win32.agent.pz will not go away

Discussion in 'Malware Help (A Specialist Will Reply)' started by mrwoggle, Dec 11, 2009.

  1. mrwoggle

    mrwoggle Private E-2

    Hello all..I hope dearly that someone here can help me...

    I have no idea where it came from, but last week my laptop got caught by that antivirus live fake scanner prog thats out and about...I managed to get shot of it, but its left both win32.zbot and win32.Agent.pz behind.. Spybot S&D detects them, but they come back on reboot..So I have run combofix and SD Fix, but the little blighters are still there... After running SDFix in Safe Mode,ad letting it finish in normal windows, I re-ran Spybot, and they are stil there, this time with more entries. I have tried malwarebytes too, but to no avail...Is there any solution other than a re-install??

    I have attached the combofix log, in case its necessary...

    (My specs BTW are 2.6 GHZ processor, 2GB SDIMM RAM on Asus L58L laptop, XP SP3, running up to date Kaspersky Internet Security 9.0 )

    I eagerly await your reply, this is giving me an ache where I don't need one !!!

    Thanks lots and happy xmas


    Andy W
     

    Attached Files:

    mrwoggle, Dec 11, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What happened to the log from running superantispyware? We need to see that as well as the log from running MBAM and MGTools.exe.

    Ensure that you follow through our malware procedures correctly and attach all of the requested logs. I shall link below for reference:

    Welcome to Major Geeks!

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.


    You also posted one at the SpyWareWarrior Forum And so... you must decide which of the two forums you wish to resolve your issues in. Whichever forum you decide not to work with you must leave a message indicating the fact that you are receiving help somewhere else and so as not to waste valuable resources, you wish the thread to be closed.

    You also have combofix running from the wrong location:
    It should be directly on your desktop.

    Thanks
    Kes13!
     
    Kestrel13!, Dec 13, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds