PDA

View Full Version : QQFace and Trojan.Downloader.Agent.AEA



loodles
2006-10-20, 19:36
I recently have been infected with adware with QQFace and Trojan.Downloader.Agent.AEA

My first scan was with Spyware Doctor application which found the following entries. I tried to manually delete these registries but they seem to keep coming back.

I am unable to detect this using Spybot.

Any help would be greatly appreciated

I am on WinXP. Attached is the scanned report.

Thanks in advance,
Callum

tashi
2006-10-20, 22:18
Hi there.

I am not familiar with Spyware Doctor logs.

If you would like to post a Spybot S&D log so that we can check the System please do the following:

Spybot-S&D version 1.4
Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html)

Close all browsers
Open SpyBot, check for and get any updates available
Check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
Uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Or:
Follow the instructions in this sticky topic to post a HJT log in malware removal.
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the malware forum and copy/paste the HJT log into the topic:
Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Cheers. :)

SpySentinel
2006-10-21, 01:42
You can also submit the malware files to detections AT spybot.info

Replace AT with @

loodles
2006-10-25, 14:17
I am having trouble with my computer with the helios trojan horse.

I have followed all the steps (esp the before you post), been through all the processes, etc but I can't see this program running.

I noticed this rav.exe file on my C:\Program Files\Common Files\ folder

More on this http://www.auditmypc.com/process/rav.asp

I had manually deleted this program but it keeps coming back.

Fortunately, I am using the SpyBot SD Resident, and it tells me when Registry entry is being updated in the \Run ..

Actually, this is related to the other problem I am getting with Troj/QQHelp-P.

This is where I get a drop on my C:\Program Files\Common Files\updat\update.exe which wants to add itself to the registry.

These 2 things are related. Again, I had deleted this file manually but it keeps coming up.

I am not sure what runs it. I have run several scans and I can't find it using Spybot.


Is there also any way I can configure Spybot so that when it adds C:\Program Files\Common Files\updat\update.exe

Details on the web on this is

http://www.sophos.com/security/analyses/trojqqhelpp.html

Any help be great.. .

Thanks
Callum

tashi
2006-10-25, 21:25
loodles

Please see the instructions I posted above:
http://forums.spybot.info/showpost.php?p=47857&postcount=2

:)