Trojan.Agent

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Trojan.Agent

Post by musicabonita on Tue 31 Jan 2012, 3:52 pm

Hi,
I am new to this forum and very grateful for it. The problem that I've been having is related to a Trojan.Agent and/or Trojan.Fakems. I got this yesterday. I was in the middle of something and then all of a sudden my computer shut down. Now every time I start it in Normal Mode it will eventually give me the bluescreen of death with a long message that I never have time to read.

I think maybe this trojan is removable because I still can get in normal mode and can get into safe mode with no problem (which is what I am in now). I have ran Malwarebytes, Super AntiSpyware and Spybot and they have all found infections but there has still been no relief from the symptoms.

The below posts are the files that you asked for except for the extras.txt. For some reason that did not open. Is there a way to get to it?

Thanks for any help you can give.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 21:44:37
-----------------------------
21:44:37.024 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:37.024 Number of processors: 2 586 0x2502
21:44:37.025 ComputerName: MUSICABONITA-PC UserName: musicabonita
21:44:38.164 Initialize success
21:48:13.577 AVAST engine defs: 12013000
21:48:22.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:22.174 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:48:22.176 Device \Driver\iaStor -> MajorFunction fffffa80034b95c4
21:48:22.179 Disk 0 MBR read successfully
21:48:22.181 Disk 0 MBR scan
21:48:22.185 Disk 0 Windows VISTA default MBR code
21:48:22.189 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
21:48:22.204 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
21:48:22.249 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
21:48:22.255 Service scanning
21:48:23.410 Modules scanning
21:48:23.440 Disk 0 trace - called modules:
21:48:23.447
21:48:24.954 AVAST engine scan C:\Windows
21:48:28.722 AVAST engine scan C:\Windows\system32
21:48:40.178 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:50:23.800 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:50:27.533 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:51:58.297 AVAST engine scan C:\Windows\system32\drivers
21:52:23.397 AVAST engine scan C:\Users\musicabonita
21:53:15.886 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Desktop\MBR.dat"
21:53:15.894 The log file has been saved successfully to "C:\Users\musicabonita\Desktop\aswMBR.txt"




Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton 360
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````


musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Wed 01 Feb 2012, 6:02 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Hi Dave

Post by musicabonita on Wed 01 Feb 2012, 3:33 pm

Thanks for your response!

I will certainly download and run combofix and do anything else you said to do soon. Right now I am backing up all of my documents so that in case something happens I won't lose any important data. I hope to have a response to you by tomorrow as there are still 9,000 plus items that need to be uploaded still. Fortunately it's going quickly.

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Thu 02 Feb 2012, 6:18 am

Right now I am backing up all of my documents so that in case something happens I won't lose any important data. I hope to have a response to you by tomorrow as there are still 9,000 plus items that need to be uploaded still. Fortunately it's going quickly. .
A very good idea at any time. Make sure you scan them with two up-to-date AV programs before returning them to your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Thu 02 Feb 2012, 2:23 pm

I'm having a slight problem with disabling Norton 360 while in Safe mode because there is no icon in the tray to get to the control panel....any ideas?

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Fri 03 Feb 2012, 6:56 am

musicabonita wrote:I'm having a slight problem with disabling Norton 360 while in Safe mode because there is no icon in the tray to get to the control panel....any ideas?
If you can't disable it run ComboFix anyway.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Fri 03 Feb 2012, 2:47 pm

So I'm running combo fix now...it restarted the computer and has a blue screen up that says preparing log report do not run any program until combofix has finished.

But these stupid programs are popping up like norton and spybot, even though it is not on the desktop screen. Will this effect what it is that combofix is doing. This has me worried that something bad will happen to my computer...something worse than already has.

Edit: It seems like nothing is happening now. The spybot window is open but not doing anything and so is the combofix window but it is also not doing anything. I'll keep you updated.

