Trojan.Win32.Agent.akk?

Discussion in 'Malware Help (A Specialist Will Reply)' started by alphaforce5, Dec 6, 2007.

  1. alphaforce5

    alphaforce5 Private E-2

    I was going to check me web mail today when from no where I got the following error

    "Critical System Error: Your browser was hijacked by Trojan.Win32.Agent.akk You need to clean your system immediately in other case it will be crashed soon! Click ok to download the high-tech antispyware protection software! (Recommended)

    Beyond the fact that this statement makes no sense, it keeps popping up, even when I'm not online.

    I've gone through all the read and run procedures, and if you need any more information I will be more then willing to provide it.

    If you think it would be easier I could take it to my ITS department and have them look it over, but I'd rather go about it myself so I can figure out how to deal with it, and hopefully prevent it from happening again.

    Thank you for your time,

    Robert
     

    Attached Files:

    alphaforce5, Dec 6, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: System DivX4 - {71314E7C-1713-49FA-90F2-54D275023981} - C:\Windows\System32\sysvideo32.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    After clicking Fix, exit HJT.

    Now run Pocket Killbox by doubleclicking on killbox.exe
    • select File, Cleanup, Delete All Backups
    • Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    • Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\System32\sysvideo32.dll
    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But if you do get this message, please let me know!)

    If Killbox does not reboot just reboot your PC yourself.

    After reboot check manually to make sure the below file was deleted. If you still see it, delete it:
    C:\Windows\System32\sysvideo32.dll

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.
    Make sure you tell me how things are working now!
     
    chaslang, Dec 6, 2007
    #2
  3. alphaforce5

    alphaforce5 Private E-2

    Thank you for getting back to me so quickly, unfortunately I only saw your reply after I had taken my computer to ITS however I will run a follow scan and send you the results, is there any data in particular you would need to see?

    The beast will return Monday so until then I'm stuck with out one, but thank you very much for your quick response, I only wish I'd checked my email 10 minutes earlier
     
    alphaforce5, Dec 7, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Depending on their abilities, they may format and reinstall. Many IT departments are not too swift especially when it comes to malware. But this particular problem you have is really not a big problem to remove. It is in fact very simple compared to many infections like Vundo. They may however miss all the entries that are put into the registry (that is assuming they don't format)

    You can just tell me what they did and then attach a new MGlogs.zip file for starters. You really only had the IEDefender related malware
     
    chaslang, Dec 7, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds