New Trojan Trojan-Downloader.Win32.Agent.cf

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by alonge, May 1, 2005.

  1. alonge

    alonge Private E-2

    My FSecure has found a trojan (Trojan-Downloader.Win32.Agent.cf)
    it puts an executable file in c:\WINNT\System32 called Conveqrt.exe
    FSecure is unable to rename or delete it, and neither can I.
    I have run every tool recommended by this site, which most were the tools I have been using regularly anyway, but to no avail. I have been able to remove it from the start-up-Thank god. What a pain it was until I could do that, as FSecure kept popping up every minute or two to try to get rid of it. I am not sure what it does, or even if it does anything but be a nuisance for my anti-virus program.
    I am unable to find any information out there on this particular malicious code.
    Has anyone heard of it or know what I can do to remove it?
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL the steps (including the online scanners) in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    and you still have a problem, follow the steps below.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
  3. alonge

    alonge Private E-2

    I have an updated hiJack this and I have already removed the trojan from my startup files and it does not appear in my log file for HiJack this. It actually won't come up at all since I prevented it from starting up, but it is still present on my hard drive and neither FSecure or I can remove or rename it. If I do a virus scan, FSecure will find it each and every time, but is not able to do anything with it. There must be a way to remove it. I just can't find any information out there on it.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please complete my instructions and if you are using msconfig to disable anything from loading at startup, then run msconfig and select Normal Startup. Then reboot. Do this before posting the requested HJT log. We need to see all items that could load at startup to determine what has to be fixed.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds