Results 1 to 6 of 6

Thread: TrojanDownloader.Win32.Agent.bq

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    5

    Exclamation TrojanDownloader.Win32.Agent.bq

    Hi,
    I recently got this adware on my computer. I can detect it with Yahoo Anti-Spy and I have deleted parts of it with SpyBot. TeaTimer blocks the main processes from running but I get an alert from TeaTimer everytime I open Internet Explorer. I used hijackthis to delete 1 registry key but everytime I open Internet Explorer it comes back. My system is not clean but that is the only problem I have now. Its not doing anything but my computer is a little slower now and I just want it cleaned.

    Spybot and Anti-Spy are the only spyware/adware cleaners I trust. I do not want to try anyothers because they make claims but really they are just spyware too. If there is some way to make Spybot detect and remove the files/registry keys listed below that would be great!

    I have done some research and here's what I found on one adware encyclopedia:

    Source: http://www.pestpatrol.com/spywarecen...x?id=453088440

    TrojanDownloader.Win32.Agent.bq
    ________________________________________________
    Executable Files:
    d3zi32.exe
    ipfc.exe
    appgo.exe
    apitu.exe
    addqw.exe
    addod32.exe
    javane32.exe
    ntrk.exe
    sdkqq.exe
    mfcvy32.exe
    addde32.exe
    %windows%\netwl.exe
    %windows%\sdkdw.exe
    %windows%\ntdx.exe
    %windows%\sysiw32.exe
    %windows%\sdkyb.exe
    %windows%\atlri.exe
    %windows%\crui32.exe
    syscu32.exe
    wincu.exe
    %system%\appgn32.exe
    %system%\appee32.exe
    %system%\appdj32.exe
    %system%\apiwm32.exe
    %system%\appql.exe
    %system%\iest.exe
    %system%\ieqy32.exe
    %system%\atlrc32.exe
    %system%\atldu.exe
    %system%\ipxw32.exe
    %system%\javaiy.exe
    %system%\ntqv32.exe
    %system%\netem.exe
    %system%\msjj32.exe
    %system%\sysnk32.exe
    %system%\winfv.exe

    DLL Files:
    %windows%\addji32.dll
    %system%\wincc.dll
    %system%\syswl32.dll
    %system%\sdksm.dll
    %system%\sdkox.dll
    %system%\sdkce.dll
    %system%\netgn32.dll
    %system%\javazw32.dll
    %system%\iphn32.dll
    %system%\apppq32.dll
    %system%\appno32.dll
    %system%\appln.dll
    %system%\addqk32.dll
    sysed32.dll
    %windows%\iemu.dll
    %windows%\d3fh.dll
    %windows%\atlyu32.dll
    %windows%\appcr.dll
    %windows%\appaf32.dll
    %windows%\apihu.dll
    %windows%\msob32.dll
    srvyb.dll
    linkoptimizer.dll
    ipih32.dll
    d3bu.dll

    Registry Items:
    HKEY_CLASSES_ROOT\clsid\{066ee2b8-9f1b-1de8-3f16-1df8edc8b2d9}
    HKEY_CLASSES_ROOT\clsid\{0e40f81f-5b9f-c516-9b3d-6d5155dbf8d3}
    HKEY_CLASSES_ROOT\clsid\{12c95af8-1a4a-38a0-a207-683930a96603}
    HKEY_CLASSES_ROOT\clsid\{184726fc-0a5f-1c4b-02d0-96c8a7ec9d84}
    HKEY_CLASSES_ROOT\clsid\{2340fd3f-b793-52d4-1f14-efc67354939c}
    HKEY_CLASSES_ROOT\clsid\{241b9fe2-4d00-a805-25bc-b7c142661d24}
    HKEY_CLASSES_ROOT\clsid\{2a3986ed-10f0-f704-adfe-27c0e5f32369}
    HKEY_CLASSES_ROOT\clsid\{2b24be16-52fc-8459-1c5c-7c3b92ce9431}
    HKEY_CLASSES_ROOT\clsid\{32d93e0d-e3b3-1317-5c87-5b79e434d004}
    HKEY_CLASSES_ROOT\clsid\{3af01463-b83a-dfe1-346d-3c8c35e97cf4}
    HKEY_CLASSES_ROOT\clsid\{3f105f58-8c2b-13b6-0383-77e66d7e7fa5}
    HKEY_CLASSES_ROOT\clsid\{3fd0125d-aadf-25ea-92ca-13874588a1cd}
    HKEY_CLASSES_ROOT\clsid\{4002aa02-402d-46f5-18d3-929fcc430c3d}
    HKEY_CLASSES_ROOT\clsid\{4529cede-9b19-0a97-a8eb-fd4c0e1e70c2}
    HKEY_CLASSES_ROOT\clsid\{5ac10c19-6012-8f21-4cb9-8697c487c368}
    HKEY_CLASSES_ROOT\clsid\{63e7fe7b-1c87-c3a1-e69d-3202daa17674}
    HKEY_CLASSES_ROOT\clsid\{69882595-b103-49fe-bcaf-15ce4376766f}
    HKEY_CLASSES_ROOT\clsid\{76823114-4c71-b278-4b35-205c8ec21e56}
    HKEY_CLASSES_ROOT\clsid\{7b8e64b1-197b-ed9c-a445-fe3d27877ac9}
    HKEY_CLASSES_ROOT\clsid\{8827b4b3-3b54-9bfa-ee4b-a0c38be10b19}
    HKEY_CLASSES_ROOT\clsid\{9254df52-1f77-e079-a770-c085ff81be08}
    HKEY_CLASSES_ROOT\clsid\{9254f668-d36b-cadd-7f24-278697dd83ea}
    HKEY_CLASSES_ROOT\clsid\{9b85460c-d10b-35b3-18c1-dbd86afe557b}
    HKEY_CLASSES_ROOT\clsid\{a35bad35-84b0-4800-5fd0-a6d89f1c69b6}
    HKEY_CLASSES_ROOT\clsid\{a6a537e1-a69b-6c58-00ac-b6c4e8539037}
    HKEY_CLASSES_ROOT\clsid\{c0b7ddaa-5ac6-ff54-df8d-ceadf8e7ea23}
    HKEY_CLASSES_ROOT\clsid\{cb88eaf8-bf98-ec43-13e9-61cc8ee8c97a}
    HKEY_CLASSES_ROOT\clsid\{cd02d512-2399-f8d2-24ee-c9901ac146ed}
    HKEY_CLASSES_ROOT\clsid\{d772b290-2c86-27f0-89b6-1f3edd30d4aa}
    HKEY_CLASSES_ROOT\clsid\{d81b14c0-63f6-b7df-ed9d-d74a3a197627}
    HKEY_CLASSES_ROOT\clsid\{e0ae89e6-0065-8993-dabf-a0de398d6009}
    HKEY_CLASSES_ROOT\clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}
    HKEY_CLASSES_ROOT\clsid\{f21964cf-4a8b-21d0-30fb-cba9536a5cf1}
    HKEY_CLASSES_ROOT\software\classes\clsid\{0feb4b06-f5f0-e4fa-18ef-60fd7dbc8b42}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{184726fc-0a5f-1c4b-02d0-96c8a7ec9d84}
    HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run crew.exe
    HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run javaww32.exe
    HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run mfcvy32.exe
    HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run netiu32.exe
    HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run sysnf32.exe
    HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks {184726fc-0a5f-1c4b-02d0-96c8a7ec9d84}
    HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks {2340fd3f-b793-52d4-1f14-efc67354939c}
    HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks {9254f668-d36b-cadd-7f24-278697dd83ea}
    HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks {ad057e36-3e90-9c24-a714-a8ade460fbf9}
    HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks {e0dd7a95-1df5-210a-c8d1-d9ab86bd9109}
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{184726fc-0a5f-1c4b-02d0-96c8a7ec9d84}
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2340fd3f-b793-52d4-1f14-efc67354939c}
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9254f668-d36b-cadd-7f24-278697dd83ea}

