Dlmarti Posted June 22, 2009 ID:92297 Share Posted June 22, 2009 Hi, this is my first time using this site, so please be patient with me! After running a quick scan on malwarebytes it showed that I had a registry key infected. It was named Trojan.Agent. However, something kind of suspicious showed up while I was running the scan. My Trend Micro kept popping up saying it was blocking high risk changes trying to be made by malwarebytes. So, I'm not sure what that is all about. Anyway, malwarebytes said to reboot the computer to rid the trojan. I did that and it is still there. I need step by step directions on how to get rid of this trojan. Also, my trendmicro log shows numerous denied actions and they are all from malwarebytes -- trend micro is reporting them as suspicious. Any help is greatly appreciated. Link to post Share on other sites More sharing options...
yardbird Posted June 22, 2009 ID:92299 Share Posted June 22, 2009 Hi and welcome to the forum, I would like to see a Malwarebytes Log of a quick scan please. Just copy and paste it in notepad and place it here... Also I would need you to go over this thread: http://www.malwarebytes.org/forums/index.php?showtopic=17605Support will look at the log (I'm not an mbam employee) The above link will configure what mbam files are safe to trust.Can you post a quick scan make sure your updates are up-to-date on mbam..thxEDIT: quote: "It was named Trojan.Agent." To remove Trojan.Agent, simply follow the instructions below.http://www.malwarebytes.org/forums/index.php?showtopic=4558 Link to post Share on other sites More sharing options...
Dlmarti Posted June 23, 2009 Author ID:92362 Share Posted June 23, 2009 Thanks yardbird for your speedy reply...Here is my quick scan for the administrators to review. Please note that the registry data item infected says delete on reboot. However, after rebooting, it's still there. As I mentioned in my previous post, as malwarebytes is scanning, I get several security pop-ups from my Trend Micro saying that Malwarebytes is trying to change registry files. One of the items from Trend Micro said it was trying to change file C:\Program Files\Trend Micro\Internet Security\USFeAgnt.exe, I'm not sure if that helps or if it's even relevant. Thanks in advance to anyone who can provide help getting rid of Trojan.Agent.Malwarebytes' Anti-Malware 1.38Database version: 2297Windows 5.1.2600 Service Pack 36/22/2009 4:16:16 AMmbam-log-2009-06-22 (04-16-16).txtScan type: Quick ScanObjects scanned: 106379Time elapsed: 9 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
yardbird Posted June 23, 2009 ID:92368 Share Posted June 23, 2009 make sure your updates are up-to-date on mbam the current database is 2323 and do a quick scan and post thst please Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 23, 2009 Root Admin ID:92374 Share Posted June 23, 2009 STOP RIGHT THERE..... You are infected. DO NOT reboot your computer or run other software for now. Please post logs in the HJT forum.I let Yardbird continue as it initially looked like your Trend AV firewall may be blocking but in this case you have a core OS file that is infected.Scan and post logs - read note at bottom in greenIf you're having Malware related issues with your computer that you're unable to resolve.Please read and follow the instructions provided here: I'm infected - What do I do now?If needed please post your logs in a NEW topic here: Malware Removal - HijackThis LogsWhen posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.Using these other tools often makes the cleanup task more difficult and time consuming.If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for reviewNOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can. Link to post Share on other sites More sharing options...
Recommended Posts