Jump to content

Trojan.Agent registry keys aren't being removed


Recommended Posts

A few days ago I installed and ran Malwarebytes on a friend's computer, which is a fairly old computer running Windows XP SP3 Home edition. He'd been hit by a trojan a couple of months ago and tried to clean it up himself, apparently doing a good enough job that I'm not sure what he got infected with, but MBAM still found and removed a bunch of stuff. I also ran Ad-Aware and Spybot S&D, as well as Combofix, each of which found and removed more stuff. Since then I've run Malwarebytes Anti-Malware several more times, and each time it is flagging the following three registry keys as Trojan.Agent:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exploere\Browser Settings\bf

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exploere\Browser Settings\bk

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exploere\Browser Settings\iu

However, MBAM doesn't seem able to remove them, since they are always still there next time I run the program. I also tried removing the keys myself using regedit, and it gives me an 'Access denied' error whenever I try to delete them, rename them, or modify the values, even though I'm running as an admin.

Any idea how I can get these keys deleted?

Link to post
Share on other sites

Welcome to the forum -

Please try this on the computer that is having an issue.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.

2. Restart your computer (very important).

3. Download and run this utility. mbam-clean.exe

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here. mbam-setup.exe

Note: The same procedure is also for the free version -

Note: For paid version - You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray and that you can run a quick scan and all is working as expected.

Thank You - :P

EDIT - Please post back to this topic if there is still a problem -

Link to post
Share on other sites

I performed all of the above steps. The only deviation was that MBAM never appeared in the task tray, but then it never has on my own computer either so I took that to be applicable to the paid version (if that's not the case, please let me know).

When I ran a quick scan, it got all the way down to the end, found the same three keys during the Extras and heuristics portion of the scan, and displayed them. I selected the option to remove them. A few seconds later I got the popup from Windows: "Malwarebytes' Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience. yada-yada Please Tell Microsoft about this problem. more yada-yada. [send Error Report] [Don't Send]" After I closed it I ran the quick scan again and got the same result.

If it matters, all of the above was done using Safe Mode with Networking.

Link to post
Share on other sites

I was using Safe Mode because the computer is interminably slow without it. I had just uninstalled Norton Security Center (with the computer owner's blessing) and found the computer to be much faster (i.e. usable). However, I just tried installing AVG 9.0 and now the computer seems to be just as bad as it was under Norton, maybe worse. I may have to uninstall it and try a different antivirus program (so far I haven't give up on that there might be some other problem that's really dragging down the performance). For now, I'm using safe mode when I can get away with it since it's much faster. (The computer is 2.13GHz, 448MB, Win XP SP3 Home.)

Combofix was recommended to me by a friend who does this sort of cleanup work on computers as a profession.

Link to post
Share on other sites

Hi -

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

If your friend is the expert I would not use Combofix without him being there or on line to you - There was an item 2 days ago on Bleeping Computers forum where a user lost most of their data by doing it themself - If all the steps are not followed properly that is what can occur -

Please be careful if you use any tools without an expert - And please follow the post I left above -

Thank You - :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.