virus on laptop..

Toshiba / Satellite m305
May 27, 2009 at 09:54:01
Specs: Microsoft Windows Vista Home Premium, 2 GHz / 3959 MB
I've been on this site before and with help removed a virus that was on my old laptop so hopefully you guys can help again...this time it is my moms laptop...a notification pops up saying that


"Your system is infected with version of Trojan.Win32.Agent.azsy. This malicious program is a trojan. It is a Windows PE EXE. Once launched, the Trojan copies its body to the current user's Windows startup directory and attempts to steal passwords from Int"


so what should i do?


See More: virus on laptop..

Report •


#1
May 27, 2009 at 10:01:05
Which Antivirus detects that and have you ran full scan with it?

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 27, 2009 at 10:12:56
Well she uses the one that came with the laptop...Kaspersky Internet Security 2009....its a new laptop and best buy told her that it was a good virus protection...i clicked to run a full scan a little bit ago and its at 50%...i'm not sure if she has ran one or not....

actually i think the one that detects the virus is another program called "Personal Antivirus" it comes up with 4327 threats founded after running a computer scan.....and now another box is popping up saying


"W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removeable drives and shared folders"


Report •

#3
May 27, 2009 at 10:16:09
Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
To Private Message me Click Here


Report •

Related Solutions

#4
May 27, 2009 at 10:29:58

Report •

#5
May 27, 2009 at 11:03:24
Follow these steps in order numbered and make sure you pause kaspersky and ask it restart after reboot. Also rename avz.exe to something else, run it and then execute this script in step 1:

1) Run this script in AVZ like before. Your computer will reboot.

begin
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\program files (x86)\pav\pav.exe');
 QuarantineFile('c:\program files (x86)\pav\pav.exe','');
 DeleteFile('c:\program files (x86)\pav\pav.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After reboot. Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

--------------------------------------------
To Private Message me Click Here


Report •

#6
May 27, 2009 at 11:10:01
running that script causes AVZ to freeze...

Report •

#7
May 27, 2009 at 11:41:25
Can you post screen shot of Kaspersky windows. Click on Detected Active Threats windows. Take a screen shot of that window and upload it to image http://www.imageshack.us/.

PS: make sure all the column names are visible clearly.

--------------------------------------------
To Private Message me Click Here


Report •

#8
May 27, 2009 at 11:47:51
this right?

http://img32.imageshack.us/img32/11...


Report •

#9
May 27, 2009 at 12:11:36
another box popping up...

http://img8.imageshack.us/img8/8316...


Report •

#10
May 27, 2009 at 12:30:33
they keep coming...

http://img32.imageshack.us/img32/17...



Report •

#11
May 27, 2009 at 12:37:28
I changed Response Number 5 Step 1 try to run that and let me know if it still freeze's.

--------------------------------------------
To Private Message me Click Here


Report •

#12
May 27, 2009 at 12:55:18
k it didnt freeze and it restarted the laptop..then i turn off all my programs that i have to protect my computer....but when i open up combofix to start a scan this error happens...

http://img39.imageshack.us/img39/57...


Report •

#13
May 27, 2009 at 12:57:59
Try to run combofix in safe mode. If it still gives you same problem. Run a full scan with kaspersky select all the places to scan and set the settings on high. Post scan summary result at the end.

--------------------------------------------
To Private Message me Click Here


Report •

#14
May 27, 2009 at 13:08:15
tried it and it still happened.....running full scan now....

Report •

#15
May 27, 2009 at 13:15:37
here's a download for the txt file..after the scan completed

http://rapidshare.com/files/2379257...


Report •

#16
May 27, 2009 at 13:35:48
Follow these steps in order numbered and post summary log after each step. Also Pause Kaspersky till after all the steps are done.

1) If you use Windows System restore, turn it off > reboot. How to turn it off/on: http://support.kaspersky.com/faq/?q... Run a full scan with:

Bitdefender: http://www.bitdefender.com/scanner/...


2) Run a full scan with http://www.eset.eu/online-scanner

# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan unwanted applications.

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\EsetOnlineScanner\log.txt
# Attach this logfile to your next message.

Note: Turn system restore back on, if you wish; this to remove malware from system volume information files.

3) Install, update and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, but Please Don't fix anything yet, until the log is reviewed.

4) House cleaning [Optional]. Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

--------------------------------------------
To Private Message me Click Here


Report •

#17
May 27, 2009 at 14:31:04
i have the bitdefender scan going...but estimated time for it is like 5 hours..so yea gonna be a while

Report •

#18
May 27, 2009 at 14:35:41
Yes Response Number 16 will take day to complete all. But do finish it since it will reduce chance of reinfection and clear up unwanted residual files from your system.

--------------------------------------------
To Private Message me Click Here


Report •

#19
May 27, 2009 at 14:59:35
Well it said 5 hours but then i came downstairs and it was done..so here is step 1 results

http://rapidshare.com/files/2379550...


Report •

#20
May 27, 2009 at 15:12:52
Your on vista correct? Did you start combofix as admin (right click on combofix and run as administrator). Also pop ups are gone correct?

--------------------------------------------
To Private Message me Click Here


Report •

#21
May 27, 2009 at 15:29:23
yes i am on vista and i did run combofix as admin but it still shows that error...and yea i havenot been getting any pop ups

Report •

#22
May 27, 2009 at 15:43:15
Well many good tools won't work since you are running 64 bit OS. So your stuck with Response Number 16.

--------------------------------------------
To Private Message me Click Here


Report •

#23
Report •

#24
May 27, 2009 at 17:10:48
Trojan.Win32.Agent.azsy <-- still gets detected or its removed?

--------------------------------------------
To Private Message me Click Here


Report •

#25
May 27, 2009 at 17:16:59
not sure...the box saying this messange hasnt popped up since you had me do all this...so im guessing it got removed?


"Your system is infected with version of Trojan.Win32.Agent.azsy. This malicious program is a trojan. It is a Windows PE EXE. Once launched, the Trojan copies its body to the current user's Windows startup directory and attempts to steal passwords from Int"'

but didnt you remove the Personal Antivirus program? and that was what was detecting it so that is probably the reason its not popping up....so i'm not sure if its removed yet....


Report •

#26
May 27, 2009 at 17:21:09
That program was trojan itself. I thought that was detected by kaspersky. lol

Run this script in AVZ:

1) Run this script in AVZ:


begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Upload that file to rapishare and private message me the download link.

--------------------------------------------
To Private Message me Click Here


Report •

#27
May 27, 2009 at 17:51:35
alright so i PM'd you the link...

and edited message 23 with Step 3 File...



Report •

#28
May 27, 2009 at 17:57:30
Fix what it detected and your good as new.

--------------------------------------------
To Private Message me Click Here


Report •

#29
May 27, 2009 at 18:00:52
thanks! so do i need to remove all the programs i downloaded?

Report •

#30
May 27, 2009 at 18:07:03
If you want too. Eset and bitdefender were web applications. You can check in add/remove programs. AVZ you can delete the folder.

--------------------------------------------
To Private Message me Click Here


Report •

#31
May 27, 2009 at 18:09:47
ignore this

Report •

#32
May 27, 2009 at 18:11:47
what about combofix?

Report •

#33
May 27, 2009 at 18:28:21
Delete it. It wasn't installed.

--------------------------------------------
To Private Message me Click Here


Report •


Ask Question