Re: 68 variations of downloader.agent found on my computer!

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 18:53:58 -0500

First, don't listen to those that say reinstall the OS. That's way too draconian and is NOT
needed at this time.

Second, there are anti virus News Groups specifically for this type of discussion.

    microsoft.public.scripting.virus.discussion
    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

Finally, Please perform the following.

1) Download the following two items...

        Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt285.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Disable System Restore
            http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
        clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
        (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave

"Starman" <rockerj_@hotmail.com> wrote in message
news:uV$ivnK3EHA.3092@TK2MSFTNGP10.phx.gbl...
| My anti-virus has found 68 different variations of this trojan most of them
| satrting with downloader.agent. Most of these infected files are exes. I ran
| the computer in safe mode and used ad-aware, spy-bot, anti-virus software,
| cwshredder and god knows what else to no avail. These infections are still
| remaining on my computer. Please help me in what to do to rid these. I'm at
| of my tether and am genuinely seeking somebody's help.
|
| Thank you.
|
|

Relevant Pages

  • Re: Worm Problem [Spybot.44544]
    ... (e.g., "c:\New Folder") ... Download SYSCLEAN.COM and place it in that directory. ... Re-enable System Restore and re-apply any System Restore preferences, ... The anti-virus software then moved the file from the ...
    (microsoft.public.windowsxp.general)
  • Re: Klez in _Restore folder
    ... I am running WinXP home edition with Norton ... quarantine or delete the infected files. ... >You must run your anti-virus software after turning off ... Klez has invaded my system restore folder. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: VBS Freelink Trojan/Troj Ravop d
    ... which the Lord, the righteous Judge, ... turn off System Restore this will delete ... >>Download, ... >>> withthe listing of infected files. ...
    (microsoft.public.security.virus)
  • Re: VBS Freelink Trojan/Troj Ravop d
    ... turn off System Restore this will delete ... >from here back and any viruses within them. ... >Download, ... >> withthe listing of infected files. ...
    (microsoft.public.security.virus)
  • Re: Klez in _Restore folder
    ... You must run your anti-virus software after turning off System Restore. ... After you have run and cured your infected files with the AV software, ...
    (microsoft.public.windowsxp.security_admin)