Help : Can't delete Trojan horse TR/Agent.CS

Discussion in 'Malware Help (A Specialist Will Reply)' started by pebbles, Nov 1, 2005.

  1. pebbles

    pebbles Private E-2

    Hello

    I have scoured your forums trying all sorts of different things but still cannot delete the file MSABR.DLL which is linked to the Trojan horse TR/Agent.CS

    I did all the things recommended and ran all those programs, I've been starting in safe mode, unplugging from the internet, disabling system restore etc but cannot delete it.

    I've also run the fxvundob.exe & FixVundo.exe programs (in safe mode).

    Microsoft Anti Spyware & Anitvir both find the trojan but can't delete.

    I even tried deleting in regedit but no use.

    I attach the hijackthis report.

    I'm lost now and would hugely appreciate any help people can give, I've tried everything I can think of now!

    Thanks
     

    Attached Files:

    pebbles, Nov 1, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's cover in our sticky threads. The Special Removal Procedures sticky has think link for you: Virtumonde aka Trojan Vundo Fix w/ Tool

    But are you sure you tried the newest version of Symantec's tool? It has been working if the below procedure is followed.

    These steps must be run exactly as specfied.

    1) Download this Symantec Trojan.Vundo Removal Tool to a location where you can find it later
    2) Make sure you do not run anything but what is specified. DO NOT OPEN any browsers during this process below so print or save these unstructions locally so you know what to do while offline.
    3) Boot into safe mode and physically unplug your cable to the internet
    4) Run the fixvundo.exe tool downloaded above and save the log
    5) Immediately reboot in normal mode and run the fixvundo.exe tool again. Save the log.
    6) Immediately reboot again into normal mode and now reconnect your cable to the internet.
    7) Now open a browser and come back here and post your logs from running fixvundo. Also tell me how these steps went. Any problems?
     
    chaslang, Nov 1, 2005
    #2
  3. pebbles

    pebbles Private E-2

    IT Worked!!!

    Thanks so much for your help. I ran the initial suggestion, which allowed me to delete the 2 files, then only one appeared in hijack this and I deleted it.

    As instructed, I then ran the second fixin safe mode and in normal but it didn't find the trojan and didn't generate a log so I can't post here.

    Thank you so much for helping and so quickly, I don't know what I would have done! You're the best!!! :) :) :) :) :) :) :) :) :) :)
     
    pebbles, Nov 2, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    chaslang, Nov 2, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds