Win32.Agent.Deot
- Thread starter drDubbelklick
- Start date
drDubbelklick
New member
ComboFix still remaining
Hi,
I executed the command you gave me, combobox disappeared from the desktop. I then rebooted the machine, since it was still present in the file explorer, but combobox is still present in the file explorer, but with a standard icon, see enclosed image. Something obviously went wrong...
/Thomas
Hi,
I executed the command you gave me, combobox disappeared from the desktop. I then rebooted the machine, since it was still present in the file explorer, but combobox is still present in the file explorer, but with a standard icon, see enclosed image. Something obviously went wrong...
/Thomas
drDubbelklick
New member
Gone!
After running the program you supplied, ComboFix is now gone from the left hand side of the file explorer.
The last remaining issue is why the Windows Defender icon does not show in the SysTray anymore. I tried toggling between 1) if it should only be shown if a threat has been detected and 2) always, and then it displayed. It was set to always display and is set to be on (active).
After running the program you supplied, ComboFix is now gone from the left hand side of the file explorer.
The last remaining issue is why the Windows Defender icon does not show in the SysTray anymore. I tried toggling between 1) if it should only be shown if a threat has been detected and 2) always, and then it displayed. It was set to always display and is set to be on (active).
drDubbelklick
New member
Yes it did, but when I rebooted the computer, the Windows Defender icon is still missing...
Hi,
Click start-> and type cmd.exe into search textbox. Right click command prompt icon on the list that appears and select run as administrator.
Please type the following command in the black command prompt window that opened up:
regedit /e "%userprofile%\desktop\runExport.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
After that you should have runExport.txt file on your desktop. Attach it to your post.
Click start-> and type cmd.exe into search textbox. Right click command prompt icon on the list that appears and select run as administrator.
Please type the following command in the black command prompt window that opened up:
regedit /e "%userprofile%\desktop\runExport.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
After that you should have runExport.txt file on your desktop. Attach it to your post.
drDubbelklick
New member
runExport
runExport.txt is enclosed.
runExport.txt is enclosed.
Hi,
Download ERUNT
Save it to your desktop. Run and install this program.
In the box that opens ONLY choose
System registry.
Then click OK.
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.
It should look like this ->
Doubleclick fix.reg, press Yes and ok.
Let's see how it goes with that icon after that.
Download ERUNT
Save it to your desktop. Run and install this program.
In the box that opens ONLY choose
System registry.
Then click OK.
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="\"c:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"It should look like this ->
Doubleclick fix.reg, press Yes and ok.
Let's see how it goes with that icon after that.
drDubbelklick
New member
The icon is back
The icon is now back in the SysTray!
The icon is now back in the SysTray!
drDubbelklick
New member
We were so close...
When I put the computer back on after a few hours rest, the icon did NOT appear in the SysTray.
I checked the Run section under HKLM\...\Run, and the command is indeed there, but is not displayed in the SysTray. I also tried executing the command, but it won't display.
When I put the computer back on after a few hours rest, the icon did NOT appear in the SysTray.
I checked the Run section under HKLM\...\Run, and the command is indeed there, but is not displayed in the SysTray. I also tried executing the command, but it won't display.
Hi,
I read that icon may disappear sometimes even if it was set to show always. No 100% working solution was provided to any of those cases. If protection is running properly and there're no issues with the system I'd suggest to let the thing be. The icon should appear if some action is needed (WD needs updating, detects something etc).
I read that icon may disappear sometimes even if it was set to show always. No 100% working solution was provided to any of those cases. If protection is running properly and there're no issues with the system I'd suggest to let the thing be. The icon should appear if some action is needed (WD needs updating, detects something etc).
drDubbelklick
New member
The icon is back
Yes, I'd have to agree with you. The protection is still there (assuming you have configured it so). Where did you read about the icon sometimes disappearing?
I think that this was the last issue on the list.
Thank you very much for Excellent support.
resent:
Yes, I'd have to agree with you. The protection is still there (assuming you have configured it so). Where did you read about the icon sometimes disappearing?
I think that this was the last issue on the list.
Thank you very much for Excellent support.
resent:drDubbelklick
New member
Sorry, but two issues remain
(I only checked without taking any action):
1) I can no longer create shortcuts on the desktop
2) I ran SpyBot, and it still detected Win32.Agent.Deot:
Win32.Agent.deot: [SBI $124634AE] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lac97inf
Right Media: Tracking cookie (Internet Explorer: Thomas J Ekman) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-04 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-28 Includes\Spyware.sbi (*)
2010-12-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2011-01-04 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
(I only checked without taking any action):
1) I can no longer create shortcuts on the desktop
2) I ran SpyBot, and it still detected Win32.Agent.Deot:
Win32.Agent.deot: [SBI $124634AE] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lac97inf
Right Media: Tracking cookie (Internet Explorer: Thomas J Ekman) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-04 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-28 Includes\Spyware.sbi (*)
2010-12-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2011-01-04 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
drDubbelklick
New member
No Shortcut Being Created
When I drag/drop an URL from Internet Explorer, a shortcut is created, but when I right-click on the Desktop and choose New->Shortcut, nothing happens. I can create a new Folder on the Desktop, so all "New" choices are not corrupt. Can Combofix be the culprit here? I suspect my user profile is corrupt.
When I drag/drop an URL from Internet Explorer, a shortcut is created, but when I right-click on the Desktop and choose New->Shortcut, nothing happens. I can create a new Folder on the Desktop, so all "New" choices are not corrupt. Can Combofix be the culprit here? I suspect my user profile is corrupt.
drDubbelklick
New member
...and as a more serious issue, the lac97inf.sys problem is back!
drDubbelklick
New member
Links now work
Hi. Links now work! :thanks:
Regarding the other issue, the one that you say belongs to Logitech, there is a service locking the file in my temporary folder, just as the trojan with the same name and place did. I also did a scan (but did not remove anything) with SpyBot, and it detected it as Win32.Agent.Deot by examining the registry. I then right-clicked the file and selected "Scan Using Spybot Search&Destroy", but that did not find anything. I am not convinced that the file is benign and come from Logitech - why should they place a service file in the temporary area when they have their "Program Files" to play with?
Hi. Links now work! :thanks:
Regarding the other issue, the one that you say belongs to Logitech, there is a service locking the file in my temporary folder, just as the trojan with the same name and place did. I also did a scan (but did not remove anything) with SpyBot, and it detected it as Win32.Agent.Deot by examining the registry. I then right-clicked the file and selected "Scan Using Spybot Search&Destroy", but that did not find anything. I am not convinced that the file is benign and come from Logitech - why should they place a service file in the temporary area when they have their "Program Files" to play with?