Jump to content

Trojan.Agent.ENM

BernardB
 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi Bernard,

Your computer is running a very old and compromised version of Java. Please go into Control Panel, Programs, Add/Remove and uninstall all versions of Java. If at all possible please try to run your computer without Java. If you really have to use it then make sure you keep it up to date at all times.

Please run the following fix. It will also run a full disk check on your computer. This may take a couple of hours to run but please let it complete.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Cheers

Ron

 

Link to post
Share on other sites
BernardB

BernardB

Posted
  • Author
Posted

Thanks for the quick response.  I guess it looks fine.  Things looked fine before.  I just kept finding the Trojan.Agen.EMN popping up.  I had deleted the Java per your instructions.  I run eTradepro, a java based application..  I have not run it since I noticed the Trojan.Agent.ENM files in the etrade directory.  What should I do to verify my LAptop is squeaky clean. 

Also, I have this stupid Norton Internet Security.  I have had two issues.  Every time I have an issue I immediately download MalwareBytes to fix issue.  I purchased it this time.  Can I kill Norton and just run MalwareBytes?

Thanks for your help,

Bernard

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You could stop using Norton, but if it's still a paid version, you might want to try an uninstall and reinstall of the latest version to see if it fixes your concerns. I run Malwarebytes and Norton on my wife's computer because they work well together and I have a multi-year purchase of Norton so might as well use it. I'm not having any issues on her system. It's a Windows 7 Pro x64 box.

Let's go ahead and run some other scans to make sure all is clean. Make sure your antivirus is disabled while running these other scans and enable it again once done.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

 

Ron

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Lot of PUP stuff found there. I'm going to have you run another scanner to double-check and make sure it doesn't find other items too.

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Overall the log looks good @BernardB

One item of potential issue though.

Is this the correct IP address for your router?

TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{A64D0D99-6F1A-427C-B3E1-DBF51C705B7D}: NameServer = 0.0.0.0

The name server for one of your cards is wrong. Should not be 0.0.0.0

If you own and control your own home router you might want to do a factory reset on it just to make sure it's safe and secure.

Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

 

Link to post
Share on other sites
BernardB

BernardB

Posted
  • Author
Posted

OK, I reset my Airport Extreme to Factory Defaults.  I have two questions ad one comment.

1. I have a program called Real Temp, by Tech Powerup LTD, on my laptop that I like to run to monitor CPU temp and moderate clock speed so fan is not running all the time.  Do you think it is OK to use and will not cause more issues?

2. Early on you mentioned an old version of Java which I deleted and have not re-installed.  I like to run eTrade Pro, a Java App.  Do you think it is safe to reload eTrade Pro?

3. I am shocked at the great level of service have received from you and this blog overall.  This is really a great thing.  Thanks you very much for your help and prompt replies.

Best,

Bernard

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi Bernard,

I don't see an issue with running the Real Temp application. Should be okay.

Yes, please go ahead and install the latest version of Java. https://java.com

Thank you for the kind words and glad you're happy with the service provided.

Thank you again

Ron

 

Link to post
Share on other sites
BernardB

BernardB

Posted
  • Author
Posted

You have to be an eTRade Platinum customer to be able to access it.  You have to have an etrade login and be part of the platinum program to access it.  This is where my issue first surfaced.  Then we started down the path and found all sorts of stuff.

 

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.