Spy-Agent.n

Discussion in 'Malware Help (A Specialist Will Reply)' started by paulgardam, Oct 4, 2006.

  1. paulgardam

    paulgardam Private E-2

    Hi, I have the problem of the spy-agent.n trojan and have followed every step in your READ & RUN Me post but nothing seemed to work. McAfee states that 'The file c:\windows\system32\winlogon.exe is infected by the spy-agent.n trojan and cannot be cleaned.'

    I have read other posts by people who've had this problem but to no avail. The only success I had was with bitdefender - it found then cleaned/deleted the winlogon.exe file : c:\windows\system32\dllcache\winlogon.exe.

    For some reason PandaActiveScan didn't offer me a report afterwards - but then it didn't find anything anyway.

    Attached are 3 of the logs. I will attach the rest in another post. If anyone sees anything that I or the programs have missed it would be very much appreciated.

    Thanks
     

    Attached Files:

    Last edited: Oct 4, 2006
    paulgardam, Oct 4, 2006
    #1
  2. paulgardam

    paulgardam Private E-2

    .... and here are the other 2 logs (Attached) from bitdefender and counterspy.
     

    Attached Files:

    paulgardam, Oct 4, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Things that infected winlogon.exe can be trouble to remove. Let's try somethings that may work. Download and installTrojanHunter then run a scan but MAKE SURE you run the scan after booting in safe mode. Let it fix what it finds.

    Let me know the result!

    Also do you know what the below files in the root folder of drive C are that were created on Oct 4th. They seem suspcicious:
    Code:
    C:\
361101~1.exe   4 Oct 2006        2560  "36110103225.exe"
5.doc          4 Oct 2006       48128  "5.doc"
msupd01.exe    4 Oct 2006        2560  "msupd01.exe"
msupd02.exe    4 Oct 2006       22528  "msupd02.exe"
     
    Last edited: Oct 5, 2006
    chaslang, Oct 5, 2006
    #3
  4. paulgardam

    paulgardam Private E-2

    Hi and thanks for your reply.
    5.doc is innocent. It's acually one of the logs that I didn't rename. I'll have a look at the others and get back to you.

    I think I may have found a quicker (and remarkably simple) fix for anyone who has the spy-agent.n trojan infecting winlogon.exe. It may even solve all winlogon.exe problems.
    I basically just put my windows cd in, selected 'install windows' and then selected 'upgrade'. The computer then did it's own thing for about 30 mins. When windows came back up I had no pop up from McAfee and none of the other programs that found anything before found anything this time.

    I'll give it a few days to see if all is indeed as it now seems.

    Could it really be this simple?
     
    paulgardam, Oct 6, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes and no! When you do this, you revert your OS back to the level of the CD that is being used. Thus your PC may now need a load of updates from Microsoft. For people who have already upgrade to Window XP SP2 but only have a Windows CD from XP or XP SP1, they could be spending days (especially if on a dialup connection) getting there updates installed again.

    You have been able to use Trojan Hunter to fix this.

    Or you could have just booted to the Recovery Console and replaced the two infected winlogin files with an uninfected copy from either your CD or from an i386 folder on your hard disk where backups of the OS are typically stored.
     
    Last edited: Oct 8, 2006
    chaslang, Oct 7, 2006
    #5
  6. paulgardam

    paulgardam Private E-2

    Didn't hink of the recovery console admittedly. Trojanhunter failed to clean the infection although it was only one of 4 (Mcafee, bitdefender, AVG, trojan hunter) that managed to at least detect it. All other programs failed in that regard - panda, sophos, counterspy, spybot, Ad-aware SE to name but a few.
    I admit that if you don't have a fast internet connection it could take forever to download all the pre-SP2 updates. Lets just say that this fix is for those with a recent copy of WinXP SP2 or the incredibly patient!
    Thanks to everyone for all your help all the same.
     
    paulgardam, Oct 7, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Oct 8, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds