Problem with Trojan.Agent

  cas5090 12:44 15 Jan 2010

My laptop (Vista Home Premium) has been playing up recently, I keep losing my internet connection and various other niggles.

I ran malwarebytes (mbam) and it detected 2 problems - Backdoor. Bot and Trojan.Agent, both in the Regsistry values.

Mbam said it had removed both but my problems have persisted and every time I run an mbam scan it finds Trojan.Agent again, then supposedly deletes it again.

Any ideas how to permantly get rid of it?

I may not be ableto check back regularly for replies as I keep losing my connection but would be grateful for any advice.


  oldbeefer2 13:44 15 Jan 2010

have a look at skidzy post on page 2 at 0559 hr - click here. Some good advice.

  cas5090 14:12 15 Jan 2010

Thanks for that. Backdoor.Bot is also now back as well as Trojan.Agent.

Just managed to get back online so I am downloading all the suggested stuff from that link you gave and printing the advice out so I can follow it whilst unable to gain access to the internet.

Incidentally, I use AVG Free, Spybot and Malwarebytes. AVG and Sybot did not detect these trojans when I scanned with them, does that mean I need more security and if so, what would people suggest?

Many thanks

  cas5090 14:18 15 Jan 2010

This is from the mbam log once it thinks it has removed them, does it mean anything to anyone?

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

  donki 14:26 15 Jan 2010

The main thing to do is run your antivirus in safe mode that is the key more so than what programs you need. Running in safe mode will mean that whatever virus you have wont be active on your system. Your programs didnt find/remove the programs because the virus had been executed on boot up by your registry.

All the suggested programs are fine however you may not need them all I simply use Microsoft Security Essentials and Spybot Search and Destroy. Everyone has their own preferences, I used to use AVG until I moved to Win7. DONT go over board with antivirus software as 1. U'll slow your system down and 2. Some programs can conflict with each other and reduce the level of protection.

Let us know how you get on.

  cas5090 14:41 15 Jan 2010

Thanks for that donki. When I ran a full scan with my anti virus (AVG) in normal mode it didn't detect the Trojans, might it be worth running it again in safe mode, is that what you are saying?


  donki 14:52 15 Jan 2010

Have you ran it in safe mode yet, if so what did it find?

When removing any virus you will have to be in safe mode so the virus doesnt become active. Once active the virus cannot be removed.

  birdface 15:00 15 Jan 2010

Not sure if you can run AVG in safe mode.
Maybe run Malwarebytes again in safe mode delete what it finds .Run C Cleaner.Switch off System Restore then reboot.Switch system restore back on after the reboot.
Is it possible that it is false positives from Malwarebytes.If so it would normally tell you at the next update.

  donki 15:05 15 Jan 2010

I know you definitely could on the previous AVG I remember a few occasions removing horrid little nasties from family's computers usually from downloads through Limewire, I remmeber one called the "cheeseburger virus". :)

  cas5090 16:12 15 Jan 2010

I tried running AVG in safe mode but it wouldn't run so I ran malwarebytes again (in safe) and deleted the two trojans.

I am now in normal mode and running it gain, they seem to have gone, will it be that simple do you think?

I will restart in safe mode after this current scan and run CCleaner

many thanks.

  donki 16:20 15 Jan 2010

In a word yes, its like everything else, once you know what to do its easy lol.

Just make sure that once you have ran CCleaner boot into Windows normally and rerun AVG/malwarebytes to see if anything reappears, do you know how you got the virsus in the first place?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Sea of Thieves Review

Dell Canvas review: the cheap Wacom Cintiq alternative

How to use iMovie for Mac, tips and more

Comment filmer l’écran d’un iPhone ?