Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsHelp to get rid of a Trojan!!
MurrayC

79 posts

Master Geek


#61413 17-May-2010 01:25
Send private message

I'm running XP Pro.

Trend Micro has identified TROJ_AGENT.AVMT on my computer in the following location:

C:\systemvolumeinformation\_restore{FDBAD8EO-41CC-9442-935C73850B21}\RP7\AOOO1649.dll

I cannot find this file on my computer.

The Trojan will not allow access to any Microsoft, Trend Micro websites or Google searches on it's name or on trojans generally.  It has also unhooked the Microsoft Fire Wall.  It has also deleted Restore Points prior to 8 May (presumably the date it infected my laptop).

Trend Micro cannot clean or delete this trojan.

Where to from here?  Your advice would be most welcome!!

Cry




 

Create new topic
Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #330773 17-May-2010 01:41
Send private message

Firstly unplug the pc from the internet immediately if you haven't already (don't plug it back in until it's clean.

Secondly using another clean machine change every password for any sites/accounts/logins you've used on the machine since this infection.

Thirdly it sound pretty far compromised, I would probably advise backing up all important data/documents/favourites/email/etc off it (via booting into safe mode or using linux live bootable cd to) on to an external USB drive.

Reformat and do clean new install of windows.




heavenlywild
5091 posts

Uber Geek
+1 received by user: 901

Trusted

  #330774 17-May-2010 01:48
Send private message

Very good advice, that's what I would recommend doing too.

Don't try fixing the issue, best to do a format. Make sure you scan your backed up files before loading them back to a "clean" system.

MurrayC

79 posts

Master Geek


#331393 18-May-2010 14:33
Send private message

Thanks for the advice guys.  I'm enlisting some assistance to do a clean install.  

Just goes to show you that no matter how diligent you are with maintaining updates that nasty stuff can still sneak under the radar...

Cheers
Murray 



ZollyMonsta
3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #331416 18-May-2010 15:21
Send private message

Looks like a system restore file.

Turn off System Restore (this will delete all previous restore points). Click Apply
Turn back on System Restore and apply.

Do another scan then.




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

MackinNZ
450 posts

Ultimate Geek
+1 received by user: 119

Lifetime subscriber

  #331432 18-May-2010 16:06
Send private message

All the above plus download and install Malwarebytes.

Scan the machine with a quick scan, if it finds any malware allow MWB to remove it, reboot and scan again.  Once the quick scan has retuned a clean result, reconnect to the internet and update MWB and run a full scan.  Keep running scan's until you get a clean result.

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #331438 18-May-2010 16:15
Send private message

ZollyMonsta: Looks like a system restore file.

Turn off System Restore (this will delete all previous restore points). Click Apply
Turn back on System Restore and apply.

Do another scan then.


Hmm his other statements make it sounds like the trojan has compromised his machine disabling the firewall, av and not allowing him to go to websites that would help him fix the issue.

Potentially the virus has compromised the AV program too.

 
 
 
 

Shop now for Dell laptops and other devices (affiliate link).

xpd

xpd
Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #331444 18-May-2010 16:25
Send private message

AVG has a rescue CD available - downlaod that on a another PC and run it and see if that helps....havent used it myself yet but a copy is handy just in case :)




XPD / Gavin

 

LinkTree

 

 

 

MurrayC

79 posts

Master Geek


  #331467 18-May-2010 17:06
Send private message

UPDATE

Thanks ZollyMonster - I did the turn off and then turn on Restore Point routine and it worked!

Thanks MackinNZ - I was able to download Malwarebytes and it detected 6 objects including one trojan and cleaned the lot.

Whew!!!

Microsoft updates have come through so working like it should do.

Thanks again for all responses... 

trig42
5889 posts

Uber Geek
+1 received by user: 2094

ID Verified

  #331881 19-May-2010 14:56
Send private message

MBAM (Malware Bytes) usually fixes those, and fixes the turned off firewall and notifications too (they are just registry keys).

If it doesn't clean everything off (or it comes back pretty quickly), then ComboFix is another handy tool, as is removing the Hard Drive and scanning it using a clean PCs antivirus.

Formatting should only ever be a last resort.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright