Trojan.Agent

View previous topic View next topic Go down

Trojan.Agent

Post by musicabonita on Tue Jan 31, 2012 4:52 am

Hi,
I am new to this forum and very grateful for it. The problem that I've been having is related to a Trojan.Agent and/or Trojan.Fakems. I got this yesterday. I was in the middle of something and then all of a sudden my computer shut down. Now every time I start it in Normal Mode it will eventually give me the bluescreen of death with a long message that I never have time to read.

I think maybe this trojan is removable because I still can get in normal mode and can get into safe mode with no problem (which is what I am in now). I have ran Malwarebytes, Super AntiSpyware and Spybot and they have all found infections but there has still been no relief from the symptoms.

The below posts are the files that you asked for except for the extras.txt. For some reason that did not open. Is there a way to get to it?

Thanks for any help you can give.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 21:44:37
-----------------------------
21:44:37.024 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:37.024 Number of processors: 2 586 0x2502
21:44:37.025 ComputerName: MUSICABONITA-PC UserName: musicabonita
21:44:38.164 Initialize success
21:48:13.577 AVAST engine defs: 12013000
21:48:22.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:22.174 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:48:22.176 Device \Driver\iaStor -> MajorFunction fffffa80034b95c4
21:48:22.179 Disk 0 MBR read successfully
21:48:22.181 Disk 0 MBR scan
21:48:22.185 Disk 0 Windows VISTA default MBR code
21:48:22.189 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
21:48:22.204 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
21:48:22.249 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
21:48:22.255 Service scanning
21:48:23.410 Modules scanning
21:48:23.440 Disk 0 trace - called modules:
21:48:23.447
21:48:24.954 AVAST engine scan C:\Windows
21:48:28.722 AVAST engine scan C:\Windows\system32
21:48:40.178 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:50:23.800 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:50:27.533 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:51:58.297 AVAST engine scan C:\Windows\system32\drivers
21:52:23.397 AVAST engine scan C:\Users\musicabonita
21:53:15.886 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Desktop\MBR.dat"
21:53:15.894 The log file has been saved successfully to "C:\Users\musicabonita\Desktop\aswMBR.txt"




Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton 360
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````


musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Tue Jan 31, 2012 7:02 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Hi Dave

Post by musicabonita on Wed Feb 01, 2012 4:33 am

Thanks for your response!

I will certainly download and run combofix and do anything else you said to do soon. Right now I am backing up all of my documents so that in case something happens I won't lose any important data. I hope to have a response to you by tomorrow as there are still 9,000 plus items that need to be uploaded still. Fortunately it's going quickly.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Wed Feb 01, 2012 7:18 pm

Right now I am backing up all of my documents so that in case something happens I won't lose any important data. I hope to have a response to you by tomorrow as there are still 9,000 plus items that need to be uploaded still. Fortunately it's going quickly. .
A very good idea at any time. Make sure you scan them with two up-to-date AV programs before returning them to your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Thu Feb 02, 2012 3:23 am

I'm having a slight problem with disabling Norton 360 while in Safe mode because there is no icon in the tray to get to the control panel....any ideas?

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Thu Feb 02, 2012 7:56 pm

[You must be registered and logged in to see this link.] wrote:I'm having a slight problem with disabling Norton 360 while in Safe mode because there is no icon in the tray to get to the control panel....any ideas?
If you can't disable it run ComboFix anyway.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri Feb 03, 2012 3:47 am

So I'm running combo fix now...it restarted the computer and has a blue screen up that says preparing log report do not run any program until combofix has finished.

But these stupid programs are popping up like norton and spybot, even though it is not on the desktop screen. Will this effect what it is that combofix is doing. This has me worried that something bad will happen to my computer...something worse than already has.

Edit: It seems like nothing is happening now. The spybot window is open but not doing anything and so is the combofix window but it is also not doing anything. I'll keep you updated.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri Feb 03, 2012 2:18 pm

Okay so when I woke up this morning, the combofix screen said something that I can't remember at the moment but it was pretty much saying that it was done scanning and that I could find the report at a certain location.

Then the computer started in normal mode and I logged in. I didn't write down the location of the log so I searched for it under "combofix" and nothing showed up. Combofix wasn't even on my desktop anymore.

Then I tried to restart my computer in safe mode and the BSOD came back on.


Unfortunately, i then had to go to work so I didn't have time to work on it anymore. Just wanted to know if any of this stuff sounded unusual or if I should feel worried that i couldn't find the log?

I googled it and found that the log should be at C:\Combofix.txt so I will look for it when I get home.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Fri Feb 03, 2012 7:21 pm

Just wanted to know if any of this stuff sounded unusual or if I should feel worried that i couldn't find the log?

I googled it and found that the log should be at C:\Combofix.txt so I will look for it when I get home. .
A bit unusual but you should be able to find the log there. If not, please try running CF again.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat Feb 04, 2012 12:44 am

I tried to find the txt file. I never found the file but I did find combofix although it was no longer on the desktop. However, now when I search, I can't find combofix at all and when I go to firefox and to downloads, I right clicked on combofix and the open and open in containing folder were grayed out.

It's completely gone now like it was never there. I'm beginning to think that there isn't any hope for my computer at this point. Please advise.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat Feb 04, 2012 2:35 am

Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat Feb 04, 2012 4:16 am

It is asking me if I want to download Avast Antivirus to get better detection results. Should I do it? keep in mind that I was not able to disable Norton.

Thanks for your help so far.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat Feb 04, 2012 7:27 pm

It is asking me if I want to download Avast Antivirus to get better detection results. Should I do it?
That is normal.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat Feb 04, 2012 11:50 pm

Yeah I finally got something to work! Here is my log from the scan I ran on aswMBR:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-03 22:13:37
-----------------------------
22:13:37.613 OS Version: Windows x64 6.1.7601 Service Pack 1
22:13:37.613 Number of processors: 2 586 0x2502
22:13:37.613 ComputerName: MUSICABONITA-PC UserName: musicabonita
22:13:40.716 Initialize success
17:25:08.256 AVAST engine defs: 12020401
17:26:21.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:26:21.946 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:26:21.946 Device \Driver\iaStor -> MajorFunction fffffa80034a65c4
17:26:21.946 Disk 0 MBR read successfully
17:26:21.956 Disk 0 MBR scan
17:26:21.966 Disk 0 Windows VISTA default MBR code
17:26:21.966 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
17:26:21.986 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
17:26:21.996 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
17:26:22.026 Service scanning
17:26:24.066 Modules scanning
17:26:24.066 Disk 0 trace - called modules:
17:26:24.076 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80034a65c4]<<
17:26:24.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030b8060]
17:26:24.116 3 CLASSPNP.SYS[fffff88001dc443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002ed5050]
17:26:24.146 \Driver\iaStor[0xfffffa80033ed2f0] -> IRP_MJ_CREATE -> 0xfffffa80034a65c4
17:26:24.966 AVAST engine scan C:\Windows
17:26:30.056 AVAST engine scan C:\Windows\system32
17:28:41.657 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
17:28:45.807 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
17:30:16.347 AVAST engine scan C:\Windows\system32\drivers
17:30:31.147 AVAST engine scan C:\Users\musicabonita
17:43:27.268 AVAST engine scan C:\ProgramData
17:46:45.268 Scan finished successfully
17:47:35.108 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Desktop\MBR.dat"
17:47:35.118 The log file has been saved successfully to "C:\Users\musicabonita\Desktop\aswMBR.txt"
17:47:44.688 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Documents\MBR.dat"
17:47:44.718 The log file has been saved successfully to "C:\Users\musicabonita\Documents\aswMBR.txt"



musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sun Feb 05, 2012 2:01 am

Download BlueScreenView to your desktop.
[You must be registered and logged in to see this link.]
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
*******************************************************
Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sun Feb 05, 2012 6:47 am

So keeping in mind that I am not able to disable my antivirus, you still want me to download and run combofix?


musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sun Feb 05, 2012 7:26 pm

[You must be registered and logged in to see this link.] wrote:So keeping in mind that I am not able to disable my antivirus, you still want me to download and run combofix?
Yes, please.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Mon Feb 06, 2012 11:32 pm

Okay this is what I got from Bluescreen view:
020312-45318-01.dmp 2/3/2012 6:15:30 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 00000180`00000408 00000000`00000002 00000000`00000001 fffff800`0309ed5b ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-45318-01.dmp 2 15 7601 277,336
020312-45692-01.dmp 2/3/2012 5:52:58 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03065f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-45692-01.dmp 2 15 7601 277,392
020312-60543-01.dmp 2/3/2012 6:30:41 AM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`030b8f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-60543-01.dmp 2 15 7601 277,392
020312-91712-01.dmp 2/3/2012 6:05:04 AM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03064f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-91712-01.dmp 2 15 7601 277,392
013012-41106-01.dmp 1/30/2012 8:21:55 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03375a9a 00000000`00000001 00000000`00000018 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-41106-01.dmp 2 15 7601 277,392
013012-45521-01.dmp 1/30/2012 7:10:36 PM SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e ffffffff`c000001d fffffa80`06f0b012 fffff880`0858ca68 fffff880`0858c2c0 volsnap.sys volsnap.sys+2df4 x64 C:\Windows\Minidump\013012-45521-01.dmp 2 15 7601 277,392
013012-47783-01.dmp 1/30/2012 6:42:06 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a fffff8a0`032620e1 00000000`00000002 00000000`00000001 fffff800`030faab5 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-47783-01.dmp 2 15 7601 277,392
013012-48251-01.dmp 1/30/2012 5:01:33 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`0305ef6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-48251-01.dmp 2 15 7601 277,392
012912-41231-01.dmp 1/29/2012 11:33:17 PM DRIVER_CORRUPTED_EXPOOL 0x000000c5 00000000`00000008 00000000`00000002 00000000`00000000 fffff800`031c8a9b ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-41231-01.dmp 2 15 7601 277,392
012912-29983-01.dmp 1/29/2012 8:49:42 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03079f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-29983-01.dmp 2 15 7601 277,336
012912-38235-01.dmp 1/29/2012 8:33:29 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`0307af6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-38235-01.dmp 2 15 7601 277,336

I'm about to do combofix again.


musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Tue Feb 07, 2012 4:27 am

I did combofix and changed the name and everything. It ran and then all of a sudden I got the BSOD and when i restarted the computer in safe mode I couldn't find the txt file. Now what Sad tearing?

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Tue Feb 07, 2012 6:43 pm

Please do this even if you don't have your OS disk. Please let me know what happens.

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Tue Feb 07, 2012 7:18 pm

Is there anything that I need to copy and paste back to you...some kind of report or anything or do I just need to tell you what happens with the scan?

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Tue Feb 07, 2012 11:22 pm

Just tell if it asks for the OS disk.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri Feb 10, 2012 8:00 pm

Okay I will try this today. Thanks

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat Feb 11, 2012 8:07 am

It didn't ask for an OS disk and it said nothing had been violated (or something to that effect).

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat Feb 11, 2012 6:39 pm

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.
******************************************************
AVENGER

  • Download The Avenger by Swandog46 from [You must be registered and logged in to see this link.].
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Click the Execute button.
  • You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Thu Feb 16, 2012 4:15 am

I'll try this tomorrow. Based on what you've seen so far... Do you think there is still a chance that my computer can be saved.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Thu Feb 16, 2012 6:09 pm

Based on what you've seen so far... Do you think there is still a chance that my computer can be saved. .
It's difficult to say. I'm still trying to determine why you're getting the BSOD's. Most BSOD's are caused by defective software or hardware.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri Feb 17, 2012 3:17 am

I tried to do the scan and it said it couldn't do it while the disk was in use.

I appreciate all of your help so far but honestly, I just think I need to wipe out my hard drive. Thank you so much for trying to figure out what is wrong but I don't think anything can be done. The cause of the issue still hasn't been determined so I don't think i have any other choice.

In your opinon, will this get rid of any virus, trojan's or issues I may have?

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat Feb 18, 2012 6:34 pm

In your opinon, will this get rid of any virus, trojan's or issues I may have?.
If you do a complete reformat it will clean your harddrive. Sorry that it had to come to this. Good luck

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri Feb 24, 2012 1:26 am

Thanks so much for all your help. I have one more question please. I am trying to reformat my drive using the CD-Rom. I put the System CD in and pushed F12 like the instructions said that came with the CD (from Acer). For some reason when I push F12 as the computer is restarting (with the CD in the drive), it just start up as normal.

My cd-rom drive is crappy. Is it possible to reformat my drive using an external cd-rom drive instead of the internal one? will that work the same way or is it a bad idea.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Fri Feb 24, 2012 2:45 am

My cd-rom drive is crappy. Is it possible to reformat my drive using an external cd-rom drive instead of the internal one? will that work the same way or is it a bad idea..
That should work but you may have to change your boot order in BIOS to accomodate the external drive.

If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

More issues

Post by musicabonita on Sat Feb 25, 2012 2:35 pm

Hi,
This might be out of the realm of this thread but I will ask anyway. Now I am having a new problem. I finally got the computer to boot to CD and I wen through the entire process of reinstalling windows. Everything went okay until I had to do the restart your computer to begin set up or whatever it says.

When it restarted, everything looked normal and it went to a black screen and it said set up is about to begin (i'm paraphrasing) suddenly I get an error message saying that "to install windows, click ok to restart the computer and then restart the installation". Then the computer restarts but I wind up getting the same error message?

Any ideas on how to fix this? Should I start another thread for this issue? Thanks.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat Feb 25, 2012 2:48 pm

I forgot to say that I used the Acer eRecovery discs to reinstall windows. I was under the impression that doing a reinstall of windows would wipe my hard drive. Am i misinformed on that? Do I have clean the hard drive then reinstall windows? I can't get a clear understanding of that.

Edit: Also based on the research I've done, it seems like there are some changes that can be made in BIOS to help fix the problem. However, any of the changes they suggest, I can't find those settings (voltage, plug and play, etc.). It seems my options in BIOS are very limited.

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat Feb 25, 2012 8:36 pm

Do I have clean the hard drive then reinstall windows? I can't get a clear understanding of that
The Recovery disks will take your computer back to the day you purchased it.
Also based on the research I've done, it seems like there are some changes that can be made in BIOS to help fix the problem.
I seriously doubt you can fix that in the BIOS. Your best bet would be to try to get the Recovery to work. Then, if you're still having problems, we can try to fix that.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Wed Feb 29, 2012 3:56 pm

Dave I appreciate your help and patience so much. After about a month of trying to work on this issue and getting no where, I just decided to get a new computer. I will still try and fix the problem but I have a business and I can't be hindered from it any longer.

Thanks a bunch!

musicabonita
Novice
Novice

Posts Posts : 20
Joined Joined : 2012-01-31
OS OS : Windows 7
Points Points : 17988
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Wed Feb 29, 2012 6:59 pm

[You must be registered and logged in to see this link.] wrote:Dave I appreciate your help and patience so much. After about a month of trying to work on this issue and getting no where, I just decided to get a new computer. I will still try and fix the problem but I have a business and I can't be hindered from it any longer.

Thanks a bunch!

Sorry it had to come to this. Good luck

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum