Registry Trojan.Agent

Compaq / PRESARIO 6000
May 27, 2009 at 04:48:13
Specs: Windows XP Home, ?
I have tryed everything to get ride of these Registry value Trojans with no luck.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.


See More: Registry Trojan.Agent

Report •


#1
May 27, 2009 at 05:32:39
Which Antivirus did you scan your PC with? Post a scan log.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 27, 2009 at 10:16:50
Malwarebytes' Anti-Malware 1.36
Database version: 2149
Windows 5.1.2600 Service Pack 1

1/1/2001 3:22:43 PM
mbam-log-2001-01-01 (15-22-33).txt

Scan type: Quick Scan
Objects scanned: 84237
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#3
May 27, 2009 at 11:39:38
Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screenshot/scan-summary log of detected items that is fixed and which it could not fix.

--------------------------------------------
To Private Message me Click Here


Report •

Related Solutions

#4
May 28, 2009 at 04:44:09
Detected
--------
Status Object
------ ------
detected: adware not-a-virus:AdWare.Win32.OneStep.agm File: C:\Program Files\KeenfinderSrch\keenfinder.dll
deleted: Trojan program Trojan-Spy.Win32.Goldun.brh File: c:\windows\system32\drivers\sunkfiltp.sys
deleted: Trojan program Trojan-Downloader.Win32.Boltolog.atb File: C:\fqifvn.exe
deleted: Trojan program Packed.Win32.Tdss.f File: C:\ogtt.exe
deleted: virus P2P-Worm.Win32.Agent.ti File: C:\qqlf.exe//#
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp10368901.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp11844211.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp11979681.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp12739841.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp14938901.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.izj File: C:\tmp16394211.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan.Win32.Rabbit.e File: C:\Documents and Settings\Owner\Owner.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.meq File: C:\Documents and Settings\Owner\Local Settings\Application DataKiweeToolbar1.2.116.msi//_713788D036849A848DAA56B9D8E20370/_255311685EC0439E9B51F19CA2877AB9
deleted: adware not-a-virus:AdWare.Win32.MegaSearch.s File: C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
detected: Trojan program Trojan-Downloader.Win32.Agent.bepp File: C:\Program Files\Common Files\System\l_porrvbcn32.dll
deleted: Trojan program Trojan-Downloader.Win32.Zlob.meq File: C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeContentHost.dll
deleted: Trojan program Backdoor.Win32.UltimateDefender.gen File: C:\WINDOWS\cralzw.exe
deleted: Trojan program Backdoor.Win32.UltimateDefender.gen File: C:\WINDOWS\craxzw.exe
deleted: Trojan program Trojan.Win32.Pakes.kmo File: C:\WINDOWS\craziw.exe//PE_Patch.UPX//UPX
deleted: Trojan program Backdoor.Win32.Asylum.013.g File: C:\WINDOWS\upcrav.exe
deleted: virus Heur.Trojan.Generic (modification) File: C:\WINDOWS\winwsd.exe
deleted: Trojan program Trojan.Win32.Inject.iga File: C:\WINDOWS\system32\accwizv.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.xjc File: C:\WINDOWS\system32\ackcthpg.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cvc File: C:\WINDOWS\system32\amtcqz.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\bdwgnaux.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\bpacqhuc.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\bpfbhp.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\caijogii.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\cjfynnxn.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.xjc File: C:\WINDOWS\system32\cmuxrphk.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kla File: C:\WINDOWS\system32\cwcgrgnb.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\cxfpce.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\daqkrnlk.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.ahba File: C:\WINDOWS\system32\devenum32.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\WINDOWS\system32\dqsahwrr.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\drcgif.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.xjc File: C:\WINDOWS\system32\drngccpf.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\efjpfg.dll//PE_Patch
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\WINDOWS\system32\eolmjrju.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\ertqeqpl.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\esowlece.dll
deleted: Trojan program Trojan.Win32.Monder.rx File: C:\WINDOWS\system32\ffafgaqs.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\fkkcmvxj.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\fkmsaugf.dll
deleted: Trojan program Trojan.Win32.Monder.bkmq File: C:\WINDOWS\system32\fsqafyfk.dll
deleted: Trojan program Trojan.Win32.Monder.bkmq File: C:\WINDOWS\system32\fvajvv.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\fwxcpc.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\gkettlgl.dll
deleted: Trojan program Packed.Win32.Katusha.c File: C:\WINDOWS\system32\gwsh3b8iefd.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hgoeyocs.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cvc File: C:\WINDOWS\system32\hgumqmne.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hgxipq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hjcwhrbt.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hjinxr.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hktbxtdg.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\hoglxd.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\WINDOWS\system32\igmqgflb.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\ihgyijhv.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\WINDOWS\system32\ihxlasle.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cvc File: C:\WINDOWS\system32\iimcoosk.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\inspiglh.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\itrniw.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\ixvsmr.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\WINDOWS\system32\jdmdauyq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\jhvvnahm.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\jsrvxctd.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\jwmtsmql.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kla File: C:\WINDOWS\system32\jxhxwb.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\kbdvfuyh.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\kcvicg.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\kffosl.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cdf File: C:\WINDOWS\system32\kloftuvd.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\kmnjle.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\koprhnmj.dll//PE_Patch
