Am I infected with Win32.Trojan.Agent?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by talsilo, Jun 6, 2008.

  1. talsilo

    talsilo Private E-2

    Till two days back, my computer showed no signs of being infected by any Malware. But when I ran Ad-Aware, it showed the presence of Win32.Trojan.Agent and files like soundmix.exe and zipexr.dll. I naturally deleted these infections. Then a strange thing happened. None of my applications were opening. Each time I was getting the 'Open with' dialogue whenever I tried to open any application. I should also mention here that AVG free (ver 8.0) was not showing any trojans before. I am not sure whether there actually was a Malware/virus, or whether Ad-aware removed some important files.

    I tried to start in safe-mode and use System Restore, but it was not going into safe mode. I had no other option but reinstall Windows. Which I did without formatting the drive, so that contents outside C:/windows were safe. I then installed all my apps, and this afternoon when I ran Ad-aware, it showed nothing. But now when I ran Ad-aware, it again showed Win32.Trojan.Agent. Tho only difference this time, was that it showed the infections in 'System Restore files'. However I was scared to delete it this time. So I shut off 'System Restore' and then ran Ad-Aware again. Surprisingly it again showed in 'System Restore'. I was under the opinion that switching off System Restore deletes all previous points.

    As suggested here, I ran FixIEDef, and it showed nothing. I also ran Spybot S&D and again it showed nothing. I ran VundoFix, and it too showed nothing. While googling for Win32.Trojan.Agent, I found that F-secure disinfects it, so i am currently downloading that and checking with it. I'll update when I have run it full.

    Any idea whether I shd follow some more steps or just forget abt it? Thanks.
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    If suspecting malware then the below is well worth running and attach the requested logs as the malware experts here will know if your still infected or not,


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. abri

    abri MajorGeek

    Hi talsilo,

    How did things work out with F-Secure?

    abri
     
  4. talsilo

    talsilo Private E-2

    thx abri for your interest.

    F-secure did not show any infection. Neither did SuperAnti-spyware. I created a system restore point with the hope that at least now the previous SR points will be deleted. Ran Ad-aware, and Win32.Trojan.Agent was there again. One surprising thing was that, it was getting detected only under 'Full scan' and not under 'Smart scan'. One presumes that during 'smart scan' the system areas are checked, but apparently it doesn't seem so.

    I then remembered that Ad-aware is showing the infections in the sytem restore folder, and hence there is no risk of system crashing if i delete them. So i deleted them, and fortunately nothing happened. I have run ad-aware a couple of time after that and it has not show any infections. So, currently i presume things are under control, and am closing my case :)
     
  5. abri

    abri MajorGeek

    Hi talsilo,
    That sounds like it was the case. If the infection was only in SR and you cleared the previous points, it won't show up in the scans anymore. Please be sure to check any external drives you have.
    If you need any further help, just post again.
    Thanks and good luck to you.
    abri
     
  6. talsilo

    talsilo Private E-2

    Yes, abri. But even AFTER clearing SR points, Ad-aware was showing it in SR (as mentioned in my first post). That is something I did not understand.
     
  7. abri

    abri MajorGeek

    Hi talsilo,

    Infections returning to system restore can mean that the files creating the infection are still on your computer. Or if your computer is clean and you clear all your restore points and then use an external drive (flash drive or cd) which is infected, your restore points can get reinfected.

    The only way for us to know this is to look at your logs. In the instructions, we ask that you not clear the system restore points until after finishing here. There are some occassions where it's better to have even an infected restore point than none at all.

    abri
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds