error while deleting or quarantining downloader.agent.uj

Discussion in 'ewido anti-spyware forum' started by Torquemada, Jul 10, 2006.

Thread Status:
Not open for further replies.
  1. Torquemada

    Torquemada Registered Member

    Joined:
    Jul 10, 2006
    Posts:
    7
    Hoping someone can help me with my little mess. :)

    I currently have quite a lot of malware on my PC, since a single intrusion about 10 days ago. That was detected as 'trojan horse clicker.fr' by AVG, which was unable to deal with it. The warning does not show up every day either, but when it does, it kind of takes over every 30 seconds. My settings I guess. ;)

    I've been on the bleepingcomputer(dot)com website and found a link to ewido. :thumb:
    Downloaded ewido and run various scans with it and AVG. only to find that both freez up on a full scan !! o_O

    AVG finds 16 infected objects before apparently freezing ( left it running 5 hours without progress)

    Ewido full system scan was still frozen after 2+ hours having found 451 infected objects

    Screenshots of both on my Photobucket page
    I know it says 1hr 25mins on the AVG image, but it froze at the same point every time.

    http://i81.photobucket.com/albums/j226/chashugh/petestrojanprobs/ewidoscreen.jpg

    http://i81.photobucket.com/albums/j226/chashugh/petestrojanprobs/AVG-part-scan.jpg


    Now, when I do 'memory' scan with ewido, two infected files are found, only one displayed ' Downloader.Agent.uj ' and and error shows on delete or quarantine. So the infection is still intact apparently.

    Registry scan found a couple and they're in quarantine.

    Fast scan runs and runs. Found Downloader.Agent.uj, but never finishes so I can't tell what the result might be.

    Any help is thanked in advance people! Thanxxxxxxxx
    Pete.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The first thing to do (so you can see the wood from the trees) is to D/L and use a cache cleaner:-

    http://www.filehippo.com/download_ccleaner/

    Then boot into 'safe mode' to run both AVG and ewido again:-

    http://www.bleepingcomputer.com/forums/tutorial61.html

    As far as the ewido memory scan is concerned, you would need to look at the report to find the numbers in square brackets next to the malware (eg it could be [886] or [1022] etc) these will be the PID numbers. You then look in ewido's analysis section, under the Processes tab, to find processes with the corresponding PIDs. You should select these processes simultaneously and click the Terminate button before running the memory scan again. The bugs will not clean if they are loaded in a running process.

    Since your scan stopped at System.ini, you could investigate that, if you are on XP, by clicking the Start button > Run > type sysedit and click OK. This brings up the System Configuration Editor. You can find the panel for system.ini and in the 'boot' section look and see if it have a line 'shell=', take note of the file path after the equalls sign 'cos that file will load up with windows each bootup and malware can use that technique to get started.

    Having said all the above, your best bet may be to post a HJT log at a suitable Forum. Some suggestions are given here:- https://www.wilderssecurity.com/showpost.php?p=792974&postcount=2
     
  3. Torquemada

    Torquemada Registered Member

    Joined:
    Jul 10, 2006
    Posts:
    7
    Thanks for a quick response Topper
    I'll give it a try, ( never done this sort of malarky before but what the heck,)

    Anyhoo, I've got a hand full of Ubuntu discs here, so I may just convert to Linux if I screw it all up :D
     
  4. vinzenz.ewido

    vinzenz.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    425
    Location:
    Brno, Czech Republic
    Hi Torquemada,

    Please post me your email address via PM I'll send you an utility which helps you to remove this threat.

    Regards,

    Vinzenz
     
  5. Torquemada

    Torquemada Registered Member

    Joined:
    Jul 10, 2006
    Posts:
    7
    Thanks for the offer Vinzenz
    But my PC is currently clear of malware thanks to TopperID's advice.

    I downloaded ccleaner from filehippo.com, last night. I ran that and allowed it to delete every thing it wanted to.
    I then booted into safe mode using the method described on the bleepingcomputer.com forums
    I then ran AVG first, which I shut down after 60 minutes, as it hung up. Then all the minor scans with ewido checking the boxed numbers as Topper had suggested. Some items could not be terminated as they were critical system items. Also unable to close them using Windows Task manager.
    Very late by them , so I went to bed, shutting the system down.

    This evening. Booted immediately into safe mode due to my setting it in msconfig. Had my complete desktop visible except wallpaper. Ran cclean, it found many items. I let it delete everything.
    Ran ewido minor scans first deleting all items found. Ran complete ewido scan, everything found got deleted, including Downloader.Agent.uj, and even a file that called itself 'Not A Virus...........'. Scanned again. CLEAR !!!
    Ran AVG.
    CLEAR !!!

    Thank you all very much.

    In the very near future, I will purchase AVG Pro and ewido, unless the combined setup appears to be arriving quickly. ;)

    Thanks again.

    I will try and come back here regularly, in case I can help someone else with my recent experience.

    Bye for now.

    Pete. :) :thumb:
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
Thread Status:
Not open for further replies.