trojan win32/trojandownloader.agent.cd

trojan win32/trojandownloader.agent.cd found in operating memory.

nod wont touch it.. how do i get rid of it please? it seems to be putting viruses on up to like 27 a day..

[Blackspear]

The simple answer is to reboot into safe mode and run a further scan with Nod32.

The longer answer is, can you follow the steps found in post number 2 of the following thread http://www.wilderssecurity.com/showthread.php?t=47830 just to make sure your system is clean.

Let us know how you go...

Cheers

hey again, didnt work also have .NAM trojen.. didnt have alot of those files that were told to be removed, thnx for ur help, appretiate it alot

[Blackspear]

Quote:

Originally Posted by 34094984

hey again, didnt work also have .NAM trojen.. didnt have alot of those files that were told to be removed, thnx for ur help, appretiate it alot

Did you install a trojan removal program?

Did you run Nod32 in "Safe Mode"?

Did you install and run Hijack This?

Cheers

[Marcos]

Guys, if you encounter a problem getting rid of a particular virus, please follow these steps:

1. restart Windows in Safe mode (if you don't know how, see the instructions below)

2. run the NOD32 on-demand scanner

3. on the Setup tab, make sure the runtime packers, advanced heuristics and potentially dangerous application checkboxes are ticked (in case these options do not appear, please download and install NOD32 2.12.2 from our website http://www.nod32.com/download/download.htm first)

4. click the Clean button

5. if an infected file is found and:
- cannot be cleaned (the case of trojans and most worms), choose to delete it

- contains a probable NewHeur_PE virus:
a) tick the Quarantine check-box and click the Delete button. Subsequently, please send that file from Quarantine (quarantined files are located in the program files\eset\infected directory) to sample@nod32.com
b) alternatively, you can choose to rename the file's extension and send it to sample@nod32.com for analysis

- only the Leave option is available:
if it is an Outlook Express DBX file, you'll need to look it up in your Outlook Express and delete it manually. If it is an archive (cab, zip, etc.), please look up the particular archive and delete it manually (if it contains also other files, use the appropriate unpacker to remove the appropriate file from the archive)

- was detected in the System Volume Information folder, please disable the system restore function as described below.

7. restart Windows in normal mode

8. open Control Center, Resident modules and filters, IMON, Setup. On the HTTP tab, click the Setup button to enter the compatibility setup. We suggest you set all programs but download managers to higher efficiency mode. Should you experience some problems, revert to higher efficiency mode for the particular program.

9. make sure you have all patches for your operating system available from Windows Update installed

Should your machine still behave in a suspicious manner, please download HijackThis (http://209.133.47.12/~merijn/files/HijackThis.exe), run it, click Scan -> Save log and send us the log created for analysis.


What to do if an infected file(s) keeps reappearing (applicable for WinXP)
==============================================

Please disable the system restore function as follows:

Right-click "My Computer" and select "Properties"
Click "System Restore"
Check the "Turn off System Restore on all Drives" check-box
Click OK
Uncheck the "Turn off System Restore on all Drives" check-box
Click OK


How to start Windows in safe mode
=======================
- restart the computer
- just after the POST diagnostics and memory count, start tapping the F8 key
- on the Startup Menu, choose Safe Mode

[Blackspear]

Hi Marcos, that is exactly what I advised in post number 2, the link provided has the same steps plus a few more in case of Browser Hijacks etc...

Cheers

ok nod in safe mode i had already tried, i got and ran hijack this, who do i send the log to? am i emailing it?

[Blackspear]

Quote:

Originally Posted by erfojufrijrf

ok nod in safe mode i had already tried, i got and ran hijack this, who do i send the log to? am i emailing it?

You need to follow each and every step in the link that I provided, one step at a time before moving onto the next step.

Included in the steps are instructions for posting Hijack This Logs...

Cheers

[arrowsmithmidwest]

Quote:

Originally Posted by erfojufrijrf

ok nod in safe mode i had already tried, i got and ran hijack this, who do i send the log to? am i emailing it?

You can analyze the log yourself by pasting it in here:

http://hijackthis.de

it will tell you what is safe and what isn't