    Files:
    addde32.exe
    addod32.exe
    addqw.exe
    apitu.exe
    appgo.exe
    d3bu.dll
    d3zi32.exe
    ipfc.exe
    ipih32.dll
    javane32.exe
    kkvdp.log
    mfcvy32.exe
    netgn32.dll
    netwl.exe
    nlyvm.log
    linkoptimizer.dll
    ntrk.exe
    only sex website.url
    sdkqq.exe
    sdkyb.exe
    search the web.url
    seven days of free porn.url
    %windows%\sysiw32.exe
    %windows%\sdkdw.exe
    %windows%\sdkyb.exe
    %windows%\iemu.dll
    %windows%\msob32.dll
    %windows%\netwl.exe
    %windows%\ntdx.exe
    %windows%\addji32.dll
    %windows%\apihu.dll
    %windows%\appaf32.dll
    %windows%\appcr.dll
    %windows%\atlri.exe
    %windows%\atlyu32.dll
    %windows%\crui32.exe
    %windows%\d3fh.dll
    srvyb.dll
    syscu32.exe
    sysed32.dll
    syswl32.dll
    wincu.exe
    %system%\addqk32.dll
    %system%\apiwm32.exe
    %system%\appdj32.exe
    %system%\appee32.exe
    %system%\appgn32.exe
    %system%\appln.dll
    %system%\appno32.dll
    %system%\apppq32.dll
    %system%\appql.exe
    %system%\atldu.exe
    %system%\atlrc32.exe
    %system%\ieqy32.exe
    %system%\iest.exe
    %system%\iphn32.dll
    %system%\ipxw32.exe
    %system%\javaiy.exe
    %system%\javazw32.dll
    %system%\msjj32.exe
    %system%\netem.exe
    %system%\netgn32.dll
    %system%\ntqv32.exe
    %system%\sdkce.dll
    %system%\sdkox.dll
    %system%\sdksm.dll
    %system%\sysnk32.exe
    %system%\syswl32.dll
    %system%\wincc.dll
    %system%\winfv.exe

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello

    Open Spybot>Help>About
    Let us know the version and latest detection update please, also your Operating System.

    Thanks.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Sep 2006
    Posts
    5

    Smile

    Quote Originally Posted by tashi View Post
    Hello

    Open Spybot>Help>About
    Let us know the version and latest detection update please, also your Operating System.

    Thanks.

    Latest Update: 2006-09-22 Windows XP

    Also, one thing I forgot to add is that this adware also targets and deletes SDHelper.dll which is Spybot's spyware blocker browser helper.

    -Thanks for your reply!

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hi there.

    You didn't give us the version of Spybot-S&D, 1.3 or 1.4.

    Please follow the instructions in this sticky topic so someone can take a look at the system.

    "BEFORE you POST" -Preliminary Steps

    Then start your own thread in the malware forum:
    Malware Removal Forum

    Once you have posted a helper will advise you as soon as available.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Sep 2006
    Posts
    5

    Default

    Version 1.4 for sure, Sorry for the late reply

  6. #6
    Junior Member
    Join Date
    Sep 2006
    Posts
    5

    Default

    Also, is there anyway for teatimer to unblock processes?

    Because I tried deleting that URLSeachhook missing thing and teatimer blocked that change. I want to delete it

    Thank You!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •