Jump to content

Trojan won't delete or quarantine


Raid
 Share

Recommended Posts

Hi there, EEK recently found Trojan-Spy.Win32.Agent (A), and I've been unable to remove it. I've tried a number of programs, but EEK is the only one that finds it, but won't quarantine or delete it. I'm looking for a little help as I don't want to use my desktop computer until I can make sure it's clean.

 

Thanks very much! 

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-262092928-181899182-210455803-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
2014-08-21 04:05 - 2014-08-21 04:07 - 00000000 ____D () C:\Windows\SysWOW64\New folder
2014-08-20 23:28 - 2014-07-28 09:39 - 00037928 ____N (Graphics Tablet) C:\Windows\SysWOW64\pt21035154.tmp
2014-08-11 16:29 - 2014-08-11 16:29 - 00003032 _____ () C:\Windows\System32\Tasks\{016B8B32-2A59-4227-8596-D095A1C371C7}
2014-08-30 07:41 - 2012-01-23 15:44 - 00004144 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2014-08-14 01:00 - 2012-11-10 22:57 - 00000000 ___HD () C:\Users\Rahll\AppData\Local\pIzIvYFbl3t
2014-08-14 00:02 - 2014-02-18 04:53 - 00000000 ___HD () C:\Users\Rahll\AppData\Local\2O6HdwaZkF8BR0
C:\ProgramData\.bf45c81f8dc8abfeecf09.dat
C:\ProgramData\.nvGL.dat
C:\Users\Rahll\Registry_Backup.reg
C:\Users\Rahll\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
C:\Windows\system32\New Folder
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:cgtLQquiX3jmHvDoJk1GYBE
AlternateDataStreams: C:\ProgramData\Microsoft:BR0APCi8t3IkFzfSUb
AlternateDataStreams: C:\ProgramData\Microsoft:mrgVSE2IGD3pq0QUf5xT
AlternateDataStreams: C:\ProgramData\Reprise:lgylqfxjdtqffeusff`npefmfs`tuvejp`fwbmnfjfk
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\Users\Rahll\IMG-20131228-WA0001.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rahll\AppData\Local\pIzIvYFbl3t:CbyGsOnlk1Fsk96KgUStbWunQ2
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

I did another scan with EEK, it looks like it didn't pick anything up this time, which is great! 

 

However, I did notice in the fixlog: ""C:\Windows\system32\New Folder" => File/Directory not found."

 

Which is interesting because that's where the file was hiding out, is that something to be concerned about?

 

Thanks again!

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...