long standing problem with malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by dereks, Jun 19, 2007.

  1. dereks

    dereks Private E-2

    This one of the computers I have used at work. As such, other people have had access to it, and it has been on a local network.
    Various programs have indicated trojans for some time which I have tried to get rid of, but I still get alerts from AVG. Also, my AVG firewall gets shut down immediately after bootup now. AVG was no help.
    AVG doesn't seem to detect trojans very well either. I ran spyware doctor which found Trojan.Dropper.Agent.BFD x 4 infections and
    Trojan.Downloader.Agent.AZR x 1 infectioin.
    I did not pay to have them removed.
    I went through your proceedure as directed, and am attaching the 5 logs.
    I would greatly appreciate any help offered.
    Derek
     

    Attached Files:

    dereks, Jun 19, 2007
    #1
  2. dereks

    dereks Private E-2

    Here are the other requested attachments
    Thanks
     

    Attached Files:

    dereks, Jun 19, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please see step 3 of the READ ME which you appear to have ignored. You have Avast, AVG7, and possible a Norton Antivirus program if one was included in Norton SystemWorks 2003 or Norton Utilities 2003. Also do these Norton tools include a firewall???? Uninstall ALL but one antivirus program and then reboot.

    Are you using a paid version of AVG or a free trial? It also is out of date. AVG is on version 7.5

    Then attach new logs from ShowNew and HJT and tell me what problems still remain.
     
    chaslang, Jun 19, 2007
    #3
  4. dereks

    dereks Private E-2

    Avast uninstalled
    AVG is 7.5 with firewall (which deactivates after bootup)
    Norton Systemworks only, no Norton AV installed
    No Norton firewall
    AVG is paid version. It has been updated constantly and was updated again. It is version 7.5
    AVG ran as it always does with no detections.
     

    Attached Files:

    dereks, Jun 20, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run HijackThis and select the below line and then close ALL browsers before clicking Fix checked:

    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe

    After click Fix checked. Exit HJT.

    Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment



    Now attach new logs from ShowNew and HJT.


    Okay but your logs show it to be version 7.1. Perhaps you should uninstall the program, reboot, and then reinstall the real 7.5 version. This may resolve your issues with the firewall deactivating if the above HJT fix has not changed anything.
     
    chaslang, Jun 20, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds