Proxy-Agent.g

I have Xoftspy (antispyware program) and it has detected a trojan called Proxy-Agent.g The location wass at windows/system32/spoolsv.exe and the description is "Unexpected connections to the ip range of 204.209.184, attempts to disable AV software." I searched the name on google and mcaffe seem to know about it, but the av software I have does not detect it.

Xoftspy is unable to remove it since it comes up everytime I run the scan. Spybot, Ad-aware, MSantispyware, Housecall, A-squared, AVG and Avast! have not detected anything. I have not run the online trojan scanner yet because it was last updated last year and this trojan was reported this year apparently. (?) So I woud like to know how I can remove it, or if Xoftspy has made a mistake.

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

I just ran Xoftspy again after it updated itself, and it's not detecting proxy-agent.g anymore. I"m not sure why's it's gone but perhaps it's because I deleted a couple of things with HijackThis! last night, a rundll32.exe ptibum thingy that sysinfo's list of startup programs said was unneccesary, and an unidentified O2 entry. I can't get symantec's online security check to work even though I have an up to date IE with medium security settings for some reason. I'm probably in the clear but here's my logfile anyways.

 

Its not anymore but, Xoftspy was on a list of rogue antispyware programs. Personally, I would stay away from Xoftspy as it has been known for false detections, but its up to you!

Also, you are running AVG & Avast! AntiVirus. You need to pick between the two and uninstall the other, because running two antivirus programs will cause conflicts on your computer.

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


NEXT:
Just to be sure we got this thing, lets run the below online scans.

TrendMicro Online Scan
Symantec Online Scan
Panda Online Scan
RAV AntiVirus Online Scan
ComputerAssociates Online Scan
Bit Defender Online Scan
Command On Demand Online Scan
Freedom Online Scan
AhnLab Online Scan
PCPitStop Online Scan


After you complete ALL of the above, reboot and post one last HJT log.

 

Hey, thanks for helping Bjgarrick. I followed the instruction regarding the w-find thing.
But later on, when I used hijack this it had come back, this time as two entries. I tried running microsoft anti spyware again this time selecting the deep scan option and it found a possible browser hijack item.
After that had been deleted I followed the previous instructions, (fixed the w-find entry in hijack this then ran CCleaner then rebooted)
As of current it seems to be gone.

I couldn't get the symantec online scan to work. Avast! wouldn't let me do the panda scan as it thinks it has a virus. But I completed all the other scans, and they were all virus free results.

 

Your log is now clean! Now you need to surf into Windows Updates and get updated. Be sure you install Service Pack 2 for security purposes and get all critical updates.

Are you having any further problems?