trojan win32/trojandownloader.agent.cd

Discussion in 'NOD32 version 2 Forum' started by ifhu4rhr4uhf, Oct 30, 2004.

Thread Status:
Not open for further replies.
  1. ifhu4rhr4uhf

    ifhu4rhr4uhf Guest

    trojan win32/trojandownloader.agent.cd found in operating memory.

    nod wont touch it.. how do i get rid of it please? it seems to be putting viruses on up to like 27 a day..
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The simple answer is to reboot into safe mode and run a further scan with Nod32.

    The longer answer is, can you follow the steps found in post number 2 of the following thread https://www.wilderssecurity.com/showthread.php?t=47830 just to make sure your system is clean.

    Let us know how you go...

    Cheers :D
     
  3. 34094984

    34094984 Guest

    hey again, didnt work :( also have .NAM trojen.. didnt have alot of those files that were told to be removed, thnx for ur help, appretiate it alot
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Did you install a trojan removal program?

    Did you run Nod32 in "Safe Mode"?

    Did you install and run Hijack This?

    Cheers :D
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Guys, if you encounter a problem getting rid of a particular virus, please follow these steps:

    1. restart Windows in Safe mode (if you don't know how, see the instructions below)

    2. run the NOD32 on-demand scanner

    3. on the Setup tab, make sure the runtime packers, advanced heuristics and potentially dangerous application checkboxes are ticked (in case these options do not appear, please download and install NOD32 2.12.2 from our website http://www.nod32.com/download/download.htm first)

    4. click the Clean button

    5. if an infected file is found and:
    - cannot be cleaned (the case of trojans and most worms), choose to delete it

    - contains a probable NewHeur_PE virus:
    a) tick the Quarantine check-box and click the Delete button. Subsequently, please send that file from Quarantine (quarantined files are located in the program files\eset\infected directory) to sample@nod32.com
    b) alternatively, you can choose to rename the file's extension and send it to sample@nod32.com for analysis

    - only the Leave option is available:
    if it is an Outlook Express DBX file, you'll need to look it up in your Outlook Express and delete it manually. If it is an archive (cab, zip, etc.), please look up the particular archive and delete it manually (if it contains also other files, use the appropriate unpacker to remove the appropriate file from the archive)

    - was detected in the System Volume Information folder, please disable the system restore function as described below.

    7. restart Windows in normal mode

    8. open Control Center, Resident modules and filters, IMON, Setup. On the HTTP tab, click the Setup button to enter the compatibility setup. We suggest you set all programs but download managers to higher efficiency mode. Should you experience some problems, revert to higher efficiency mode for the particular program.

    9. make sure you have all patches for your operating system available from Windows Update installed

    Should your machine still behave in a suspicious manner, please download HijackThis (http://209.133.47.12/~merijn/files/HijackThis.exe), run it, click Scan -> Save log and send us the log created for analysis.


    What to do if an infected file(s) keeps reappearing (applicable for WinXP)
    ==============================================

    Please disable the system restore function as follows:

    Right-click "My Computer" and select "Properties"
    Click "System Restore"
    Check the "Turn off System Restore on all Drives" check-box
    Click OK
    Uncheck the "Turn off System Restore on all Drives" check-box
    Click OK


    How to start Windows in safe mode
    =======================
    - restart the computer
    - just after the POST diagnostics and memory count, start tapping the F8 key
    - on the Startup Menu, choose Safe Mode
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Marcos, that is exactly what I advised in post number 2, the link provided has the same steps plus a few more in case of Browser Hijacks etc...

    Cheers :D
     
  7. erfojufrijrf

    erfojufrijrf Guest

    ok nod in safe mode i had already tried, i got and ran hijack this, who do i send the log to? am i emailing it?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You need to follow each and every step in the link that I provided, one step at a time before moving onto the next step.

    Included in the steps are instructions for posting Hijack This Logs...

    Cheers :D
     
  9. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    You can analyze the log yourself by pasting it in here:

    http://hijackthis.de

    it will tell you what is safe and what isn't
     
Thread Status:
Not open for further replies.