Jump to content

Hit with Trojan; Rogue Agent ???

tinkerbell

By tinkerbell
in Resolved Malware Removal Logs

 Share

Recommended Posts

tinkerbell

tinkerbell

Posted
Posted

2 days ago, I was hit with malware. I ran several anti-malware programs and quarantined "Trojan.Agent/Gen-FakeSpy [broad] (4 infected items), and worse: Rogue.Agent/gen, with 37 registry items infected. After running a scan and removing to quarantine, I tried to update my anti-malware pgms and could not do so, getting error code 732 (12029, 0) after I could not connect. None of my anti-virus or anti-spyware software will update, including Norton. In fact, Norton was useless in detecting the infections. Another effect of the malware was to leave me with a defective connection for Internet Explorer 7. I tried downloading 8 but that, too, is disabled. Here's some of the code in quarantine. For Trojan.Agent/Gen-fakespy: windows\prefetch\uldesysguard.exe-15812F87.pf. For Rogue.Agent/gen: a long list of registry keys that were infected, with AVSCAN appearing in most of them (maybe that's normal for registry keys, but I am clueless!)

Is anyone else experiencing this? Is there any help short of reinstalling Windows (not an attractive option) ?

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
tinkerbell

tinkerbell

Posted
  • Author
Posted
2 days ago, I was hit with malware. I ran several anti-malware programs and quarantined "Trojan.Agent/Gen-FakeSpy [broad] (4 infected items), and worse: Rogue.Agent/gen, with 37 registry items infected. After running a scan and removing to quarantine, I tried to update my anti-malware pgms and could not do so, getting error code 732 (12029, 0) after I could not connect. None of my anti-virus or anti-spyware software will update, including Norton. In fact, Norton was useless in detecting the infections. Another effect of the malware was to leave me with a defective connection for Internet Explorer 7. I tried downloading 8 but that, too, is disabled. Here's some of the code in quarantine. For Trojan.Agent/Gen-fakespy: windows\prefetch\uldesysguard.exe-15812F87.pf. For Rogue.Agent/gen: a long list of registry keys that were infected, with AVSCAN appearing in most of them (maybe that's normal for registry keys, but I am clueless!)

Is anyone else experiencing this? Is there any help short of reinstalling Windows (not an attractive option) ?

Link to post
Share on other sites
tinkerbell

tinkerbell

Posted
  • Author
Posted
Hi and welcome to Malwarebytes.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
tinkerbell

tinkerbell

Posted
  • Author
Posted

I'm afraid that I ran another anti-spyware program before I actually installed Malwarebytes, and altho I have the infection info in quarantine within that program, I have been unable to export it to my desktop for use as you suggested. (big sigh)

Hi and welcome to Malwarebytes.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please use the ADDREPLY button to reply instead of the "REPLY button.

I'm afraid that I ran another anti-spyware program before I actually installed Malwarebytes, and altho I have the infection info in quarantine within that program, I have been unable to export it to my desktop for use as you suggested. (big sigh)
I'm afraid I have no idea what you are talking about. Nowhere did I mention quarantine.

I instructed you to run two tools; please do so.

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.