Troubled by Win32:Agent-VM-logs incl. pls. help

Avast! reports infections of Win32-Agent VM and Win32-{UPX}, my coworkers are upset because they're getting NOD alerts on theirs, and naughty "setup.exe"'s are being written under my account name to all public spaces on the network

I did the steps per the readme, Bit Defender finds:
Neysky
Proxy.Horst.CG
Start-Page
Zlob.gen


But after steps 1-7 in the "Read and Run Me..." steps, Avast is still alerting me of Win32:Agent-VM..

The 5 logs are attached, your help is much apprecaited, and might even save my @ss. Thanks!!

 

The rest of the logs are here, thx

 

Bitdefender seems to have removed all the files it found.

You say this is a work computer.. What sort of network setup do you have? How many workstations and what server setup.

If other workers are complaining of infections then this is probably a 'network aware' infection and could be difficult to fix as if more than one computer is infected the infection will keep returning to a 'clean' computer from one of the others.

I see you are running avast, is it working properly HJT reports that it is missing some files but this may be an FP.

What is the folder c:\public used for ? is it a share on the network, there is one of the setup.exe files in there but without more information I cannot tell you if it is bad or not.

Are you aware you are running a webserver, there is a setup file in their too.

I suggesst we rename them for now incase they arn't bad.

Do you recognise this domain name : yuco.hk

Do you have mysql installed on this computer?

Do you have any idea what the following folders are

In Add/remove programs uninstall the following

As you have said this is a work computer you should also consider uninstalling the following, Does your system administrator know you are using torrent clients and p2p clients? Chances are this is where the infections came from. It looks to me like you work for a graphic design/animation type company and the programs seriously degrade the performance of your computer.

The installed version of Java on this compter is out-dated.
Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp.
Uninstall all older versions of Java on your computer, before installing the latest version of Java.


Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Now boot into SAFE MODE

Open Windows Explorer navigate to and RENAME the extensions of the following to .ddd

EG setup.exe would become setup.ddd

Open Windows Explorer navigate to and Delete the following

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



REBOOT to Normal Mode.

Post a fresh HijackThis log, fresh shownew log.

 

Thanks for your quick response,

--Done
Many thanks again!
---------------------------
"Donuts!! Donuts from Heaven!!!"

 

Any improvment in the way things are running now ? The setup files don't seem to have come back and your hjt log looks clean

 

Thank you very much for your help, I think I'm in good shape now.

After the last steps I ran Bit Defender, Activescan and Full Avast! scans again, only thing that showed up was 4 infected files in c:\recycler\(bunch of numbers) I supposed those were deleted from previous cleanings and I let Bit Defender cleaned them. As of now my PC is back on the network and everything seems normal. Will be more careful in future.

 

The recycler folder is where the recycle bin stores files that have been deleted, just empty the recycle bin in the normal manner or use ccleaner.

There some good tips in here for what you could do to stop it happening again How to Protect yourself from malware!