Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
downloader.agent.2.bq
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > downloader.agent.2.bq  
Forum Quick Jump
 
New Topic Post reply to : downloader.agent.2.bq Printable version of : downloader.agent.2.bq
[ << Previous Thread | Next Thread >> ]

bpiltz
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-6-2004 4:01 (GMT +1)    Quote: downloader.agent.2.bqAlert an admin about: downloader.agent.2.bq
I have tried everything to get rid of the virus. The latest is running HijackThis and creating this log file. Can anyone help, please.
 
Thanks!
 
Logfile of HijackThis v1.98.2
Scan saved at 7:54:05 AM, on 10/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\i2050QosSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\NET2PH~1\CommCtr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
D:\Program Files\PerSono\perstray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\11Wave\WaveBuddy WLAN Card & Adapter Utility\WlanMonitor.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Documents and Settings\bpiltz\Desktop\HijackThis.exe
C:\Program Files\SlimBrowser\sbrowser.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fedex.com/cgi-bin/tracking?tracknumbers=791856389137&action=track&language=english&cntry_code=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = scache.entp.attws.com:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bpiltz\Application Data\Mozilla\Profiles\default\3izau2av.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eFax Live Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: WLAN Configuration & Monitor Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://scpwgb.ops.placeware.com/etc/place/GOLF/SCGpws-b1/5.1.2.150/placeware.aud.ieupload/UploadControl.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwgb.ops.placeware.com/etc/place/GOLF/SCGpws-b1/5.1.2.150/lib/quicksilver.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} (SendMail Class) - http://www107.placeware.com/etc/static/SCGrapidweb/2004-04-30-22-57-12/MailObjects.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} (PCInfo.CMClass) - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13642
  		   Posted 10-6-2004 5:17 (GMT +1)    Quote: downloader.agent.2.bqAlert an admin about: downloader.agent.2.bq
Hey bpiltzcool

     Touch
 
Proud member of:
Back to Top
 

bpiltz
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-6-2004 5:42 (GMT +1)    Quote: downloader.agent.2.bqAlert an admin about: downloader.agent.2.bq
Yes. I have run house call several time and it doesn't even detect the virus.
Back to Top
 

bpiltz
New Member


Date Joined Oct 2004
Total Posts : 3
  		   Posted 10-6-2004 6:14 (GMT +1)    Quote: downloader.agent.2.bqAlert an admin about: downloader.agent.2.bq
I'm sorry... please allow me to correct my last post. I ran houscall and it finds 28 "Non Cleanable" virusus. They all appear to be "HTML BAGLE.AL" and "TROJ BAGEL.AL". Any suggestions?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13642
  		   Posted 10-6-2004 6:41 (GMT +1)    Quote: downloader.agent.2.bqAlert an admin about: downloader.agent.2.bq
Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
Scan with Hijacktis, close all other windows, put a checkmark to these, and fix:
O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

Show hidden files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339?Open&src=ent&docid=2002092514302348&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl
 
Boot to safe mode – F8
Find and delete:
C:\WINDOWS\System32\doriot.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <<Folder

Reboot, run this scanner: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Disable Popupblocker on this site!
and post new log file


     Touch
 
Proud member of:
Back to Top
 
New Topic Post reply to : downloader.agent.2.bq Printable version of : downloader.agent.2.bq
 
Forum Information
Currently it is Saturday, November 22, 2008 3:35 PM (GMT +1)
There are a total of 64.053 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 156 reply posts. View Active Threads
Who's Online
This forum has 27198 registered members. Please welcome our newest member, shahed.
54 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
HELP I AM GOING MAD (6)22-11-2008 13:54:37 (traceyd31)
Redirecting virus? (7)22-11-2008 13:42:54 (r1ch1e)
Antivirus trigger is now the threat or what? (6)22-11-2008 13:01:06 (thegascomp)
Generic.PWS.WoW.B7078E0 (16)22-11-2008 11:55:15 (Behram)
Help please!!! (15)22-11-2008 10:05:45 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard