Jump to content

Malware unable to remove registry entry

wazinoz
 Share

Recommended Posts

wazinoz

wazinoz

Posted
Posted

MS Windows XP Home SP3

Yesterday I acquired a trojan which is being quite persistent.

I noticed problems when my browser (firefox) opened a page to a supposed virus software page which was in turn popping up a

downloader. I could not close the page or get rid of the downloader. On usuing AVG it imediately showed a trojan

called, AGENT.AOQG

On looking this up on google I was unable to view pages from the search as I was directed to different pages to do with

virus software.

I posted on Computer Hope forum

http://www.computerhope.com/forum/index.ph...ic,72530.0.html

I was advised to install and run various scans and post the logs which can be viewed from the above link.

The problem I am having is that Malware log keeps showing an infected Registry Key but after reboot it is still there. Does anyone know how I can get around this?

Copy of the last log below.

Malwarebytes' Anti-Malware 1.31

Database version: 1519

Windows 5.1.2600 Service Pack 3

20/12/2008 12:43:50 AM

mbam-log-2008-12-20 (00-43-50).txt

Scan type: Quick Scan

Objects scanned: 54854

Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I will be very grateful to anyone who can shed some light on this. :)

Link to post
Share on other sites
wazinoz

wazinoz

Posted
  • Author
Posted
Download and unzip the file attached to this post , you will get two files .

Copy subinacl into :

C:\windows\system32

Now run fix and reboot .

Run another scan and report back .

Job done, thank you very much for your help. Below is the up to date log.

Malwarebytes' Anti-Malware 1.31

Database version: 1519

Windows 5.1.2600 Service Pack 3

20/12/2008 2:25:01 AM

mbam-log-2008-12-20 (02-25-01).txt

Scan type: Quick Scan

Objects scanned: 55106

Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.