Dropper Agent.GIT

Discussion in 'Malware Help (A Specialist Will Reply)' started by koila, Dec 30, 2007.

  1. koila

    koila Private E-2

    i am posting the report generated by fixwareout.exe

    someone please help.
    My computer has been attacked with Trojan Horse Dropper.Agent.GIT

    My AVG antivirus doesnot startup on boot.
    explorer.exe isnot working.
    I cannot see my files an folder.
    My desktop disappeared.


    ------------------------------------------------------------
    Username "Owner" - 30/12/2007 11:50:15 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SigmatelSysTrayApp"="stsystra.exe"
    "IntelZeroConfig"="C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"
    "IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
    "igfxhkcmd"="C:\\WINNT\\system32\\hkcmd.exe"
    "H2O"="C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"
    "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe"
    "CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\EN\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=011408 serial=DR12WES-3007622-EUW lang=EN"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
    "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
    "ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"
    "ATnotes.exe"="C:\\Program Files\\ATnotes\\ATnotes.exe"
    "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
    "BitTorrent DNA"="\"C:\\Program Files\\BitTorrent_DNA\\dna.exe\""
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\""
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
     
    koila, Dec 30, 2007
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    DavidGP, Dec 30, 2007
    #2
  3. koila

    koila Private E-2

    ComboFix 07-12-21.4 - Owner 2007-12-30 16:24:53.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
    Running from: C:\My Documents\Downloads\ComboFix.exe
    * Created a new restore point


    Edit by chaslang: In line log from ComboFix removed.
     
    Last edited by a moderator: Dec 31, 2007
    koila, Dec 30, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must follow ALL of the instructons that Halo gave you and attach ALL of the logs. PLEASE do not post your logs inline like you did. You must attach logs as requested in the READ ME. See this: HOW TO: Attach Items To Your Post

    You will need to attach your ComboFix log because the inline one is removed.
     
    chaslang, Dec 31, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds