Win32/Spy.ProAgent.20 trojan

Discussion in 'NOD32 version 2 Forum' started by Mike22222, Apr 27, 2005.

Thread Status:
Not open for further replies.
  1. Mike22222

    Mike22222 Guest

    Does anyone know how to remove the Win32/Spy.ProAgent.20 trojan? I've tried deleting the files associated with it but it keeps coming back. NOD32 can't seem to clear it and I can't find any more information on it.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you tried booting in "Safe Mode" and running a "Clean" (scan)? Just make sure Nod32 is tweaked to the maximum as per this thread.

    Hope tnis helps...

    Let us know how you go.

    Cheers :D
     
  3. Mike22222

    Mike22222 Guest

    Looks like its all clear now after scanning in safe mode.

    Thanks very much
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Good :)
    Happy to hear that. :)
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see.


    My pleasure.

    Cheers :D
     
  6. Mike22222

    Mike22222 Guest

    Looks like its back again today. Must have an exe file somewhere that's making it regenerate. Does anyone know more about this?
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Where exactly is the file that is infected, can you please post a log file of a scan, it may simply be within system restore.

    Cheers :D
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    With beta 2.50, NOD32 should tell you what application the file was created by.
     
  9. Mike22222

    Mike22222 Guest

    At the moment its coming up with

    C:\WINDOWS\qservice.exe - Win32/Spy.ProAgent.20 trojan
    C:\WINDOWS\system32\lncom.exe - Win32/Spy.ProAgent.20 trojan
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    qservice.exe is a porn dialer and from the looks of it here, You will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP.

    The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean I would suggest that you take a look here: Why did I get infected in the first place? Also, for further information on security and how to make your system that much stronger, see here, as well there are discussions here and even more here.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  11. Mike22222

    Mike22222 Guest

    I downloaded HiJack This and removed qservice.exe

    I've rebooted a few times and done full scans and its all gone now.
    Thanks so much for your help Blackspear, I really appreciate it.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see Mike, and my pleasure. You might like to take a look through a couple of those links I provided to see if you can add a layer or 2 to you defences so you don't end up in the same boat again.

    Cheers :D
     
Thread Status:
Not open for further replies.