Trojan-Downloader.Win32.Agent.hz

Discussion in 'malware problems & news' started by trifon, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. trifon

    trifon Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    1
    Location:
    UK
    I've been bothered for the last few days by a browser hijacker that resets the page to porn and gambling sites - today I've had "findyourgirl.net" and "adultxxxgames".

    My latest update of eScan has identified "Trojan-Downloader.Win32.Agent.hz" but said it cannot remove the virus.

    I cannot find reference to this virus or the websites anywhere so I guess it must be pretty new.

    The affected file is c\windows\system\mstrv.dll

    Firstly, any tips on getting rid of the this? Should I just wait until a fix is found?

    Also, what does file mstrv.dll actually do? Can I not just delete this and be rid of the virus/tojan that way?

    Finally, I'm sick of IE being affected by nasties. If I use another browser, will I be less susceptible to threats? Will I need to remove IE to use another browser?

    My OE is Windows 98SE and IE 6. Though I think the trojan loaded through a DSO exploit I have closed this now (I think - can I check this somehow?) and I have been using the latest versions of CWS shredder, spybot and adaware.

    Any help or advice will be greatly appreciated. If it is of any use I can mail the affected file (e or snail) for inspection.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP.

    The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean you should take a look here: Why did I get infected in the first place? Also, for further discussions on security and how to make your system that much stronger, see here and here

    This is what works really well for me, very simple to use and maintain.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.