Jump to content

Recommended Posts

Hi, this is my first time using this site, so please be patient with me! After running a quick scan on malwarebytes it showed that I had a registry key infected. It was named Trojan.Agent. However, something kind of suspicious showed up while I was running the scan. My Trend Micro kept popping up saying it was blocking high risk changes trying to be made by malwarebytes. So, I'm not sure what that is all about. Anyway, malwarebytes said to reboot the computer to rid the trojan. I did that and it is still there. I need step by step directions on how to get rid of this trojan. Also, my trendmicro log shows numerous denied actions and they are all from malwarebytes -- trend micro is reporting them as suspicious. Any help is greatly appreciated.

Link to post
Share on other sites

Hi and welcome to the forum, I would like to see a Malwarebytes Log of a quick scan please. Just copy and paste it in notepad and place it here... Also I would need you to go over this thread: http://www.malwarebytes.org/forums/index.php?showtopic=17605

Support will look at the log (I'm not an mbam employee) The above link will configure what mbam files are safe to trust.

Can you post a quick scan make sure your updates are up-to-date on mbam..thx

EDIT: quote: "It was named Trojan.Agent." To remove Trojan.Agent, simply follow the instructions below.

http://www.malwarebytes.org/forums/index.php?showtopic=4558

Link to post
Share on other sites

Thanks yardbird for your speedy reply...

Here is my quick scan for the administrators to review. Please note that the registry data item infected says delete on reboot. However, after rebooting, it's still there. As I mentioned in my previous post, as malwarebytes is scanning, I get several security pop-ups from my Trend Micro saying that Malwarebytes is trying to change registry files. One of the items from Trend Micro said it was trying to change file C:\Program Files\Trend Micro\Internet Security\USFeAgnt.exe, I'm not sure if that helps or if it's even relevant. Thanks in advance to anyone who can provide help getting rid of Trojan.Agent.

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 3

6/22/2009 4:16:16 AM

mbam-log-2009-06-22 (04-16-16).txt

Scan type: Quick Scan

Objects scanned: 106379

Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Delete on reboot.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Root Admin

STOP RIGHT THERE..... You are infected. DO NOT reboot your computer or run other software for now. Please post logs in the HJT forum.

I let Yardbird continue as it initially looked like your Trend AV firewall may be blocking but in this case you have a core OS file that is infected.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.