Solved trojan in my comp.

March 9, 2013 at 12:18:46
Specs: Windows 7
I tried all the recommended programs and not one of them found this trojan, that I know is there because panda cloud and windows defender both say it is, but they cant fully remove it, isn't there a way I can find it myself and remove it?

See More: trojan in my comp.

Report •


✔ Best Answer
March 10, 2013 at 10:16:41
Try these 3 progs in EXACTLY the same order...and DO NOT reboot untill you have run ALL the scans:
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://support.kaspersky.com/viruse...
3- malwarebytes
http://www.filehippo.com/download_m...

That should help to remove the infection....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds



#1
March 9, 2013 at 13:42:36
Download and run Malwarebytes free here's the link: http://www.malwarebytes.org/
Update and run a full scan, include the log in your next reply please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
March 9, 2013 at 19:57:23
If it is a trojan like you say...why not use Trojan Remover
http://www.simplysup.com/tremover/d...
...works great, and if that doesn't do it, try Hitman Pro
http://www.surfright.nl/en/downloads
...it also works great for trojan removal.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#3
March 10, 2013 at 08:14:54
thanks MrGoodguy, here's the log and a link to the trojan

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruby [administrator]

10/25/2012 4:00:50 PM
mbam-log-2012-10-25 (16-00-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 453207
Time elapsed: 54 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 7024 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Ruby\Downloads\nuancepdf.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Users(name removed)\AppData\Local\Temp\B12D.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Local\Temp\is1068456772\installer.volonet.playbryte-fa.exe (PUP.PlayBryte) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Local\Temp\is259369358\GiantSavings_US.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Local\Temp\is754907076\installer.volonet.playbryte-fa.exe (PUP.PlayBryte) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

reboot does not remove it :\

http://www.microsoft.com/security/p...

------

xpuser4real, as I stated in my first post I have already tried all the recommended programs, simpysup and Hitman Pro were 2 of them and they didn't work.


Report •

Related Solutions

#4
March 10, 2013 at 09:14:36
well i rebooted and rescaned and its still there, I went directly to it and scaned it and this is what and where it is

---------------

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruby :: TRACEYS-PC [administrator]

3/10/2013 12:11:21 PM
mbam-log-2013-03-10 (12-11-21).txt

Scan type: Custom scan (C:\Windows\svchost.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Detected: 4
C:\Windows\svchost.exe (Trojan.Agent) -> 3108 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 2660 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 1416 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 3960 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


Report •

#5
March 10, 2013 at 09:15:41
sorry double post

Report •

#6
March 10, 2013 at 10:09:52
xpuser4real, as I stated in my first post I have already tried all the recommended programs, simpysup and Hitman Pro were 2 of them and they didn't work.

It would have been nice if you posted the PROGRAMS you already tried...that would help ;-)

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#7
March 10, 2013 at 10:16:41
✔ Best Answer
Try these 3 progs in EXACTLY the same order...and DO NOT reboot untill you have run ALL the scans:
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://support.kaspersky.com/viruse...
3- malwarebytes
http://www.filehippo.com/download_m...

That should help to remove the infection....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#8
March 10, 2013 at 12:21:07
OMG!!!!! TY TY TY XpUser4Real !!!!
I did exactly what you said and IT WORKED!!!!!!!!!!!!!!!!!!!!!!!!
you da bomb dude, I'm in your debt thank you soooooooo much :D

Report •

#9
March 10, 2013 at 12:55:35
I will be pleasantly surprised if you have fully removed the Trojan.

Run these to check.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.


Report •

#10
March 10, 2013 at 13:19:21
OMG!!!!! TY TY TY XpUser4Real !!!!
I did exactly what you said and IT WORKED!!!!!!!!!!!!!!!!!!!!!!!!
you da bomb dude, I'm in your debt thank you soooooooo much :D

You are very welcome...if you have any other occurrences just check back in and we'll give you some more things to try...you should be fine for now...thanks for letting us know!

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#11
March 10, 2013 at 14:06:29
Still recommend the tools in Post #9.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#12
March 10, 2013 at 16:32:33
thanx guys will do :)

Report •


Ask Question