Can't get rid of trojan.win32.agent.cs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by david_i, May 20, 2005.

  1. david_i

    david_i Private E-2

    Ehm, maybe I can hi-jack this thread, or is it more suitable to start a new one?
    I got the same problem as Emily with the Win32/Agent.CS trojan.
    A antivirus warning comes up in NOD32 all the time that the file C:\WINDOWS\system\binanti.dll is infected.
    Gash, I hate that binanti now.

    I've tried all the conventional ways that i know of but hasn't been able to delete the file. I've also followed your guide of how to delete a spyware but it doesn't work. Then I read at another forum that it might be the Vundo B so i tried to run a fix for that from Symantec in safe-mode but it couldn't find anything.

    NOD32 says in a comment that "The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.", if that's to any help.

    I'm a (un)happy amateur in this area but maybe it's possible to solve it the same way as Emily did. I've downloaded HiJackThis and that Processthing that was linked to earlier in the thread, but when it isn't the same file that is infected I guess it can be executed the same way.

    You got any ideas of what to do? Should I post attach a logfile from HTJ?

    Thanks for any future help.
    /David
     
  2. david_i

    david_i Private E-2

    "REGEDIT4
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1] "

    I think I can be able to sort this out by myself. The logfile of hijackthis was almost the same as Emilys with the same problems at O2 and O20 only it was my binanti.dll instead.
    I will try to follow the instructions in post #22 but I'm only wondering if the Regedit fix should be the same for me even though it was a different file that was infected?
     
  3. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    david_i,

    From now on please create a new thread for your problem instead of posting in someone elses thread. This causes confusion among users. I have created a new thread for you this time so post in here from now on.



    Now, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    After doing ALL of the above if you still have a problem:


    [​IMG] Download HijackThis 1.99.1

    [​IMG] Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    [​IMG] Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    [​IMG]Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    [​IMG]Run HijackThis and save your log file.

    [​IMG] Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    [​IMG]Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
  4. david_i

    david_i Private E-2

    Ok. I only thought my problem seemed to similar to the other users.
    But now it works anyway!
    I followed the instructions in the other thread and my computer runs perfectly.
    Thanks a lot for the help!
     
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Trojan Vundo is a real baddie, it can also bring along some other infections. I would post a HJT log just to confirm your clean.

    Its up to you though!
     
  6. david_i

    david_i Private E-2

    Sure. It should be nice to hear some expert thoughts.
    Maybe you can find some other faults on my computer, I guess there are plenty of them.

    Here it comes.
     

    Attached Files:

  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Are you familiar with hattriX?


    Scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat (file missing)

    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

    O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NEXT:
    Run CCleaner

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.


    After you complete the above REBOOT, Scan with HijackThis and attach the new log.
     
  8. david_i

    david_i Private E-2

    I've done that now and it seemed to work fine. The log-file looks good as well.
    But now, I think when I ran CCleaner some other problems have appeared.
    For one, I can't click on the Manage Attachment button - nothing happens.
    And I can't connect to my Gmail-account.

    Edit: I'm using Firefox.
     
  9. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Did you run the third scan with CCleaner? Wha version of FF are you running?
     
  10. david_i

    david_i Private E-2

    1.0.3
    What do you mean with the third scan?
    I emptied the cashe and now I managed to get into gmail anyway.
    And I could attach the file as well, great.

    So here the HJT-scan comes, it looks alright to me I think.
    I'm just wondering what the VTtimer.exe is? Is it something I can remove maybe?
     

    Attached Files:

    • hj2.txt
      File size:
      3.6 KB
      Views:
      1
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Regarding your FF version, there is a security hole that was recently found. I would recommend updating to version 1.0.4

    The scan I was talking about, the third scan, the registry cleaner.

    Mozilla Firefox 1.0.4

    The file VTtimer.exe is related to VIA Graphics Card Driver and should not be removed UNLESS you think its causing problems.

    Now, Scan with HJT and have it fix the below entries:

    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)

    After you fix the above entries, your log will be clean!

    Are you having any further problems?
     
  12. david_i

    david_i Private E-2

    Ah, Thanks a lot mate. You've been really helpful.

    Actually I got two other problems that annoyed me for quite a time but I'm not sure this is the right thread for them.
    I think the first one appeared either when I got this spyware problem or when I used CCleaner the first time. The problem is I can't use the search function in the start menu. The start menu freezes and then nothing happens. After a while it goes back to normal.
    The second problem is I can't view .jpgs with FireFox that are embedded into webpages. This worked before but not anymore.

    But i guess I should post those issues in another thread?
    Thanks again
    /David
     
  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Yes, This is a issue for the Software Forum. You can post your problem in the Software Forum or I can move this thread into the Software Forum for you.

    Let me know!
     
  14. david_i

    david_i Private E-2

    I'll post a new thread there. Cheers.
     
  15. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Okay!

    Good Luck!:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds