Agent.ac removal problem

Discussion in 'NOD32 version 2 Forum' started by Unknown01, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. Unknown01

    Unknown01 Registered Member

    Joined:
    May 5, 2004
    Posts:
    10
    Hey people,
    Has anyone run into an Agent.ac trojan infection with NOD32? I have a computer with an agent.ac trojan infection. NOD cannot clean or delete the file so a manual removal was attempted. AMON gives the location of the file but whenever the folder is viewed (even from the command prompt with the " attrib " command there's nothing there). AMON continously alerts to its presence but they're nothing there, even an on-demand scan with NOD32 picks up nothing. . . Am confused. . . - a sample of the log is below. . .
    Anyone know anything about it?

    25/06/2004 12:25:30 p.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan error while deleting - file is locked up HYDEDJ\Owner
    25/06/2004 11:57:41 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:57:32 a.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:57:14 a.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan NT AUTHORITY\SYSTEM
    25/06/2004 11:55:24 a.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan error while deleting - file is locked up HYDEDJ\Owner
    25/06/2004 11:50:06 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan error occured while quarantining the object - - error while deleting - file is locked up - error while deleting - file is locked up
    25/06/2004 11:47:49 a.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:47:34 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan NT AUTHORITY\SYSTEM
    25/06/2004 11:47:27 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan
    25/06/2004 11:46:35 a.m. AMON file C:\WINDOWS\SYSTEM32\D3DP.DLL Win32/Agent.AC trojan error while deleting - file is locked up
    25/06/2004 11:45:16 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:45:14 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:45:11 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:45:10 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:45:09 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:45:01 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:59 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:58 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:57 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:55 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:53 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:52 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:51 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:50 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
    25/06/2004 11:44:49 a.m. AMON file C:\WINDOWS\System32\d3dp.dll Win32/Agent.AC trojan HYDEDJ\Owner
     
    Unknown01, Jun 28, 2004
    #1
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,163
    Location:
    Texas

    It says in the log the file is locked. How do you unlock it so you can delete it?


    Found a discussion. HERE and here

    Quote from Marcos

    "I suggest you drop an email to support@nod32.com along with the registry file exported as well as information about the operating and file system you use (FAT32 or NTFS)."
     
    Last edited: Jun 28, 2004
    ronjor, Jun 28, 2004
    #2
  3. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I noticed there is a free removal tool here which may or may not help.
    http://www.kaspersky.com/removaltools
     
    Stan999, Jun 29, 2004
    #3
  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    You could try this manual procedure found at Trend Micro (TROJ_AGENT.AC):

    They also have an automated fix tool at the same link. I hope that that this is the same variant as yours and is helpful to you. I haven't had to face this particular nasty.
     
    Alec, Jun 29, 2004
    #4
  5. Unknown01

    Unknown01 Registered Member

    Joined:
    May 5, 2004
    Posts:
    10
    Thanks guys for the heads up and references. . .
    Much appreciated. . .
     
    Unknown01, Jun 29, 2004
    #5
  6. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    have you tried running NOD32 scanner in safe mode or put hard drive into other PC and scan that way,

    or

    changing ownership of folders/files of those specifice locations.
     
    arrowsmithmidwest, Jun 29, 2004
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...