Home > General > Troj_Agent.fdy


Stay logged in Sign up now! http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-102305-1200-99 Flag Permalink This was helpful (0) Collapse - Bloodhound.Exploit.283 by Marianna Schmudlach / October 23, 2009 12:20 AM PDT In reply to: VIRUS \ SPYWARE ALERTS - October 23, 2009 I'm posting my hijackthis log...I hope I remembered and did it correctly. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: http://songstersoftware.com/general/troj-agent-cac.html

No, create an account now. Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! http://www.sophos.com/security/analyses/viruses-and-spyware/jspdfldgen.html?_log_from=rss Discussion is locked Flag Permalink You are posting a reply to: VIRUS \ SPYWARE ALERTS - October 23, 2009 The posting of advertisements, profanity, or personal attacks is prohibited. If the malware process is in the list displayed by either Task Manager or Process Explorer, but you are unable to terminate it, restart your computer in safe mode.

The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Treiber.de Service Umfrage Kontakt Impressum AGB Datenschutz Werbung Disclaimer Security Datum Nachricht Quelle 16.02.2011 Troj/Agent-QJD Sophos 16.02.2011 Troj/Oficla-BB Sophos 16.02.2011 Troj/VB-FDZ Sophos 16.02.2011 Mal/VB-SH Sophos 16.02.2011 Troj/Java-R Sophos 16.02.2011 Troj/Mdrop-DFR Sophos About CNET Privacy Policy Ad Choice Terms of Use Mobile User Agreement Help Center #totalhash Malware Analysis Database Menu Skip to content Home Search Network Search Upload API Access Browse When executed, it launches an instance on Internet Explorer (IE), most probably as an attempt to download other possibly malicious files.

For additional information about this threat, see: Description created:Oct.

Yes, my password is: Forgot your password? baixefast . Other users can use Housecall, the Trend Micro online virus scanner. Notes: Please note that the name of the file should NOT be used to define if it is legitimate or not.

CNET Reviews Best Products Appliances Audio Cameras Cars Networking Desktops Drones Headphones Laptops Phones Printers Software Smart Home Tablets TVs Virtual Reality Wearable Tech Web Hosting Forums News Apple Computers Deals Short URL to this thread: https://techguy.org/508835 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Do the same for all detected malware files in the list of running processes. Join over 733,556 other people just like you!

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! You will need the name(s) of the file(s) detected earlier.If the process you are looking for is not in the list displayed by Task Manager, proceed to the succeeding solution set. Advertisements do not imply our endorsement of that product or service. Thread Status: Not open for further replies.

com . They are spread manually, often under the premise that they are beneficial or wanted. Please try again now or at a later time. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). %Windir% is a variable that refers to the Windows installation folder.

They are spread manually, often under the premise that they are beneficial or wanted. have a peek at these guys The file "regscan.exe" is known to be created under the following filenames: %MyDocuments%\regscan.exe %ProgramFiles%\sysfixmaster\regscan.exe %System%\regscan.exe %System%\stray.exe %Windir%\regscan.exe Notes: %MyDocuments% is a variable that refers to the file system directory used to Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.Aliases: * BitDefender Trojan.Generic.1434270 * CAT-QuickHeal Trojan.Agent.ATVCharacteristicsCharacteristics -When executed the malware binary copies itself to various Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.AliasesKaspersky - Trojan.Win32.Buzus.cegfNOD32 - Win32/Merond.WMicrosoft - Worm:Win32/Prolaco.gen!CF-Secure - Trojan.Win32.Buzus.cegfCharacteristicsCharacteristics -Upon executing the Trojan, the below mentioned

Any ideas? comadobe . A typical path is C:\Documents and Settings\[UserName]\My Documents. %ProgramFiles% is a variable that refers to the Program Files folder. check over here If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post).

Business  For Home  Alerts No new notifications at this time. Thistype of extortion is known as "ransomware". Join our site today to ask your question.

On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Task Manager or Process Explorer, continue with the next solution procedure,

All submitted content is subject to our Terms of Use. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Are you looking for the solution to your computer problem? NOTE the path and file name of all files detected as TROJ_AGENT.FDY.

etaf replied Mar 7, 2017 at 11:36 PM Playing guitar ekim68 replied Mar 7, 2017 at 11:32 PM A-Z Animals poochee replied Mar 7, 2017 at 11:26 PM A-Z different places On reaching computers it carries out a fake hard-diskscan, displaying false infections to trick users. The file "regscan.exe" has the following possible country of origin: OriginNumber of Incidents Russian Federation60 The following threats are known to be associated with the file "regscan.exe": Threat AliasNumber of Incidents this content Troj_Agent.fdy Discussion in 'Virus & Other Malware Removal' started by wavewatcher, Oct 12, 2006.

II Rd., Science-based Industrial Park HsinChu, Taiwan 300. Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and To check if the malware process has been terminated, close Task Manager, and then open it again. WebTrojan.MulDrop.7169AVEmsisoftTrojan.Injector.AFAVEset (nod32)Win32/Injector.KAVFortinetW32/Injector.fam!trAVFrisk (f-prot)W32/IrcBot.A.gen!EldoradoAVF-SecureTrojan.Injector.AFAVGrisoft (avg)PSW.Agent.JYOAVIkarusTrojan.Win32.AgentAVK7Trojan ( 00386dc51 )AVKasperskyTrojan.Win32.Inject.fbosAVMalwareBytesno_virusAVMcafeePolyPatch-UPXAVMicrosoft Security EssentialsBackdoor:Win32/Turkojan.AIAVMicroWorld (escan)Trojan.Injector.AFAVRisingno_virusAVSophosTroj/Agent-LESAVSymantecno_virusAVTrend Microno_virusAVVirusBlokAda (vba32)Malware-Cryptor.Inject.genRuntime Details:ScreenshotProcess↳ C:\malware.exeCreates ProcessC:\malware.exe Process↳ C:\malware.exe Network Details: Raw Pcap Strings . . ..' .F ... ..

Preview post Submit post Cancel post You are reporting the following post: VIRUS \ SPYWARE ALERTS - October 23, 2009 This post has been flagged and will be reviewed by our However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. It asks usersto purchase the license by registering online in order to use or updateall the tools. Terminating the Malware Program This procedure terminates the running malware process.

Buy Home Office Online Store Renew Online Business Find a Partner Contact Us 1-877-218-7353 (M-F 8am - 5pm CST) Small Business Small Business Online Store Renew Online Find a Partner Contact comWhen Troj/Dldr-CD is installed it creates the file \winspack.dll.Registry entries are set as follows:HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURLhttp://adobe.baixefast.com/get.flashplayer.jsHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyHttp1.10x00000000HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURLhttp://adobe.baixefast.com/get.flashplayer.jsHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet SettingsEnableHttp1_10x00000001HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable0x00000000HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet SettingsProxyHttp1.10x00000000 http://www.sophos.com/security/analyses/viruses-and-spyware/trojdldrcd.html?_log_from=rss Flag Permalink This was helpful (0) Collapse - Troj/FakeVir-PJ by SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved. baixefast .

File "regscan.exe" has the following statistics: Total number of reports analysed611,932 Number of cases that involved the file "regscan.exe"252 Number of incidents when this file was found to be a threat148 Upon execution, it launches an instance on Internet Explorer (IE), most probably as an attempt to download other possibly malicious files. I found where it said it was in file windows/system32/regscan but didn't know if I could delete that or not (was not sure what it was). Show Ignored Content As Seen On Welcome to Tech Support Guy!

Grafik & Video Sound & Musik Häufig gestellte Fragen © 2015 treiber.de ExitProcess },~F,? Other Internet users can use HouseCall, the Trend Micro online virus scanner.