Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Agent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan.Agent

Unread postby marlenefoung » July 30th, 2012, 10:47 pm

I did it and MBAM still found a trojan:

Trojan.Agent
Registry value
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|61703

MBAM log:Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Foung-Yang Family :: FOUNG-YANG-PC [administrator]

Protection: Enabled

30/07/2012 7:35:42 PM
mbam-log-2012-07-30 (19-35-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190498
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|61703 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mstvfixe.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm
Advertisement
Register to Remove

Re: Trojan.Agent

Unread postby askey127 » July 31st, 2012, 6:50 am

marlene,
I think that's just a leftover registry entry. Let's see.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (64-bit)
Download Mirror #2 (64-bit)


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run  /sub
    
    :filefind
    mstvfixe.cmd
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 31st, 2012, 7:51 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 19:49 on 31/07/2012 by Foung-Yang Family
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"61703"="C:\PROGRA~3\LOCALS~1\Temp\mstvfixe.cmd"


========== filefind ==========

Searching for "mstvfixe.cmd"
No files found.

-= EOF =-
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » August 1st, 2012, 7:30 am

marlene,
That is just an "orphaned" registry entry. The file it's trying to run doesn't exist any more.
Let's get rid of it so MBAM won't detect it .
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "61703"=-
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » August 2nd, 2012, 8:20 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\61703 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Foung-Yang Family
->Temp folder emptied: 2154259 bytes
->Temporary Internet Files folder emptied: 344509975 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2475 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6430399 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 842433337 bytes

Total Files Cleaned = 1,140.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08012012_211002

Files\Folders moved on Reboot...
C:\Users\Foung-Yang Family\AppData\Local\Temp\VGX698B.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Users\Foung-Yang Family\AppData\Local\Temp\VGX698B.tmp not found!

Registry entries deleted on Reboot...
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » August 3rd, 2012, 5:45 pm

marlene,
Looks like we got it this time.
Let me know if MBAM finds anything. (It could possibly find something in the C:_OTL\ folder but that's a harmless quarantine location).

Should be clean now.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » August 3rd, 2012, 7:40 pm

Thank you for your help and for your time:)
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » August 3rd, 2012, 9:13 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware