Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help with WORM_AGENT.AEYF

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 9th, 2008, 2:15 pm

Panic over - GMER didn't find anything so it wasn't as bad as I first feared.

Things are looking good, but let's run one more scan just to be sure.

I now found the process kjzna1562565.exe in my Taskmaster so I stopped it from running. Grrr!!! I also renamed the two files in the google folder to be able to access the internet.

That was in fact the very file we were worrying about. It's good that you stopped it. But I must also reiterate that self-fixes do make my job harder because not every tool can fully remove things as well as others. In this case however, you did a splendid job and made my work easier :)

Kaspersky Online Scan
I would like you to run an online antivirus scan.

Please click HERE to be taken to the Kaspersky site.

  • The site will present you with a list of important items. Read those. If you're unsure about something, stop and ask! If you're sure everything is all right, close all other windows.
  • Now, click Accept.
  • It will start a download rougly 10 MB in size. If prompted by your firewall to allow internet access, allow.
  • Once the download has finished, click Next.
  • Under Please select a target to scan, choose My Computer
  • Get a cup of coffee and watch some TV. Do not run any other programs while Kaspersky is scanning! If you're on dial-up, you can now terminate the internet connection if you wish.
  • Once finished, you will be presented with the results. Click Save as text and save the log to your desktop.

Post the results in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 11th, 2008, 11:15 am

:lol: I feel stupid. I was waiting for your reply and completely overlook that it's on the second page.

Phew!! I am so happy it is not that bad!!

Anyway, I am downloading Kapersky but it said that starting the Java applet has failed. Will that be an issue? It is still downloading. The actual message at this point is:

"Program is starting. Please wait...
Update source selected: hxxp://www.kaspersky.com
Downloading file: packages/kos-bin-winnt-redist.jar

Starting Java applet has failed! Please go online to use this program.
Downloading file: packages/kos-bin-winnt-engine.jar"

I will try to download Kapersky again. :) It is updating the database now. Will edit this post to post results...

ETA: I can't download Kapersky. This is the end result:
"Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Updater logic error related to download process]"

Can I use the online scanner instead? Or is there another alternative?
Last edited by bluefalcon on December 11th, 2008, 12:41 pm, edited 1 time in total.
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 11th, 2008, 11:51 am

Please don't edit but rather make an extra post. If you edit I won't receive a notification that you have posted.

If Kaspersky does not work we can always try a different scanner.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 11th, 2008, 1:33 pm

Please don't edit your posts! When you do, I won't find out you did!

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post back:
- ESET scanner log
- New RSIT log (you will only get log.txt)
- Description of how the computer is running. Any issues remaining?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 12th, 2008, 3:14 am

Hi OD,

Noted, I will no longer edit my posts :)

hxxp://www.eset.eu/online-scanner does not work with Internet Explorer. After accepting the terms of use a blank website appears saying that the file cannot be found. Initially I thought it might be my disruptive internet connection, but I tried several times.

I dislike IE...
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 12th, 2008, 2:39 pm

Okay, then we'll just use a dowloadable scanner that doesn't need a browser to run.

  1. Please download Sysclean Package by Trend Micro and save it to your desktop.
  2. Download the latest Virus Pattern Files by Trend Micro and save it to your destkop. It is named lptXXX, where XXX are numbers.
    Note: Do not download the Virus Pattern Files if you don't intend to do a scan. Only download it when you want to do a scan, as they are being updated daily.
  3. Create a new folder on your desktop.
    • Right click on your desktop.
    • Click on New > Folder.
    • Type in Trend Micro as the name of the folder.
  4. Select sysclean.com by clicking once. Press Ctrl + X simultaneously.
  5. Open the Trend Micro folder you created earlier. Press Ctrl + V to paste sysclean.com into the folder.
    • Right click and select Extract All.
    • Click on Browse. Navigate to the Trend Micro folder and click OK.
    • Click Next, then Finish.
  6. Close all opened windows except the Trend Micro folder.
  7. Double click on sysclean.com to run it.
  8. Uncheck (untick) Automatically Clean Infected Files box.
  9. Once the scanning is done, click Exit.
  10. A sysclean.log is created in the Trend Micro folder.
  11. Copy and paste that log in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 14th, 2008, 11:22 am

How're you doing?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 15th, 2008, 4:07 am

Hi OD,

Sorry for the delay, but I didn't have time to log on to the internet these past days. I finally managed to do the scan. It found two viruses and one contaminated file. Here are the results:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006-2007, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2008-12-15, 14:56:11, Initialized Rootkit Driver version 1.6.0.1059.
2008-12-15, 14:56:11, Running scanner "C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\TSC.BIN"...
2008-12-15, 14:58:49, Scanner "C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\TSC.BIN" has finished running.
2008-12-15, 14:58:49, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 0 ( B u i l d 1 0 6 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 2 )




S t a r t t i m e : M o n D e c 1 5 2 0 0 8 1 4 : 5 6 : 2 8





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ M o o n a \ M i s d o c u m e n t o s \ M y R e c e i v e d F i l e s \ T r e n d M i c r o \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ M o o n a \ M i s d o c u m e n t o s \ M y R e c e i v e d F i l e s \ T r e n d M i c r o \ t s c . p t n " ( v e r s i o n 9 9 6 ) [ s u c c e s s ]





C o m p l e t e t i m e : M o n D e c 1 5 2 0 0 8 1 4 : 5 8 : 4 9


E x e c u t e p a t t e r n c o u n t ( 3 0 3 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2008-12-15, 14:58:49, Running scanner "C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\VSCANTM.BIN"...
2008-12-15, 16:59:42, Scanner "C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\VSCANTM.BIN" has finished running.
2008-12-15, 16:59:43, VSCANTM Log:

2008-12-15, 16:59:43, Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/15/2008 14:58:50
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 709 (346464/346464 Patterns) (2008/12/14) (570900)

Command Line: C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /LR C:\*.* /P=C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\lpt$vpn.709

C:\Documents and Settings\Moona\Mis documentos\Mis vídeos\Extra dls\Babylon Circus-Dances Of Resistance-2004.zip (2/55 Viruses Found)
72279 files have been read.
72279 files have been checked.
72225 files have been scanned.
194423 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/15/2008 16:59:33 2 hours 22 seconds (7221.84 seconds) has elapsed.(99.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-15, 16:59:44, Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/15/2008 14:58:50
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 709 (346464/346464 Patterns) (2008/12/14) (570900)

Command Line: C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /LR C:\*.* /P=C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\lpt$vpn.709

Can not Clean [ WORM_AGENT.AEYF]( 1) from C:\Documents and Settings\Moona\Mis documentos\Mis vídeos\Extra dls\Babylon Circus-Dances Of Resistance-2004.zip,(setup.exe)
72279 files have been read.
72279 files have been checked.
72225 files have been scanned.
194423 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/15/2008 16:59:33 2 hours 22 seconds (7221.84 seconds) has elapsed.(99.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-15, 16:59:44, Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/15/2008 14:58:50
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 709 (346464/346464 Patterns) (2008/12/14) (570900)

Command Line: C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /LR C:\*.* /P=C:\Documents and Settings\Moona\Mis documentos\My Received Files\Trend Micro\lpt$vpn.709

Can not Clean [ WORM_AGENT.AEYF]( 1) from C:\Documents and Settings\Moona\Mis documentos\Mis vídeos\Extra dls\Babylon Circus-Dances Of Resistance-2004.zip,(setup.exe)
72279 files have been read.
72279 files have been checked.
72225 files have been scanned.
194423 files have been scanned. (including files in archived)
1 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/15/2008 16:59:33 2 hours 22 seconds (7221.84 seconds) has elapsed.(99.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*




Hope you had a great weekend! :)
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 15th, 2008, 2:17 pm

Delete this if it's there:
C:\Documents and Settings\Moona\Mis documentos\Mis vídeos\Extra dls\Babylon Circus-Dances Of Resistance-2004.zip

Then post a new hijackthis log and a new uninstall list.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 15th, 2008, 11:41 pm

Deleted. :)

Here is the Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:31 PM, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\Archivos de programa\TOSHIBA\TME3\TMERzCtl.EXE
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\ARCHIV~1\Iomega\System32\AppServices.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Archivos de programa\TOSHIBA\TME3\Tmesrv31.exe
C:\Archivos de programa\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Java\jre6\bin\java.exe
C:\Archivos de programa\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Moona\Mis documentos\My Received Files\exe\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3081
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Archivos de programa\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Archivos de programa\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\Moona\Datos de programa\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124fd.bay124.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C4B469-D535-4947-8271-4FC3504AC815}: NameServer = 123.200.191.17 123.200.191.18
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\ARCHIV~1\Iomega\System32\AppServices.exe
O23 - Service: IomegaAccess - Unknown owner - C:\WINDOWS\System32\iomegaaccess.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Archivos de programa\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 8662 bytes


And the Uninstall list:

Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734)
Actualización de seguridad para el Reproductor de Windows Media 10 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
Actualización de seguridad para Step by Step Interactive Training (KB898458)
Actualización de seguridad para Step by Step Interactive Training (KB923723)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB893756)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896423)
Actualización de seguridad para Windows XP (KB896424)
Actualización de seguridad para Windows XP (KB896428)
Actualización de seguridad para Windows XP (KB899587)
Actualización de seguridad para Windows XP (KB899589)
Actualización de seguridad para Windows XP (KB899591)
Actualización de seguridad para Windows XP (KB900725)
Actualización de seguridad para Windows XP (KB901017)
Actualización de seguridad para Windows XP (KB901190)
Actualización de seguridad para Windows XP (KB901214)
Actualización de seguridad para Windows XP (KB902400)
Actualización de seguridad para Windows XP (KB904706)
Actualización de seguridad para Windows XP (KB905414)
Actualización de seguridad para Windows XP (KB905749)
Actualización de seguridad para Windows XP (KB908519)
Actualización de seguridad para Windows XP (KB911562)
Actualización de seguridad para Windows XP (KB911567)
Actualización de seguridad para Windows XP (KB911927)
Actualización de seguridad para Windows XP (KB912919)
Actualización de seguridad para Windows XP (KB913580)
Actualización de seguridad para Windows XP (KB914388)
Actualización de seguridad para Windows XP (KB914389)
Actualización de seguridad para Windows XP (KB917344)
Actualización de seguridad para Windows XP (KB917422)
Actualización de seguridad para Windows XP (KB917953)
Actualización de seguridad para Windows XP (KB918118)
Actualización de seguridad para Windows XP (KB918439)
Actualización de seguridad para Windows XP (KB919007)
Actualización de seguridad para Windows XP (KB920213)
Actualización de seguridad para Windows XP (KB920670)
Actualización de seguridad para Windows XP (KB920683)
Actualización de seguridad para Windows XP (KB920685)
Actualización de seguridad para Windows XP (KB921503)
Actualización de seguridad para Windows XP (KB921883)
Actualización de seguridad para Windows XP (KB922819)
Actualización de seguridad para Windows XP (KB923191)
Actualización de seguridad para Windows XP (KB923414)
Actualización de seguridad para Windows XP (KB923689)
Actualización de seguridad para Windows XP (KB923694)
Actualización de seguridad para Windows XP (KB923980)
Actualización de seguridad para Windows XP (KB924191)
Actualización de seguridad para Windows XP (KB924270)
Actualización de seguridad para Windows XP (KB924496)
Actualización de seguridad para Windows XP (KB924667)
Actualización de seguridad para Windows XP (KB925902)
Actualización de seguridad para Windows XP (KB926255)
Actualización de seguridad para Windows XP (KB926436)
Actualización de seguridad para Windows XP (KB927779)
Actualización de seguridad para Windows XP (KB927802)
Actualización de seguridad para Windows XP (KB928090)
Actualización de seguridad para Windows XP (KB928255)
Actualización de seguridad para Windows XP (KB928843)
Actualización de seguridad para Windows XP (KB929123)
Actualización de seguridad para Windows XP (KB929969)
Actualización de seguridad para Windows XP (KB930178)
Actualización de seguridad para Windows XP (KB931261)
Actualización de seguridad para Windows XP (KB931784)
Actualización de seguridad para Windows XP (KB932168)
Actualización de seguridad para Windows XP (KB933729)
Actualización de seguridad para Windows XP (KB935839)
Actualización de seguridad para Windows XP (KB935840)
Actualización de seguridad para Windows XP (KB936021)
Actualización de seguridad para Windows XP (KB937143)
Actualización de seguridad para Windows XP (KB937894)
Actualización de seguridad para Windows XP (KB938127)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB938829)
Actualización de seguridad para Windows XP (KB941202)
Actualización de seguridad para Windows XP (KB941568)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB941644)
Actualización de seguridad para Windows XP (KB942615)
Actualización de seguridad para Windows XP (KB943055)
Actualización de seguridad para Windows XP (KB943460)
Actualización de seguridad para Windows XP (KB943485)
Actualización de seguridad para Windows XP (KB944338-v2)
Actualización de seguridad para Windows XP (KB944533)
Actualización de seguridad para Windows XP (KB944653)
Actualización de seguridad para Windows XP (KB946026)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950749)
Actualización de seguridad para Windows XP (KB950759)
Actualización de seguridad para Windows XP (KB950760)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956390)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958644)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB900485)
Actualización para Windows XP (KB904942)
Actualización para Windows XP (KB908531)
Actualización para Windows XP (KB910437)
Actualización para Windows XP (KB911280)
Actualización para Windows XP (KB916595)
Actualización para Windows XP (KB920872)
Actualización para Windows XP (KB922582)
Actualización para Windows XP (KB927891)
Actualización para Windows XP (KB930916)
Actualización para Windows XP (KB931836)
Actualización para Windows XP (KB936357)
Actualización para Windows XP (KB938828)
Actualización para Windows XP (KB942763)
Actualización para Windows XP (KB942840)
Actualización para Windows XP (KB946627)
Actualización para Windows XP (KB951072-v2)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.0
Ahorro de energía de TOSHIBA
ALPS Touch Pad Driver
Ampliación portátil de TOSHIBA 3 para Windows XP V3.63.00.XP
ArcSoft PhotoImpression
AVG 7.5
bildschirmschoner2
Canon i70
Cda Product Service - shared component
Consola de Toshiba
Controladores de sonido SigmaTel AC97
Creative CardCam Driver (1.00.04.00)
Creative CardCam Manual (English)
CutePDF Writer 2.7
DFX for Windows Media Player
diddl_kino
Diddl-Bildschirmfreund
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ERUNT 1.1j
e-tax 2007
FoxyTunes for Firefox
Herramienta de diagnóstico de PC de TOSHIBA
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HouseCall 6.6
InCD (Ahead Software)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for Toshiba
IZArc 3.5 beta 3
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 10
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft ActiveX Control Pad
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 6.0 Learning Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works
Microsoft Works 2000
Move Networks Player for Firefox
Mozilla Firefox (3.0.4)
Mp3tag v2.42
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyConnect Special Offer
Nero - Burning Rom
NI LabVIEW Run-Time Engine 5.1.1
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
QuickTime
Registro de Toshiba
Reproductor de Windows Media 11
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB885884
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB891781
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB914440)
Revisión para Windows XP (KB952287)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype 2.0
Sonic DLA
Sonic RecordNow!
Sony Ericsson PC Suite
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fax Extension
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Software Upgrades
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Zooming Utility
Utilidad de cambio de dispositivo de visualización de TOSHIBA
Utilidad de tecla directa TOSHIBA para dispositivos de pantalla
VideoLAN VLC media player 0.8.2
VIRGIN BROADBAND
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 16th, 2008, 9:55 am

Open hijackthis, click do a system scan only, put a check next to this and click fix checked (with all open windows closed)

O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\Moona\Datos de programa\Google\kjzna1562565.exe"

Show hidden files and folders
We need to slightly adjust your settings.

  • Open the Control Panel (Start > Control Panel)
  • Double-click Folder Settings
  • On the View tab, uncheck Hide protected system files (recommended). A warning will show, just click Yes.
  • Check Show the contents of system directories
  • Uncheck Hide extensions for known file types
  • Scroll down and choose Show hidden files and folders
  • Press OK to save changes.

Delete this file:

C:\Documents and Settings\Moona\Datos de programa\Google\kjzna1562565.exe

If you can't find it please rerun gmer.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 18th, 2008, 7:58 am

I did what you asked and file has been now successfully deleted.

Do you want me to change my settings back to what they were or keep them as is. I am referring to hiding the system files and extensions, etc.

Should I restart my computer?
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby Odd dude » December 18th, 2008, 1:28 pm

Click start>run and copy/paste this:
Code: Select all
gmer_uninstall

then click ok.

Click start>run again and copy/paste this:
Code: Select all
combofix /u

Before clicking ok please disable all antivirus/firewall/etc software as combofix will run again.

Install a firewall
There is no firewall installed on your computer!
Either that, or you're using Windows Firewall, which is not a good idea.

Firewalls are programs that monitor incoming and outcoming connections to your computer. Did you know that, just by connecting to the internet, you are being exposed to hundreds of treats immediately? The way to solve this, is to use a firewall, and up-to-date antivirus software.

Windows Firewall only monitors incoming connections. This means that, once you are infected, the malware is free to ask for new instructions, send private data to its creator, or invite its malware buddies to come over. In other words: it's almost as good as no firewall at all.

Download a free for personal use firewall NOW from one of these sources:
COMODO Personal Firewall
Online Armor Free

(COMODO also bundles antivirus - if you already have antivirus software make sure you don't install COMODO's antivirus as well).

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.


If you don't have any other issues, then I think all the malware is gone!


Congratulations!
Image Image Image Image Image Image

As far as I can tell, you are CLEAN!


Image


Have a big cup of Image, sit back & relax, and now please follow a few of the following tips; they will dramatically reduce your chance of getting infected again.


  • Turn on Automatic Updates if you have not done so. It is MANDATORY to keep your Windows updated, otherwise you are vulnerable to exploits! To turn on Automatic Updates: click Start > Control Panel > Security Centre > Automatic Updates.

Below are optional items. It's highly recommended to read them through, but decide for yourself how many of these recommendations (if any) you follow.

  • Install WinPatrol from here. Instructions for use are here.

  • Install SpywareBlaster to protect you from bad sites. Download - How to use it

  • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
    First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
    The disabling routine:
    1. Click Start, then Run
    2. Copy and paste the following:
      Code: Select all
      sc config dnscache start= disabled
    3. Click OK.
    Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

  • Install Sandboxie. Sandboxie isolates programs into a sandbox. When you get infected, and the program that caused this (i.e. Internet Explorer) is inside the sandbox, the infection will remain trapped inside the sandbox. Then it only takes a few clicks to empty the sandbox and thus kill the virus. Sandboxie is completely free! Download it here.
Note that using Sandboxie does not guarantee that you will never get infected. Some malware can bypass Sandboxie, so don't let your guard down!

Please reply to this thread once more so we know it can be archived


Happy surfing!! :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Please help with WORM_AGENT.AEYF

Unread postby bluefalcon » December 19th, 2008, 4:50 am

I did what you asked me to do. I am also installing all those programs now. You are right, I only used Windows Firewall.

Thank you soooo much OD for all your help!!! :D I am happy my computer is clean!! Finally that worm_agent.aeyf is gone!! Wooohooo!! Thank you, thank you, thank you OD!!! I appreciate you taking out the time to help others greatly! :cheers:
bluefalcon
Regular Member
 
Posts: 15
Joined: November 28th, 2008, 6:40 am

Re: Please help with WORM_AGENT.AEYF

Unread postby NonSuch » December 19th, 2008, 5:58 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 419 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware