QQFace and Trojan.Downloader.Agent.AEA

[loodles]

I recently have been infected with adware with QQFace and Trojan.Downloader.Agent.AEA

My first scan was with Spyware Doctor application which found the following entries. I tried to manually delete these registries but they seem to keep coming back.

I am unable to detect this using Spybot.

Any help would be greatly appreciated

I am on WinXP. Attached is the scanned report.

Thanks in advance,
Callum

 

[tashi]

Hi there.

I am not familiar with Spyware Doctor logs.

If you would like to post a Spybot S&D log so that we can check the System please do the following:

Spybot-S&D version 1.4
Version 1.4 :Systems Supported

• Close all browsers
• Open SpyBot, check for and get any updates available
• Check for problems and fix everything found in red
• Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  
• Uncheck[ ] do not report disabled or known legitimate Items.
• Uncheck[ ] Include a list of services in report.
• Uncheck[ ] Include uninstall list in report.
  
• Now select (near the top) view report.
• Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Or:
Follow the instructions in this sticky topic to post a HJT log in malware removal.
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

Then start your own thread in the malware forum and copy/paste the HJT log into the topic:
Malware Removal Forum

Cheers.

 

[SpySentinel]

Reply

You can also submit the malware files to detections AT spybot.info

Replace AT with @

 

[loodles]

helios trojan ... rav.exe & updat\update.exe Troj/QQHelp-P

I am having trouble with my computer with the helios trojan horse.

I have followed all the steps (esp the before you post), been through all the processes, etc but I can't see this program running.

I noticed this rav.exe file on my C:\Program Files\Common Files\ folder

More on this http://www.auditmypc.com/process/rav.asp

I had manually deleted this program but it keeps coming back.

Fortunately, I am using the SpyBot SD Resident, and it tells me when Registry entry is being updated in the \Run ..

Actually, this is related to the other problem I am getting with Troj/QQHelp-P.

This is where I get a drop on my C:\Program Files\Common Files\updat\update.exe which wants to add itself to the registry.

These 2 things are related. Again, I had deleted this file manually but it keeps coming up.

I am not sure what runs it. I have run several scans and I can't find it using Spybot.


Is there also any way I can configure Spybot so that when it adds C:\Program Files\Common Files\updat\update.exe

Details on the web on this is

http://www.sophos.com/security/analyses/trojqqhelpp.html

Any help be great.. .

Thanks
Callum

 

[tashi]

loodles

Please see the instructions I posted above:
http://forums.spybot.info/showpost.php?p=47857&postcount=2