Im new to this site and came here to try and get some help with a virus/trojan AVG finds. Its named BackDoor.Agent.BA and its found in C:\Windows\System32\sql.dll. Ive ran ad-aware, spybot, and AVG virus scan and it hasnt helped. All AVG could do is put the file in quarentine, however it keeps appearing. I dont know what to do and need help.
~Thank you

The last post in this thread tells you how to get rid of the culprit.

http://www.computing.net/security/wwwboard/forum/10974.html

OKay doing what that post said to do did fix one problem, I can change my homepage again and pop-ups stopped appearing. However AVG is still detecting backdoor.agent.ba in the sql.dll . I also couldnt use some of the fixes in the other post do to Win. differences or because I couldnt find the file mentioned. Currently there isnt a problem I can notice, just that AVG is detecting it still and im getting annoyed of the message.

The virus/trojan is now causeing my computer to restart after startup after the second warning that theres a virus. After the computer restarts the message still appears but it dosnt restart. I went throught he previous post again, redid everything, and AVG still detects the virus/trojan.

BackDoor.Agent.AB
Known:
1 It affects a system32 .dll. Tfive different files that I know of so far.
2 The infected file "Disapears" in safe mode.
3 Only those with AVG can detect the file infection
4 After trying to clean the fiel the system reboots.
5 there is an entry in the registry that relects the infected file name. Ithink the key is AppInit or InitApp.
6 The fiel can not be copied, backed-up, or have its attributes changed.

I have a current case where a user "thinks" they were infected prior to the AVG install. Checking on this.

Just Checked. He is still infected with some sort of trojen.

Squirrel Killer

Squirrel Killer
Network Eng./Eng. Physics

Indeed, it seems that AVG is one of the few AV programs that detects this. It does exist, however. The name of the .DLL file that is created is random, so don't look particularly for sql.dll. On my machine, it was logjonc.dll. On another, it was web.dll.

I have seen numerous schemes for romoving it, none of which worked for me. What did seem to work was to boot from an XP CD (I suspect you could boot from an XP->DOS floppy, but the laptop I was working on didn't have a floppy drive.) and go to the recovery console. This is, in reality simply a command prompt. Apply a little DOS to XP and change the attribute of the file to remove the read-only status. (attrib -r filename with path, in my case attrib -r c:\windows\system32\logjonc.dll) Then, you can delete the file (del c:\windows\system32\logjonc.dll) and it will be gone.

By the way, it may be helpful (probably is) to disable system restore before starting. My personal opinion is that SR is worthless, so I keep it disabled, but YMMV. If you like it, re-enable it when you're done.

Thank you for all your suggestion. Sorry That i couldnt respond sooner but I've been very busy. Ill try what you all suggest, and if It dosnt work I think I'll just reinstall windows.
~thank you

hi my friend, i know how to fix your problem because i was infected with the same virus: backdoor.agent.ba
anti-virus scanners don't work.
if you want to try, you can download the avast antivirus from webattack.com then create a VRDB "Virus Recovery Database"
dont use this antivirus when you are using the internet.scan it when you start the computer straight away.if you detect the problem find the dll file and delete it.
if that diesn't work then there is another option:

First of all i have got good and bad news for you.
To get rid of the virus you need to reformat your hard drive, if you can't use your computer, which means you will have to delete all your data in the hard.
If you can use your computer then sava all your data to a cd or whatever u want to save to, then reformat your hard disk.

To reformat (or reload windows)your hard drive you need a windows reinstallation cd. it is also called restoration cd.
it normally comes with the computer in the box.find it if you didnt know about it.If u don't have that cd just like me, then you have to phone your computer shop that you bought your computer from and tell them about the problem(if you have a guarentee).

this virus almost destroyed my computer. i coudn't open my computer and it kept shutting down non-stop when i tried to open it .i then took my pc to a friend just around our street who sometimes works in a internet cafe fixing computer problems. since i didnt have my cd,he reformatted my hard drive and fixed the problem.

save your data and reformat hard drive.reload windows

by the way you are lucky that i surfed the internet just to help people with this problem. and u are the one who hit the jackpot.
also after you fix the problem go to start-all programs-windows update and download all the critical updates or go to microsoft.com and find the critical updates.
after reinstallation go to accessories-accesibility-communication-new connection wizard then establish a internet connection with your internet connection phone number if u are using a dial up connection
adios amigos

Hey, this actually worked! Just like cjon_hinkle stated!!

"...boot from an XP CD and go to the recovery console. This is, in reality simply a command prompt. Apply a little DOS to XP and change the attribute of the file to remove the read-only status. (attrib -r filename with path, in my case attrib -r c:\windows\system32\sql.dll) Then, you can delete the file del c:\windows\system32\sql.dll and it will be gone.

So far so good.

Thanks CJON

Ken K