Jump to content

Help! Trojan.Agent & Rogue.Installer

kevbuck
 Share

Recommended Posts

kevbuck

kevbuck

Posted
Posted

Hi,

I am new to MBAM and forums in general, so please excuse me if I am posting in the wrong area.

I have limited pc problem solving experience(we have techs at work :))

I have attempted to provide you with a developer log posted herein. Each time that I entered the mbam.exe / developer a box saying " invalid command parameter" popped up and then MBAM opened, hopefully I have the file you need.

My problem is this, my computer was sluggish among other things so i did the usual clean temp files etc, ran AVG(also running Zonealarm)removed some cookies. I then went to download.com and installed MBAM(which had fantastic ratings) which found the Trojan.Agent & Rogue.Installer.

I have quarantined both but do not know if i should delete them or if this would somehow be detrimental(if they aren't harmful perhaps from other security software)Please help, also advise in the future should I quarantine/delete, quarantine/post on forum, run MBAM, Spybot & HJT and then post?

Up until now, I have googled & quarantined. Forum herein suggests deleting Trojan.Agent, is this always the case no matter where it is found?

I have spent the better part of this day reading these forums(have learned a fair bit) and i would greatly appreciate any recommendations(safe sites) that could help me better understand pc security.

Thank you for your patience and assistance

Malwarebytes' Anti-Malware 1.28

Database version: 1230

Windows 5.1.2600 Service Pack 3

10/5/2008 5:13:50 PM

mbam-log-2008-10-05 (17-13-50).txt

Scan type: Quick Scan

Objects scanned: 48782

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Kevin\Local Settings\Temp\_is9.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Link to post
Share on other sites
wyrmrider

wyrmrider

Posted
Posted

looks as if MBAM has it safely tucked away

I googled the CLSID and found

http://www.castlecops.com/tk30509-no_file.html

which says

"X" - Certified spyware/foistware, or other malware

MBAM is usually pretty good about removing infections , however

I would go to the Malware Removal forum

READ THE STICKIES

be prepared to follow instructions EXACTLY

There an expert helper will try and determine if all the infection is gone

you can post your log there or a link to this thread

good work!

Link to post
Share on other sites
kevbuck

kevbuck

Posted
  • Author
Posted

Thank you wyrmrider,

I greatly appreciate the fast response and advice.

You say that you googled the CLSID. Excuse my ignorance(blush), but does this mean that anytime that something is found that i should take that string of numbers(CLSID) and google it to find out what it is?

I will most certainly follow your advice on posting it to the Malware Forum.

I would like to post a link to this thread. If you don't mind could you please advise on the procedure to do so.

I think i would go to the forum, create a new topic, click insert Topic Link(this is where i get lost as i am not sure where to find the topic id #).

Thanks again for your help and the patience with my inexperience

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post the requested logs in a new topic you start.

Researching CLSID's is tricky business for the inexperienced. I do not recommend you attempt to decide what is malware on your own.

Link to post
Share on other sites
  • 2 weeks later...
kevbuck

kevbuck

Posted
  • Author
Posted
Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post the requested logs in a new topic you start.

Researching CLSID's is tricky business for the inexperienced. I do not recommend you attempt to decide what is malware on your own.

Thanks Jean,

My main concern is that i am running an older computer 512mb ram, windows xp sp3, I have AVG, MBAM and Zonealarm installed now. Can I install Panda, HJT and Spybot without any problems(so that i can run the scans needed? I have been so busy i haven't had the chance to do anything yet, but did check the links to your other forums-great info.

Once i have finished scans do i delete all the programs?(my computer is slow enough now)

Thanks for all the advice

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.