Need help removing Mal/Agent-E

Welcome to Major Geeks!

Cookies are not problems!Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not. Until you run ALL STEPS including the attaching of logs, you have not followed our instructions.

READ & RUN ME FIRST. Malware Removal Guide


Also tell us what actual problems you are having.

 

You need to attach the C:\ComboFix.txt log from running ComboFix and the C:\MGlogs.zip file from running MGtools. If you ran them previously, the logs will still be there. Otherwise you need to run the programs again.

Also please run this Using BitDefender Online Scanand follow the instructions EXACTLY to create a proper log and attach it. This log (as stated) will contain HTML code and you are just renaming it to have .txt file extension so that it can be attached.

​

 

It does not usually take as long as the initial estimate to run. If you don't run it we will not have a full scan of your whole PC that could report potential problems. However I don't think you have any malware problems anyway so you decide what you want to do.

Your logs do not show any real signs of malware. I just see left overs from multiple antivirus programs that need to be remove and a few other miscellaneous non-malware items. So let's take care of this.

First we will cleanup after Symantec

• Now download and run this Norton Removal Tool (SymNRT)
• Then reboot your PC
• Now run the Norton Removal Tool one more time and reboot again

Uninstall the below software:
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 3
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow?
• Is downloading slow?
• Is running any application?
• Is it also slow in safe boot mode?
• Also are any process showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

What process is showing using all of the CPU?

Your logs show no signs of anything like this or any other malware. Also that particular trojan name is a very vague non-descriptive name used by Sophos. There are no specific files or registry keys indicated and you show no evidence of any trojans being downloaded. However the reason I want to run BitDefender and perhaps a couple other scans is to do more comprehensive scans just to cover all bases. With that in mind, I suggest that you run BitDefender and then also do the below just to be on the safe side.

Run this Running GMER to detect rootkits and attach the log.

Also run this Trend Micro's Free Online Virus Scan and attach a log.

Now run this Using Dr.Web CureIt and attach the requested log.

 

Okay once I see these other logs we may be sending you to the Software Forum since it is not looking like malware. You do need to investigate why C:\WINDOWS\system32\msiexec.exe is always running. This is Microsoft Installer. You may have an incomplete installation of uninstall causing this. Perhaps you should run Windows Installer CleanUp Utility


You should uninstall SUPERAntiSpyware now since we are finished with it.

Also you may want to see what happens if you first uninstall ZoneAlarm and ZoneAlarm Spy Blocker and if no change then uninstall Avira. This is just a test to see if any of these are causing your problems. The can both impact start time and browsing especially ZA. Also the below (from your ISP ) has been known to cause problems. Consider not loading it as you probably do not need it.

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

 

Copy the bold text below to notepad. Save it as fixBJCFD.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

You will have to reboot to see if it has any effect.

How about the log from Dr.Web CureIT?

The GMER log is also clean.

You said browsing is slow! Disable all addons to your browser and see what happens. From IE, click Tools, Manage Addons.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log

• C:\MGlogs.zip

 

No do not run it again since that will erase whatever may have been found the first time. Just rename the file from DrWeb.csv to DrWeb.txt so that it can be attached.

Are you still having problems?

 

Those are just things in System Restore and they cannot be fixed. They will be removed when we get to final instructions.

What problems are you still having? If you are still having high CPU use, what process or processes are using all of the CPU? It is starting to look like malware is not the problem.

 

You're welcome. Yes or possibly the Hardware Forum.

You could try uninstalling ZoneAlarm and ZoneAlarm Spy Blocker as a test to see it it is related to your problems.