trojan horse agent_r.xj, and probable TDL3

Discussion in 'Malware Help (A Specialist Will Reply)' started by nickped, Apr 30, 2011.

  1. nickped

    nickped Private E-2

    I was first notified of the virus from AVG, a trojan horse agent_r.xj. I noticed a very similar situation from this thread (http://forums.majorgeeks.com/showthread.php?t=228298), where the first post is as it is for me (the infected svhost.exe, and explorer.exe

    C:\WINDOWS\system32\svchost.exe (####):\memory_001a0000
    C:\WINDOWS\system32\svchost.exe (####)
    C:\WINDOWS\explorer.exe (####):\memory_001a0000
    C:\WINDOWS\explorer.exe (####)

    , and eventually discovered a rootkit: tdl3 which was detected with Unhackme. I downloaded TDSSkiller.exe but I kept running into an error when the installation process hit 80%. So I came to this forum, during which I have progressively received numerous AVG notifications of viruses (OMO.exe, OME.exe, etc.) and downloaded, installed and ran the appropriate cleaners, and prepared their respective logs with the hopes that someone here can help me. (I initially received the virus notification after accessing a veho link to Banksy's documentary, Written on the wall :/ , serious bummer). Currently, I still have my AVG uninstalled, I'm assuming I should reinstall it, or perhaps install the lastest of Avast?
     

    Attached Files:

    nickped, Apr 30, 2011
    #1
  2. nickped

    nickped Private E-2

    Here is the last of the logs... also should mention this is a windows xp pro 32-bit thanks
     

    Attached Files:

    nickped, Apr 30, 2011
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You have a new form of Master Boot Record infection. You will need your Windows XP CD to fix this.

    Boot your Windows XP CD into the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

    You can read the below to help you do this:

    http://support.microsoft.com/kb/307654


    After running the fixmbrcommand then boot back to normal mode Windows and try running the below and attach the log. Also explain if you are still having any malware problems.


    If you were able to run the fixmbr command, after booting normally run this: TDSSkiller - How to run and attach the log.
     
    chaslang, May 1, 2011
    #3
  4. nickped

    nickped Private E-2

    hey, thanks
    I was wondering whether it had to be the same windows xp cd that was used to install it, because I don't have the cd, a friend gave me the computer. Would a windows xp home ed work just the same (installation cd that is)?
     
    nickped, May 1, 2011
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you don't have a CD matching the exact type of the installed version, you may get a complaint about that but you may still be able to get to the Recovery Console and and run fixmbr. The MBR is still the same.
     
    chaslang, May 1, 2011
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds