Jump to content

Trojan - Win32.Agent!IK


poldark
 Share

Recommended Posts

I've downloaded, installed and run CCleaner Slim.

Then run a deep scan on A-squared anti-malware (free), which has shown up the Trojan that I've been struggling with for the past 10 days on my wife's PC, at that point I stopped and ran Win32kDiag.

I've attached both logs, I'd really appreciate any help to try to get rid of this thing.

Many thanks

Link to comment
Share on other sites

Open notepad

Copy and Paste the below lines of code to notepad:

@echo off
copy C:\WIN\ServicePackFiles\i386\helpsvc.exe c:\helpsvc.exe
copy C:\WIN\system32\logevent.dll c:\logevent.dll

Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop.

Double-click on fixes.bat to execute it.

-----------------------------------------------------------

Download Avenger from -->> HERE <<-- and unzip to your desktop.

  • Run Avenger
  • Read the prompt that appears, and press OK
  • Copy & paste the following text in Input script Box:
    Files to delete:
    C:\WIN\pchealth\helpctr\binaries\helpsvc.exe
    C:\WIN\system32\eventlog.dll
    
    Files to move:
    C:\helpsvc.exe | C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
    C:\logevent.dll | C:\WIN\system32\eventlog.dll


    Then click "Execute".

  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

-----------------------------------------------------------

Go to start > run and copy and paste the following command in the field:

"%userprofile%\desktop\win32kdiag.exe" -f -r

This should restore permissions on locked files and remove mountpoints.

-----------------------------------------------------------

Post fresh logs for:

  • Avenger (C:\avenger.txt)
  • Win32kDiag
  • a-squared Free
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

OK, think I've got there in the end. Had troubles using the PC to make these changes, the taskbar seemed to disappear and notepad wouldn't start up, but got around it all I think.

I've attached the four logs, bit early to say but the machine seems much better.

Many thanks

Link to comment
Share on other sites

Download Avenger from HERE and unzip to your desktop.

  • Run Avenger
  • Read the prompt that appears, and press OK
  • Copy & paste the following text in Input script Box:
    Files to delete:
    C:\WIN\system32\mpbtqsdg.dll
    C:\WIN\Tasks\Bmkpzpf.job


    Then click "Execute".

  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

-----------------------------------------------------------

Attach fresh logs for:

  • Avenger (C:\avenger.txt)
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...