Need help with trojan.win32.agent.akk .

Hello, I have read through multiple posts about this apparent malware, I followed the removal sticky on the forums as well. I completed the Read & Run(however despite marking AVG to generate a log even if malware is not found, it is not generating a log). I'm sure you're aware by now, this bothersome pest keeps popping up when I access IE, windows explorer, search functions, msconfig, and many other areas. Firefox seems to protect against the popups though. Any help would be terrific. Below are the requested attachments. If you need me to take any additional steps in providing information to you or cleaning this malware please instruct me. ^_^ I thank you in advance for any response.

 

NT - Double posted on accident.

 

Probably best if I informed you I am running Vista

Also when I ran FixIEDef I get this message:

Again, thanks in advance for any help.

 

Download Registry Search (see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Enter sysvideo32 in the top area of the form and then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.

 

Thanks you for the swift response and the help, I really appreciate what you are doing here. ^_^

Here is the file you requested.

 

Whatever was in that file is unreadable.

Run the search again and this time copy & paste the results of the search to your reply.

 

Here is a raw copy-paste of the results:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 12/8/2007 12:25:24 AM for strings:
; 'sysvideo32'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0459F04A-F7CC-4F98-B66E-E19690702AE4}]
"LocalizedString"="@C:\\Windows\\System32\\sysvideo32.dll,-293"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0459F04A-F7CC-4F98-B66E-E19690702AE4}\InprocServer32]
@="C:\\Windows\\System32\\sysvideo32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0459F04A-F7CC-4F98-B66E-E19690702AE4}\ProgID]
@="sysvideo32.Video"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sysvideo32.Video]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sysvideo32.Video\Clsid]

; End Of The Log...


Again, I can't thank you enough for the assistance.

 

Download a new copy of FixIEDef.zip to your desktop.

Extract the contents of the zip file to your Desktop, over-writing the existing files.

Open the FixIEDef folder. Double-click DisableUAC.reg, answer "Yes" if asked to merge with the registry.

Right-click FixIEDef.bat select "Run as Adminstrator"

FixIEDef will close all instances of Internet Explorer and Explorer. Close all Browser sessions before running FixIEDef, including this one.

Once the batch file has finished running and Explorer has restarted, close the Command Console.

Open the FixIEDef folder. Double-click EnableUAC.reg, answer "Yes" if asked to merge with the registry.

Close the folder.

Rerun MGTools as it did not properly run the first time. Post the logs from produced by MGTools.

 

I believe the problem is now taken care of, I went ahead and ran the scan you requested. Here is the zip file of the logs. Thank you again, you have been a tremendous help. Also, I was curious to know if you accept donations. Thanks again.

 

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Otherwise your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\ComboFix.txt and C:\ComboFix-quarantined-files.txt logs that were created.
3. If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitfraudFix by S!Ri, you can delete the SmitfraudFix.exe file , the SmitfraudFix folder and C:\rapport.txt log that was created.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we used FixIEDf you can delete all the FixIEDef related files and folders from your Desktop.
7. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
8. If we had your run Avenger, you can delete all files related to Avenger now.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
11. If you are running Windows XP or Windows ME, do the below:
    • Go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
12. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

Safe Surfing!