PDA

View Full Version : trojan.win32.agent.aoy



jpetersen
2007-06-20, 21:17
I believe I have the above trojan. I have gone through all your steps in the before you post. I would be so grateful for your help.

Thanks, Jennifer

Here is my online scan.



Scan Results: 204449 files scanned. 6 viruses were detected.


File Infection Status Path
lo1[1] Win32/Vundo!generic infected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I98RILMH\
lo1[2] Win32/Vundo!generic infected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I98RILMH\
anti4[1].exe Win32/Chisyne.BR infected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\WL8L2BSH\
pmkhe.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
qomjkhg.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\
ssqppqn.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\


Here is my hijackthis scan

Logfile of HijackThis v1.99.1
Scan saved at 11:19:41 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\a

jpetersen
2007-06-21, 11:03
I put a new anti-virus program and it seems to have fixed my pc. Jennifer

pskelley
2007-06-21, 14:59
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Jennifer, I will take just a few moments of your time to point out a couple of things that will help you.

1) I have posted the instructions above that need to be followed, they are also pinned to the top of the forum.

2) You posted about 1/2 of your HJT log and that is useless to the volunteers here to support you. Proceedure is:
Notepad > Edit > Select All > Copy/Paste hilited information if it helps.

Thanks

pskelley
2007-06-28, 14:56
This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks