Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent Ht


  • Please log in to reply
4 replies to this topic

#1 Lizzie3278

Lizzie3278

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 17 September 2006 - 03:47 AM

Hello

In spite of having an up to date mcafee antivirus package & firewall I got a number of trojan & backdoor viruses which deleted everything. I have done an F10 - destructive system restore which I believe partitioned the hard drive back to factory settings.

Spyware doctor & Mcafee now say the pc is clean but its slow and sometimes the icons won't open the programs. What worries me the most is that every couple of days Mcafee says the pc is part of a network, which it isn't, & even gives me the details of the gateway, mask & MAC address, whatever those mean.

So I am convinced its still infected. What do I need to do to be sure please ?

Many thanks

Lizzie

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 17 September 2006 - 08:05 AM

Hello Lizzie3278

Is trojan.agent.HT the only thing that was found by Spyware Doctor? If so, its probably a false positive as Spyware Doctor seems to flag certain registry values it thinks is related to this. There have been a number of such reports. If McAfee is also picking up on it then you may need to do further investigating.

If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Be sure to print out the Ewido Install and Scan Instructions.

Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.
Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.
[DO NOT choose the option to install TeaTimer]
Note: If you encounter any error messages while downloading the updates, manually download them from here.

Then perform this online Virus scan:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Lizzie3278

Lizzie3278
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 09 October 2006 - 03:58 PM

Hello quietman7

Thank you so much for your detailed & so helpful reply. Believe it or not I have just today got round to sorting this problem - been working away here but doing internet banking on a friends pc.

Well...........I've run all 4 spyware programs that you suggested & all came out with just adware, Mcafee says the pc is clean too. Bizarrely, when I delete all the adware in one program it shows up again on the next. Having deleted everything ewido, ad-aware & winsos found.......spyware doctor then found 637 security issues ??

So, I guess I have to assume that the pc is now clean but I am still really spooked by the messages I got from Mcafee for 3 days after the trojans telling me the pc was part of a network. The messages gave me the gateway, mask & MAC address. I took that to mean that some lowlife was able to access my pc.

I guess I now have to bin the pc & buy another or just assume its OK for internet banking ??!!

Thanks again

Lizzie

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 09 October 2006 - 04:21 PM

Spyware Doctor may have found items that Ewido, Ad-Aware and any other anti-malware program you used already removed/quarantined if they were not permanently deleted. This is common with some anti-malware programs and you can usually tell by looking at the path location of the entry it is flagging whether that is the case. If your scans are not finding anything else you should be ok.

Don't assume your pc is ok for online banking. A backdoor Trojan that infects your system can be dangerous. Because your computer was probably compromised by a remote attacker please read Danger: Remote Access Trojans and How to report ID theft, fraud, drive-by installs, hijacking and malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Lizzie3278

Lizzie3278
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 10 October 2006 - 08:59 AM

Thanks again quietman7.

I read the pages you suggested but am now out of my depth if checking open ports is required.

I did wonder if I am just being paranoid - after all Mcafee did flag up apparent access attempts and allegedly block them. Guess its best to be safe not sorry when you bank & purchase with your pc.

I have contacted a local pc guy & will keep you posted.

Regards

Lizzie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users