Jump to content

Trojan.Agent.DL and WindowsLiveUpdate.exe infection


catroy
 Share

Recommended Posts

MBAM scan turns up well, no infection this time. Is the computer healed? As an added bonus, my system seems to be running faster after going through the various cleaning programs.

Very good. bravo.gif Yes, you are good to go after the following cleanups. I would recommend, if you do not currently have the MBAM PRO license, to get it so that you have an added layer of protection.

On a separate note, if you do have Java runtime, a very recent critical security update was released see http://securitygarden.blogspot.com/2013/02/critical-oracle-java-security-update.html

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste
    c:\documents and settings\Joe\Desktop\Combo-Fix.exe /uninstall
    and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

RSIT.exe

securitycheck.exe

Tdsskiller.exe

roguekiller.exe

aswmbr.exe

Rkill

Gmer.exe or gmer.zip

cfscript.txt

DrWeb Cure-It

Use Control Panel >> Add-or-Remove Programs & uninstall BitDefender Quickscan

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Excellent Maurice! Will definitely get MBAM Pro for future protection. Would I have dodged this trojan had I used MBAM Pro in the first place? :P

As for the old Java 6 ver 17 still residing in the system, I had a trading application that can only run on this old version, any upgrade and it would not work, the developer is aware of this limitation but hasn't done anything to upgrade it, thus I am forced to downgrade to this old version of Java, appreciate your heads up on this possible security threat.

Regarding the newly cleaned system, I am noticing a black window at start up, it asked me to select the appropriate system to start, choices are:

Microsoft Windows Recovery Console

do not select this [debugger enabled]

Microsoft Windows XP Professional

etc..... and disappears in 3 seconds.

I never remember seeing this black screen prior to clean up, is there a configuration problem and should I be concerned?

Otherwise everything looks perfect, learned a lot about system cleaning from you and the various articles in the computer help section, this forum has been a great resource and I'm in awe of your expertise and generosity, thank you!

Link to post
Share on other sites

MBAM PRO will reduce the odds of getting a serious infection. It is not a 100% guarantee; as nothing is. What is more important, is safer / saner practices.

As to the old Java, shame on that developer. But since your application that needs Java is an "internal program", you do not need Java in your browsers.

How to disable Java in various browsers : http://blog.eset.com...r-way-to-browse

On seeing the "recovery console" , etc at computer startup: No, do not be concerned. Leave it alone. It is a very short onscreen notice.

The XP Recovery Console gives you a mechanism to get to a special version of the Windows command prompt environment, which facilitates some fixes in case of a dire emergency. Leave it alone. No need for concern. That was added early on by the first run of combofix.

Here are "some" references on the XP Recovery Console:

http://support.microsoft.com/kb/307654

and Description of the Windows XP Recovery Console for advanced users

http://support.microsoft.com/kb/314058

Thank you for your compliments. I wish you well.

I am marking this as completed and I'm closing the thread. ^_^

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.