Jump to content

suspect trojan.agent


Recommended Posts

Is it normal that eset takes so long. 7 hrs and only 50%. I read the freq asked questions and it says its probably slow from anti viruss running but I disabled them before I started. My daughter needs the computer to do homework projects and having it out of commission for so long is not good for her. Now unfortunetly I screwed up. I needed to look something up while this was running so I stopped it hoping that it would pause it. It didn't. And now the last 7 hours were for nothing, and Ive made it so its even longer to before I can get to my computer. Anything i can do to speed it up. It had found 6 win32 something babylon or win32 babylon something. eset is now running again.

Link to post
Share on other sites

  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

IF you have already started the ESET scan, please leave it be and let it finish.

It is NOT unheard of that it may run for a very long time. The time taken depends on your system processor speed and how many files on the system and how large they are.

You cannot make it go faster.

re

It had found 6 win32 something babylon or win32 babylon something

Sorry that info is not sufficient. Exact details are needed on filename and file location. Those will be in the log produced near the end of the scan.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-29 02:44:00

# local_time=2012-03-29 07:44:00 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 124600 124600 0 0

# compatibility_mode=1024 16777215 100 0 32870639 32870639 0 0

# compatibility_mode=5893 16776573 100 94 0 84549020 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=235490

# found=6

# cleaned=6

# scan_time=26670

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Shari\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

2nd run

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-29 06:41:38

# local_time=2012-03-29 11:41:38 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 152090 152090 0 0

# compatibility_mode=1024 16777215 100 0 32898129 32898129 0 0

# compatibility_mode=5893 16776573 100 94 0 84576510 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=244993

# found=0

# cleaned=0

# scan_time=13438

Link to post
Share on other sites

While i was getting these logs from program files I noticed a folder Babylon Toolbar. created 10/16/2011. What is this and does it have anything to do with this?I will now do combo fix. Is it ok if I change my computer sleep mode? if i can figure out how. Its hard to know when its done if my screen is black and I'm not to touch the mouse.

Link to post
Share on other sites

If you have already download & Saved Combofix you can run it from where it is, just please follow my other instructions on it.

If you have not yet downloaded, when you do, you get a SAVE dialog like this.

CF_download_FF.gif

You click Save File

You get a Save AS dialog like this

CF_download_rename.gif

You click on the Desktop icon on the left-side, then you click the SAVE button

I cannot tell what "Babylon" is or how you got it. (Other than it is a toolbar.) It's been removed by ESET.

Edited by Maurice Naggar
Link to post
Share on other sites

I had not downloaded combofix yet as I was waiting your reply. I clicked on the first link. an explorer pop up popped up and asked if I wanted to save or run, wasn't like above. clicked save. then another window pop up and said it was dangerous and gave choices of cancelling, deleting or more options. clicked more options and the only option was to run. I clicked on this figuring I would get the window from above, never did, it just went straight to running it.. I'm frustrated and your probably upset but I honestly did try to do as you asked. I left it alone to do its thing. I came back and a window is open saying computer could not restart do I want to restore.

What do i do?

Link to post
Share on other sites

NO you do not want to restore. If Windows is not running or your system is not at the Windows desktop showing normally, do a system restart.

Either CTRL+ALT+DEL keys to restart or if not, do a physical power off and power up

again, no restore wanted.

Once you have Windows running, yes, you can copy the stuff for your daughter. To be cautious, I would scan that USB-drive with the antivirus.

Believe me, I too am getting frustrated with the "hitches"

It is very tough to help without having the physical presence to "look & observe"

P.S. When getting the download for Combofix, you were using Internet Explorer ..... right?

Only use Internet Explorer browser (and have all other browsers {if any} closed)

Edited by Maurice Naggar
Link to post
Share on other sites

It will not start up normally, let it attempt to do a system repair?

Yes I used IE, nothing else was open. Do you want me to attempt combo fix again if I get my computer back up and running?I'm thinking getting my computer back up isn't going to be that easy though.

