit - no
Main\\Show_FullURL - no
Main\\Show_StatusBar - yes
Main\\Show_ToolBar - yes
Main\\Show_URLinStatusBar - yes
Main\\Show_URLToolBar - yes
Main\\Use_DlgBox_Colors - yes
Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Main\\Use FormSuggest - yes
Main\\FormSuggest Passwords - yes
Main\\CompatibilityFlags - 0
Main\FeatureControl -

KEY - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - No SUBKEYS
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer -
Explorer\\NoDriveTypeAutoRun - 145
Explorer\\ClearRecentDocsOnExit - 1
Explorer\\NosecurityTab - 1
Explorer\\EditLevel - 0
Explorer\\NoFileMenu - 0
Explorer\\NoCommonGroups - 0
Explorer\\MaxRecentDocs - 0
Explorer\\NoLowDiskSpaceChecks - 0
Explorer\\NoInstrumentation - 0
Explorer\Run -

KEY - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced - No SUBKEYS
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -
Advanced\\Hidden - 1
Advanced\\ShowCompColor - 1
Advanced\\HideFileExt - 0
Advanced\\DontPrettyPath - 0
Advanced\\ShowInfoTip - 0
Advanced\\HideIcons - 0
Advanced\\MapNetDrvBtn - 0
Advanced\\WebView - 1
Advanced\\Filter - 0
Advanced\\SuperHidden - 0
Advanced\\SeparateProcess - 0
Advanced\\ListviewAlphaSelect - 1
Advanced\\ListviewShadow - 1
Advanced\\ListviewWatermark - 1
Advanced\\TaskbarAnimations - 1
Advanced\\StartMenuInit - 2
Advanced\\StartButtonBalloonTip - 2
Advanced\\TaskbarSizeMove - 0
Advanced\\TaskbarGlomming - 0
Advanced\\NoNetCrawling - 1
Advanced\\FolderContentsInfoTip - 1
Advanced\\FriendlyTree - 1
Advanced\\WebViewBarricade - 0
Advanced\\DisableThumbnailCache - 1
Advanced\\ShowSuperHidden - 0
Advanced\\ClassicViewState - 0
Advanced\\PersistBrowsers - 0
Advanced\\ServerAdminUI - 0
Advanced\\CascadeNetworkConnections - YES
Advanced\\Start_LargeMFUIcons - 1
Advanced\\Start_MinMFU - 6
Advanced\\Start_ShowControlPanel - 1
Advanced\\Start_EnableDragDrop - 1
Advanced\\StartMenuFavorites - 0
Advanced\\Start_ShowHelp - 1
Advanced\\Start_ShowMyComputer - 1
Advanced\\Start_ShowMyDocs - 1
Advanced\\Start_ShowMyMusic - 1
Advanced\\Start_ShowMyPics - 1
Advanced\\Start_ShowPrinters - 0
Advanced\\Start_ShowRun - 1
Advanced\\Start_ScrollPrograms - 0
Advanced\\Start_ShowSearch - 1
Advanced\\Start_ShowSetProgramAccessAndDefaults - 1
Advanced\\Start_ShowRecentDocs - 2
Advanced\\Start_AutoCascade - 1
Advanced\\Start_NotifyNewApps - 1
Advanced\\Start_AdminToolsRoot - 0
Advanced\\StartMenuAdminTools - 0
Advanced\\EnableBalloonTips - 0
Advanced\\Start_ShowNetConn_ShouldShow - 66

KEY - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - No SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -
Winlogon\\AutoRestartShell - 1
Winlogon\\DefaultDomainName - STRATOS-OTB8936
Winlogon\\DefaultUserName - stratos
Winlogon\\PowerdownAfterShutdown - 0
Winlogon\\ReportBootOk - 1
Winlogon\\Shell - Explorer.exe
Winlogon\\ShutdownWithoutLogon - 0
Winlogon\\System -
Winlogon\\Userinit - C:\WINDOWS\system32\userinit.exe,
Winlogon\\VmApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Winlogon\\SfcQuota - -1
Winlogon\\allocatecdroms - 0
Winlogon\\allocatedasd - 0
Winlogon\\allocatefloppies - 0
Winlogon\\cachedlogonscount - 10
Winlogon\\forceunlocklogon - 0
Winlogon\\passwordexpirywarning - 14
Winlogon\\scremoveoption - 0
Winlogon\\AllowMultipleTSSessions - 1
Winlogon\\UIHost - vistaui.exe
Winlogon\\LogonType - 1
Winlogon\\Background - 0 0 0
Winlogon\\DebugServerCommand - no
Winlogon\\SFCDisable - 0
Winlogon\\WinStationsDisabled - 0
Winlogon\\HibernationPreviouslyEnabled - 1
Winlogon\\ShowLogonOptions - 0
Winlogon\\AltDefaultUserName - stratos
Winlogon\\AltDefaultDomainName - STRATOS-OTB8936
Winlogon\\SfcScan - 0
Winlogon\\DontDisplayLastUserName - 0
Winlogon\GPExtensions -
Winlogon\Notify -
Winlogon\SpecialAccounts -
Winlogon\Userinit -
Winlogon\Credentials -

KEY - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore - No SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore -
SystemRestore\\DisableSR - 0
SystemRestore\\CreateFirstRunRp - 1
SystemRestore\\DSMin - 200
SystemRestore\\DSMax - 400
SystemRestore\\RPSessionInterval - 0
SystemRestore\\RPGlobalInterval - 86400
SystemRestore\\RPLifeInterval - 7776000
SystemRestore\\CompressionBurst - 60
SystemRestore\\TimerInterval - 120
SystemRestore\\DiskPercent - 12
SystemRestore\\ThawInterval - 900
SystemRestore\\RestoreDiskSpaceError - 0
SystemRestore\\RestoreStatus - 0
SystemRestore\\RestoreSafeModeStatus - 0
SystemRestore\Cfg -
SystemRestore\SnapshotCallbacks -

< End of report >

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 16 September 2006 - 08:29 AM

Hello Rezwalker

Is trojan.agent.HT the only thing that was found by Spyware Doctor? Did the scan results look similar to this?

High Trojan.Agent.Ht
Registry
HKCU\Control Panel\Desktop###WallpaperOriginX
HKCU\Control Panel\Desktop###WallpaperOriginY

If so, its probably a false positive as Spyware Doctor seems to flag registry values created for the position of your wallpaper. There have been a number of such reports.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Rezwalker

Rezwalker
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 16 September 2006 - 03:02 PM

Hello Rezwalker

Is trojan.agent.HT the only thing that was found by Spyware Doctor? Did the scan results look similar to this?

High Trojan.Agent.Ht
Registry
HKCU\Control Panel\Desktop###WallpaperOriginX
HKCU\Control Panel\Desktop###WallpaperOriginY

If so, its probably a false positive as Spyware Doctor seems to flag registry values created for the position of your wallpaper. There have been a number of such reports.


Hello quietman7, and thanx a lot for your answer.

No, Spyware doctor detects different file as infected. the file is : HKCU\Software\Microsoft\Internet Explorer\Main##Window title.

do u know if its serious? :/

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 16 September 2006 - 04:00 PM

I have not seen that reported as a FP. Spyware Doctor may just be flagging a registry remnant left behind from previous cleaning. Have you performed any other anti-spyware scans? Are you experiencing any specific types of problems?

Try an online scan with BitDefender Online Virus and Malware Scan or eTrust Antivirus Web Scanner. Be sure to read the eTrust Antivirus Scanner Help Guide before scanning.

and see if it identifies anything.

Edited by quietman7, 16 September 2006 - 04:02 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users