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cvc File: C:\WINDOWS\system32\lnkrfl.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cdg File: C:\WINDOWS\system32\lvqtmuyy.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\lxmxkk.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\miieacbd.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\mlhrjr.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\mmijnuac.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\mpnynwgi.dll
deleted: Trojan program Trojan.Win32.Agent.avwp File: C:\WINDOWS\system32\mtttkaai.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kld File: C:\WINDOWS\system32\mvncvbky.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\mwdjxe.dll
deleted: Trojan program Trojan.Win32.Monder.wf File: C:\WINDOWS\system32\ncfhitvp.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\nqpienvw.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\nqqlid.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\oelgscaa.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\ogogwkye.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\omccpc.dll//PE_Patch
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\orcxbgqe.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\orpxuglc.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\osildakj.dll
deleted: Trojan program Trojan.Win32.Monder.bkmq File: C:\WINDOWS\system32\oswplp.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\otzhaq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\oynndqba.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\oyvksyqv.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\pdhuzo.dll
deleted: Trojan program Trojan.Win32.Monder.bkmq File: C:\WINDOWS\system32\pmmbwyat.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\pnchdx.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\ppryyy.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\pxbrwg.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\pxrfos.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\qgushbiv.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\qhcwts.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\qjjold.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\qnwzuc.dll
deleted: Trojan program Trojan.Win32.Monder.rx File: C:\WINDOWS\system32\qsqwbgli.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\qwaxrvdp.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.chs File: C:\WINDOWS\system32\rggqte.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\rporaq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\rwqcqnqp.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\shhqee.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cdf File: C:\WINDOWS\system32\skzlyk.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\slgsda.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cdg File: C:\WINDOWS\system32\smquki.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\srvxctdq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\sxszpz.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\tbvcko.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\tdzqth.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\tftbhqao.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\tikaxrxy.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\trotnb.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\uapbboah.dll
deleted: Trojan program Trojan.Win32.Monder.wf File: C:\WINDOWS\system32\ubaqtpbh.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\ueiehs.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kla File: C:\WINDOWS\system32\ugcymhxv.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kla File: C:\WINDOWS\system32\ugdvlu.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\ujpxjdqs.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\vcvifo.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\vfjjjunv.dll//PE_Patch
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\vpeiwx.dll
deleted: Trojan program Trojan.Win32.Agent.avwp File: C:\WINDOWS\system32\vvgifi.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\vxiwbg.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\wacvrsju.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\wdoxsoeo.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\wexldntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\wljltp.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.zdg File: C:\WINDOWS\system32\wltetykf.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.kld File: C:\WINDOWS\system32\wnmhnq.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aeud File: C:\WINDOWS\system32\wojlyy.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\wuikmy.dll
deleted: Trojan program Trojan.Win32.Monder.wc File: C:\WINDOWS\system32\wvbtlktp.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\wvrshhuj.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\xdhfyhnf.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\xmsfcmit.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\xtwqdw.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\xxxawg.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\yjrnuoga.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\ykmvco.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\zdqtdq.dll
deleted: Trojan program Trojan.Win32.Monderc.gen File: C:\WINDOWS\system32\zsrbug.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\zwzqmw.dll//PE_Patch
deleted: Trojan program Packed.Win32.Tdss.f File: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\307R8U32\install[1].exe
detected: Trojan program Rootkit.Win32.Qandr.jl File: C:\WINDOWS\system32\drivers\Tps46.sys

Report •

#5
May 28, 2009 at 06:31:07
Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

--------------------------------------------
Donate


Report •


Ask Question