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat 04 Feb 2012, 1:18 am

Okay so when I woke up this morning, the combofix screen said something that I can't remember at the moment but it was pretty much saying that it was done scanning and that I could find the report at a certain location.

Then the computer started in normal mode and I logged in. I didn't write down the location of the log so I searched for it under "combofix" and nothing showed up. Combofix wasn't even on my desktop anymore.

Then I tried to restart my computer in safe mode and the BSOD came back on.


Unfortunately, i then had to go to work so I didn't have time to work on it anymore. Just wanted to know if any of this stuff sounded unusual or if I should feel worried that i couldn't find the log?

I googled it and found that the log should be at C:\Combofix.txt so I will look for it when I get home.

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat 04 Feb 2012, 6:21 am

Just wanted to know if any of this stuff sounded unusual or if I should feel worried that i couldn't find the log?

I googled it and found that the log should be at C:\Combofix.txt so I will look for it when I get home. .
A bit unusual but you should be able to find the log there. If not, please try running CF again.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat 04 Feb 2012, 11:44 am

I tried to find the txt file. I never found the file but I did find combofix although it was no longer on the desktop. However, now when I search, I can't find combofix at all and when I go to firefox and to downloads, I right clicked on combofix and the open and open in containing folder were grayed out.

It's completely gone now like it was never there. I'm beginning to think that there isn't any hope for my computer at this point. Please advise.

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sat 04 Feb 2012, 1:35 pm

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat 04 Feb 2012, 3:16 pm

It is asking me if I want to download Avast Antivirus to get better detection results. Should I do it? keep in mind that I was not able to disable Norton.

Thanks for your help so far.

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sun 05 Feb 2012, 6:27 am

It is asking me if I want to download Avast Antivirus to get better detection results. Should I do it?
That is normal.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sun 05 Feb 2012, 10:50 am

Yeah I finally got something to work! Here is my log from the scan I ran on aswMBR:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-03 22:13:37
-----------------------------
22:13:37.613 OS Version: Windows x64 6.1.7601 Service Pack 1
22:13:37.613 Number of processors: 2 586 0x2502
22:13:37.613 ComputerName: MUSICABONITA-PC UserName: musicabonita
22:13:40.716 Initialize success
17:25:08.256 AVAST engine defs: 12020401
17:26:21.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:26:21.946 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:26:21.946 Device \Driver\iaStor -> MajorFunction fffffa80034a65c4
17:26:21.946 Disk 0 MBR read successfully
17:26:21.956 Disk 0 MBR scan
17:26:21.966 Disk 0 Windows VISTA default MBR code
17:26:21.966 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
17:26:21.986 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
17:26:21.996 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
17:26:22.026 Service scanning
17:26:24.066 Modules scanning
17:26:24.066 Disk 0 trace - called modules:
17:26:24.076 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80034a65c4]<<
17:26:24.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030b8060]
17:26:24.116 3 CLASSPNP.SYS[fffff88001dc443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002ed5050]
17:26:24.146 \Driver\iaStor[0xfffffa80033ed2f0] -> IRP_MJ_CREATE -> 0xfffffa80034a65c4
17:26:24.966 AVAST engine scan C:\Windows
17:26:30.056 AVAST engine scan C:\Windows\system32
17:28:41.657 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
17:28:45.807 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
17:30:16.347 AVAST engine scan C:\Windows\system32\drivers
17:30:31.147 AVAST engine scan C:\Users\musicabonita
17:43:27.268 AVAST engine scan C:\ProgramData
17:46:45.268 Scan finished successfully
17:47:35.108 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Desktop\MBR.dat"
17:47:35.118 The log file has been saved successfully to "C:\Users\musicabonita\Desktop\aswMBR.txt"
17:47:44.688 Disk 0 MBR has been saved successfully to "C:\Users\musicabonita\Documents\MBR.dat"
17:47:44.718 The log file has been saved successfully to "C:\Users\musicabonita\Documents\aswMBR.txt"



musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sun 05 Feb 2012, 1:01 pm

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
*******************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sun 05 Feb 2012, 5:47 pm

So keeping in mind that I am not able to disable my antivirus, you still want me to download and run combofix?


musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Mon 06 Feb 2012, 6:26 am

musicabonita wrote:So keeping in mind that I am not able to disable my antivirus, you still want me to download and run combofix?
Yes, please.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Tue 07 Feb 2012, 10:32 am

Okay this is what I got from Bluescreen view:
020312-45318-01.dmp 2/3/2012 6:15:30 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 00000180`00000408 00000000`00000002 00000000`00000001 fffff800`0309ed5b ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-45318-01.dmp 2 15 7601 277,336
020312-45692-01.dmp 2/3/2012 5:52:58 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03065f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-45692-01.dmp 2 15 7601 277,392
020312-60543-01.dmp 2/3/2012 6:30:41 AM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`030b8f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-60543-01.dmp 2 15 7601 277,392
020312-91712-01.dmp 2/3/2012 6:05:04 AM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03064f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\020312-91712-01.dmp 2 15 7601 277,392
013012-41106-01.dmp 1/30/2012 8:21:55 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03375a9a 00000000`00000001 00000000`00000018 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-41106-01.dmp 2 15 7601 277,392
013012-45521-01.dmp 1/30/2012 7:10:36 PM SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e ffffffff`c000001d fffffa80`06f0b012 fffff880`0858ca68 fffff880`0858c2c0 volsnap.sys volsnap.sys+2df4 x64 C:\Windows\Minidump\013012-45521-01.dmp 2 15 7601 277,392
013012-47783-01.dmp 1/30/2012 6:42:06 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a fffff8a0`032620e1 00000000`00000002 00000000`00000001 fffff800`030faab5 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-47783-01.dmp 2 15 7601 277,392
013012-48251-01.dmp 1/30/2012 5:01:33 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`0305ef6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\013012-48251-01.dmp 2 15 7601 277,392
012912-41231-01.dmp 1/29/2012 11:33:17 PM DRIVER_CORRUPTED_EXPOOL 0x000000c5 00000000`00000008 00000000`00000002 00000000`00000000 fffff800`031c8a9b ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-41231-01.dmp 2 15 7601 277,392
012912-29983-01.dmp 1/29/2012 8:49:42 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`03079f6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-29983-01.dmp 2 15 7601 277,336
012912-38235-01.dmp 1/29/2012 8:33:29 PM KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 fffff800`0307af6b 00000000`00000000 00000000`7efa0000 ntoskrnl.exe ntoskrnl.exe+7cc40 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17640 (win7sp1_gdr.110622-1506) x64 ntoskrnl.exe+7cc40 C:\Windows\Minidump\012912-38235-01.dmp 2 15 7601 277,336

I'm about to do combofix again.


musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Tue 07 Feb 2012, 3:27 pm

I did combofix and changed the name and everything. It ran and then all of a sudden I got the BSOD and when i restarted the computer in safe mode I couldn't find the txt file. Now what ?

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Wed 08 Feb 2012, 5:43 am

Please do this even if you don't have your OS disk. Please let me know what happens.

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Wed 08 Feb 2012, 6:18 am

Is there anything that I need to copy and paste back to you...some kind of report or anything or do I just need to tell you what happens with the scan?

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Wed 08 Feb 2012, 10:22 am

Just tell if it asks for the OS disk.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat 11 Feb 2012, 7:00 am

Okay I will try this today. Thanks

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by musicabonita on Sat 11 Feb 2012, 7:07 pm

It didn't ask for an OS disk and it said nothing had been violated (or something to that effect).

musicabonita

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2012-01-31
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Superdave on Sun 12 Feb 2012, 5:39 am

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.
******************************************************
AVENGER

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Click the Execute button.
  • You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.


Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.Agent

Post by Sponsored content Today at 1:10 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum