Recurring Trojan.Agent (Regedit32)

[Dave__]

After quarantining and deleting the following items (MAM Premium, database v2014.08.27.02 under Win7 x64):

* Backdoor.Agent (C:\Users\[user]\AppData\Roaming\rundll32.exe)
* Trojan.Agent (C:\Users\[user]\AppData\Roaming\svchost.exe)
* Trojan.AGent.VXGen (C:\Users\[user]\AppData\Local\Temp\C91D.tmp.exe)

After reboot (and quarantine/delete), MAM keeps detecting:

Trojan.Agent (Registry Value) HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Regedit32

Does anyone know how to eliminate this residual trojan item ?   TIA.

 

Dave.

[daledoc1]

Hello and welcome:

 

We can't work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the cleanup process.

 

>>Until then, your post suggests that this might be a very serious type of infection that could compromise your personal and financial information.  As such, until you receive expert help, please do not conduct any sort of financial transaction from the affected computer.

You will likely need to change all your passwords from a known, clean computer; contact your financial institutions; and take other, critical counter-measures.

>>The forum staff, experts and malware helpers will have additional important advice for you.

Thanks,

[Dave__]

Many thanks - will do.

[daledoc1]

Hi:

 

It looks as if you have a new topic over in the malware removal section here: https://forums.malwarebytes.org/index.php?/topic/155976-recurring-trojanagent-regedit32/

 

Please wait for a helper to pick up your topic and then please stay with that helper until s/he gives you the "all clear".

 

Take care,