Troj_agent.ac

  1. 14-06-2004  #1
    argus
    argus is offline Junior Member

    Troj_agent.ac

    Well this is a hard one to defeat. I have run virus scan, hijack this, cwshred. Nothing works. What can I do to kill this virus.
    Argus
  2. 14-06-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    You need to Disable System Restore (Don't forget to turn it back on after you have disabled it) to flush the contents which may contain the virus (Click the link in my signature to find out how to disable system restore if you don't know). Tell me how it goes.
  3. 15-06-2004  #3
    argus
    argus is offline Junior Member
    Owen
    Thanks for the advise. At first it seemed to work. But, the troj_agent.ac popped back up. Any other sugestions well be appreciated.
    Argus (Everette)
  4. 15-06-2004  #4
    cybret
    cybret is offline Newbie
    hi argus,
    since you have already downloaded Hijackthis,you might as well post a copy here and someone will have a look at it.
    Open HiJackThis.
    Click "Scan".In the lower left corner,
    click "Save Log. The log will open in Notepad.
    Click "Edit" then "Select All".
    Cut and paste the log here..
  5. 16-06-2004  #5
    static_b_n_e
    static_b_n_e is offline Junior Member
    I have got rid of this virus ... there is no process you need to kill.....

    you need to run regedt32 from run in the start menu.
    then go to local_Machine\software\microsoft\windows\windowsnt \current version\windows

    you will then see in the right pane AppInit_DLLs
    ****make note of the name of the .dll as this is the virus file : )****
    double click it and then delete the value data.


    simply delete the dll file from your windows\system32 folder.
    mine was kbd.dll ( you may have to change the file permissions if you cant delete it)

    virus all gone !!!
    hope this helps.
  6. 16-06-2004  #6
    argus
    argus is offline Junior Member
    Thanks Cheers
    But to no avail. Found regpath deleted the entry. But could not locate file.
    Here's the message I get.
    Troj_Agent.AC
    C:\windows\systems32\winpb.dll
    For the support I'm getting thanks. You guyz are great.
    Argus
  7. 16-06-2004  #7
    static_b_n_e
    static_b_n_e is offline Junior Member
    try doing a search for the file winpb.dll and delete it .. also what virus scanning software are you using ?

    I had a bit of trouble deleting the file due to the permissions on the file. But i just took ownership and heypresto ... file gone : )
  8. 16-06-2004  #8
    static_b_n_e
    static_b_n_e is offline Junior Member
    also try restarting after deleting the value data in regedt32 then see if it has actually gone !!!

    I had to delete it twice .. this is an annoying virus to clean !
  9. 17-06-2004  #9
    argus
    argus is offline Junior Member
    Logfile of HijackThis v1.97.
    Scan saved at 5:24:16 AM, on 6/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\Program Files\WinAntiVirus 2004\AVSvc.exe
    C:\WINDOWS\system32\mfcst32.exe
    C:\Program Files\WinAntiVirus 2004\AVSchSvc.exe
    C:\WINDOWS\System32\rsvp.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ntxt.exe
    C:\WINDOWS\surfmonkey\SMProxy.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Everette\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pflvs.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://pflvs.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://pflvs.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pflvs.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://pflvs.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pflvs.dll/sp.html#96676
    O2 - BHO: (no name) - {47AC66D0-CE97-D311-E35F-40428823161F} - C:\WINDOWS\system32\cryr32.dll
    O4 - HKLM\..\Run: [ntxt.exe] C:\WINDOWS\system32\ntxt.exe
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus 2004\mailscan.dll

    More strange things when I delet entries they show back up. Well heres the a list of the bad guyz.
    Argus
  10. 18-06-2004  #10
    static_b_n_e
    static_b_n_e is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    the C:\WINDOWS\pflvs.dll file looks odd to me ??
    did a search on my PC .. didnt find it .. searched google for it .. nothing found about this file or what it does!

    rename this file to pflvs.dll.old
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« brain dead | Break Through??? »