Link to post
Share on other sites

I selected safe mode with networking. It loaded window drivers then it flashed back to the beginning when you start up ( Select F2 for start up etc) then comes up with: Windows failed to Start ... If windows files have been changed or damaged a system repair may fix it.

Then can select System repair(recommended) or start normally.

Link to post
Share on other sites

a) Use this as a reference What are the system recovery options in Windows 7

http://windows.microsoft.com/en-US/windows7/What-are-the-system-recovery-options-in-Windows-7

b) If you have tried Normal mode, & Safe Mode with Networking and also the Startup Repair and still no success, then

and only then

Very slowly, carefully try (but only 1-time) the System Restore option.

c) I have to run some errands and will not be online again until very late (very) this evening .

Link to post
Share on other sites

Tried a restore, didn't work. Computer still won't start up. Tried safe mode and networking, normally and system repair. Picked the restore point combofix made just before it startted. Maybe i should have picked an older one, though I'm not convinced that it would have made a difference. So still no computer.:(

Link to post
Share on other sites

Some more details would sure help. What does it show or do when you tried those? Other than just "won't start up".

I mean for example, what happens if you powered down, waited a minute, then powered up again.

Can you describe exactly what you see / what you get.

Not good situation. The possibilities to get it running again are dwindling.

Do you have any sort of recent backup of this system from before the problem started?

It would appear that System Restore of any sort does not look like it will work.

Do you have the Windows operating system DVD?

One-time-only --- just once --- redo the steps to get System Recovery Options and from there select Command prompt

and tell me exactly what occurs.

Should you indeed get there, keep the system in that mode, and post reply back here, and await response.

Link to post
Share on other sites

I have to use the powerbutton to turn off. When starting Black screen with Toshiba Innovation flashes up, then black comes up with Windows Error Security Were it gives a choice of starting in repair mode oe starting normally (screen describe in a previous post) Select one Black screen with Microsoft Corp flashes up, goes to light blue screen the one that comes up before it goes to the desktop, sits on the blue screen for half min or so then a window won't start window opens and a window suggesting restore opens too.

Ive got my computer at command prompts.black window opened with "Microsoft Windows (version 6.1.7600) X: windows system 32 > flashing cursor.

I have an old backup from when I put windows 7 on, and guessing I still have the windows 7 install disk.

Link to post
Share on other sites

Allright. That's a more useful description. And also by your getting to the Command prompt, we may have a small ray of hope.

Stay at the command prompt.

For now, I just want you to do a lookup. Kindly observe some of these have a space between characters. It is important you type properly as shown.

Type in

cd \windows\erdnt

and tap Enter-key.

Next, type in

dir

and tap Enter-key.

That will display 1 or more sub-directory names. I'd like for you to write them down.

You may ignore the ones named

[.] & [..] 

Next, type in

cd \

and tap Enter

Then type in

dir *.exe

I'd like for you to write them down & report back with the two lists.

Also, start to locate the Windows 7 DVD & report on the "name detail" on the label.

Meantime, take a time-out & do not do anything with the system. and allow me to research more on the possibilities.

Link to post
Share on other sites

Dir gave me a lot, i mean a lot of dll and exe files and alot of dir, you want me to list them all?

Which one of my two parts was this in?

I mean when it is idle, what does it show as far as directory after the C:\

If you will go back & re-review with last note, I had two separate parts.

I think (guessing) that you navigated to the Windows directory and did the "dir *.exe" whereas I wanted you to (on the last part) to navigate to the Root of C: drive (meaning C:\

BTW, It is good you located the DVD. Keep it secure and nearby.

p.s. and btw, I am careful in what we do so that (hopefully) you do not loose stuff.

I would say, this is a tough reminder to you of the critical importance of having frequent current backups. More so if you & your other users do frequent document/file creation (changes).

Backups are a life-saver. Offline backups (to offline media, like USB external drives, or DVD, CD).

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.