Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help removing Trojan.Agent.AJTY
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help removing Trojan.Agent.AJTY  
Forum Quick Jump
 
New Topic Post reply to : Help removing Trojan.Agent.AJTY Printable version of : Help removing Trojan.Agent.AJTY
[ << Previous Thread | Next Thread >> ]

equation
New Member


Date Joined Jun 2007
Total Posts : 2
  		   Posted 9-13-2008 6:48 (GMT +1)    Quote: Help removing Trojan.Agent.AJTYAlert an admin about: Help removing Trojan.Agent.AJTY
I got the virus named Trojan.Agent.AJTY, is impossible to get rid off. I did a full scan, and bullguard only found this virus, i tried everything possible, but bullguard couldnt do anything about it. I used the function "Send log" I got a answer back. I got told to reboote in safemode, and delete the file manually, be pressing "shift + delete" I turns out, that i havent got the right permissions to do that, even though im logged in as the owner of the computer. The only thing i have been noticed the computer is doing, is shutting down explorer.exe when im starting my computer, and i gotta press CTRL + ALT + DELETE, and manually RUN the explorer.exe, to get in to windows again. The file i got the virus in, is called - "__c0023940.dat".

Any ideas?

THE FILE ATTACHED IS THE FILE I GOT THE STUPID VIRUS IN.

I got a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:26:28, on 13-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\CTHELPER.EXE
C:\programmer\powerstrip\pstrip.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mathias\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Mathias\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Mathias\Lokale indstillinger\Application Data\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VOIPlay] "C:\Programmer\VOIPlay\voiplay.exe"
O4 - HKCU\..\Run: [A00F28591.exe] C:\DOCUME~1\Mathias\LOKALE~1\Temp\_A00F28591.exe
O4 - HKCU\..\Run: [A00FB2DE0.exe] C:\DOCUME~1\Mathias\LOKALE~1\Temp\_A00FB2DE0.exe
O4 - HKCU\..\Run: [A00F3C9A3F7.exe] C:\DOCUME~1\Mathias\LOKALE~1\Temp\_A00F3C9A3F7.exe
O4 - Startup: Genvej til NVColorProfiler.lnk = C:\!!!!\NVColorProfiler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174812914184
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/dk/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: 607e621e382 - C:\WINDOWS\system32\__c0023940.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c0075F20 - C:\WINDOWS\system32\__c0075F20.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDExchange.exe

File Attachment :
__c0023940.dat   72KB (application/octet-stream)
This file has been downloaded 29 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 9-14-2008 3:42 (GMT +1)    Quote: Help removing Trojan.Agent.AJTYAlert an admin about: Help removing Trojan.Agent.AJTY
Hello smile
 
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh hijackthis log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Help removing Trojan.Agent.AJTY Printable version of : Help removing Trojan.Agent.AJTY
 
Forum Information
Currently it is Tuesday, January 06, 2009 1:12 PM (GMT +1)
There are a total of 65.857 posts in 16.163 threads.
In the last 3 days there were 21 new threads and 82 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
44 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Trouble accessing ColdFusion pages!? (3)06-01-2009 10:35:35 (Alin Vlad)
Virtumundo Virus HELP! (6)06-01-2009 10:14:58 (jon310)
GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3 (0)06-01-2009 09:17:03 (tariq1)
Google Redirect Virus (3)06-01-2009 09:04:46 (Touch)
Cannot remove malware (3)06-01-2009 09:00:38 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard