When looking for the removal of small.popcorn 64 and PWS-Pinch password
stealers that couldn't be removed with Microsoft Antispyware I used the Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj that was
found when scanning the memory. I tried MS Antispyware and Ewido in safe mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans I
mentioned above and some others that are reinstalled in my system.

Any suggestion?

I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton Antivirus
doesn't even find it (I'm losing faith in that product very quickly)] How
can I remove this?

Cheers,
Gregory

"Wanderer" wrote:

> When looking for the removal of small.popcorn 64 and PWS-Pinch password
> stealers that couldn't be removed with Microsoft Antispyware I used the Ewido
> and found about 20 other trojans in my computer.
>
> Ewido took charge of them but showed an error removing the Agent.uj that was
> found when scanning the memory. I tried MS Antispyware and Ewido in safe mode
> but the infection is still there.
>
> Everytime I open IExplorer it seems to open the door to the trojans I
> mentioned above and some others that are reinstalled in my system.
>
> Any suggestion?

Are you doing scans in safe mode?
--

"Frozencanuck" <(E-Mail Removed)> wrote in message
news:0901A5AA-A2E4-4772-B655-(E-Mail Removed)...
>I too am having the EXACT same problem with Agent.uj
>
> It is found in the momory and Ewido will not erase it. [Norton Antivirus
> doesn't even find it (I'm losing faith in that product very quickly)] How
> can I remove this?
>
> Cheers,
> Gregory
>
> "Wanderer" wrote:
>
>> When looking for the removal of small.popcorn 64 and PWS-Pinch password
>> stealers that couldn't be removed with Microsoft Antispyware I used the
>> Ewido
>> and found about 20 other trojans in my computer.
>>
>> Ewido took charge of them but showed an error removing the Agent.uj that
>> was
>> found when scanning the memory. I tried MS Antispyware and Ewido in safe
>> mode
>> but the infection is still there.
>>
>> Everytime I open IExplorer it seems to open the door to the trojans I
>> mentioned above and some others that are reinstalled in my system.
>>
>> Any suggestion?

Yes, I have been doing scans in both safe and normal mode.

"Bill Sanderson" wrote:

> Are you doing scans in safe mode?
> --
>
> "Frozencanuck" <(E-Mail Removed)> wrote in message
> news:0901A5AA-A2E4-4772-B655-(E-Mail Removed)...
> >I too am having the EXACT same problem with Agent.uj
> >
> > It is found in the momory and Ewido will not erase it. [Norton Antivirus
> > doesn't even find it (I'm losing faith in that product very quickly)] How
> > can I remove this?
> >
> > Cheers,
> > Gregory
> >
> > "Wanderer" wrote:
> >
> >> When looking for the removal of small.popcorn 64 and PWS-Pinch password
> >> stealers that couldn't be removed with Microsoft Antispyware I used the
> >> Ewido
> >> and found about 20 other trojans in my computer.
> >>
> >> Ewido took charge of them but showed an error removing the Agent.uj that
> >> was
> >> found when scanning the memory. I tried MS Antispyware and Ewido in safe
> >> mode
> >> but the infection is still there.
> >>
> >> Everytime I open IExplorer it seems to open the door to the trojans I
> >> mentioned above and some others that are reinstalled in my system.
> >>
> >> Any suggestion?
>
>
>

Hi guys.

Some helpful fellows at Ewido solved my problem regarding agent.uj

Here is what they suggested: Download Blacklight at

http://www.f-secure.com/exclude/blacklight/index.shtml

and run a search. My search turned up several hidden processes. They asked
me to rename a few of them, which is an option given in the program (they
told me to NEVER rename C:\WINDOWS\system32\wbem\wbemtest.exe - this is a
legitimate file). The program renamedthe files and rebooted the computer. I
then ran the computer in Safe Mode and Ran Ewido again. This completely
cleared Agent.uj off my computer.

However, I must warn everyone that I am NOT a computer tech. Please check
with more educated people about which files to rename and which to leave
alone after running blacklight.

For reference, the files I had to rename included

C:\WINDOWS\system32\dmxbb.exe
C:\WINDOWS\system32\filesafer23.exe
C:\WINDOWS\system32\favset.exe
C:\WINDOWS\system32\howiper.exe
C:\WINDOWS\system32\cspyb.exe
C:\WINDOWS\system32\csiqx.exe

These were the source of agent.uj on my computer. They are renamed with a
new extension - for example, howiper.exe becomes howiper.exe.ren - and they
can then be manually deleted.


"Frozencanuck" wrote:

> Yes, I have been doing scans in both safe and normal mode.
>
> "Bill Sanderson" wrote:
>
> > Are you doing scans in safe mode?
> > --
> >
> > "Frozencanuck" <(E-Mail Removed)> wrote in message
> > news:0901A5AA-A2E4-4772-B655-(E-Mail Removed)...
> > >I too am having the EXACT same problem with Agent.uj
> > >
> > > It is found in the momory and Ewido will not erase it. [Norton Antivirus
> > > doesn't even find it (I'm losing faith in that product very quickly)] How
> > > can I remove this?
> > >
> > > Cheers,
> > > Gregory
> > >
> > > "Wanderer" wrote:
> > >
> > >> When looking for the removal of small.popcorn 64 and PWS-Pinch password
> > >> stealers that couldn't be removed with Microsoft Antispyware I used the
> > >> Ewido
> > >> and found about 20 other trojans in my computer.
> > >>
> > >> Ewido took charge of them but showed an error removing the Agent.uj that
> > >> was
> > >> found when scanning the memory. I tried MS Antispyware and Ewido in safe
> > >> mode
> > >> but the infection is still there.
> > >>
> > >> Everytime I open IExplorer it seems to open the door to the trojans I
> > >> mentioned above and some others that are reinstalled in my system.
> > >>
> > >> Any suggestion?
> >
> >
> >

Thanks very much for the update. I'd done some research using the name of
the critter and hadn't found anything I thought would be useful to you, and
lost track of the thread, I'm afraid.

This is the second message I've seen recently involving spyware or viral
trojan software masked using root kit techniques. I believe that a
Microsoft solution to this issue will need to detect these bugs--and I hope
to see improvement in this area.

--

"Frozencanuck" <(E-Mail Removed)> wrote in message
news:425E2F28-FD30-49ED-A20A-(E-Mail Removed)...
> Hi guys.
>
> Some helpful fellows at Ewido solved my problem regarding agent.uj
>
> Here is what they suggested: Download Blacklight at
>
> http://www.f-secure.com/exclude/blacklight/index.shtml
>
> and run a search. My search turned up several hidden processes. They
> asked
> me to rename a few of them, which is an option given in the program (they
> told me to NEVER rename C:\WINDOWS\system32\wbem\wbemtest.exe - this is a
> legitimate file). The program renamedthe files and rebooted the computer.
> I
> then ran the computer in Safe Mode and Ran Ewido again. This completely
> cleared Agent.uj off my computer.
>
> However, I must warn everyone that I am NOT a computer tech. Please check
> with more educated people about which files to rename and which to leave
> alone after running blacklight.
>
> For reference, the files I had to rename included
>
> C:\WINDOWS\system32\dmxbb.exe
> C:\WINDOWS\system32\filesafer23.exe
> C:\WINDOWS\system32\favset.exe
> C:\WINDOWS\system32\howiper.exe
> C:\WINDOWS\system32\cspyb.exe
> C:\WINDOWS\system32\csiqx.exe
>
> These were the source of agent.uj on my computer. They are renamed with a
> new extension - for example, howiper.exe becomes howiper.exe.ren - and
> they
> can then be manually deleted.
>
>
> "Frozencanuck" wrote:
>
>> Yes, I have been doing scans in both safe and normal mode.
>>
>> "Bill Sanderson" wrote:
>>
>> > Are you doing scans in safe mode?
>> > --
>> >
>> > "Frozencanuck" <(E-Mail Removed)> wrote in
>> > message
>> > news:0901A5AA-A2E4-4772-B655-(E-Mail Removed)...
>> > >I too am having the EXACT same problem with Agent.uj
>> > >
>> > > It is found in the momory and Ewido will not erase it. [Norton
>> > > Antivirus
>> > > doesn't even find it (I'm losing faith in that product very quickly)]
>> > > How
>> > > can I remove this?
>> > >
>> > > Cheers,
>> > > Gregory
>> > >
>> > > "Wanderer" wrote:
>> > >
>> > >> When looking for the removal of small.popcorn 64 and PWS-Pinch
>> > >> password
>> > >> stealers that couldn't be removed with Microsoft Antispyware I used
>> > >> the
>> > >> Ewido
>> > >> and found about 20 other trojans in my computer.
>> > >>
>> > >> Ewido took charge of them but showed an error removing the Agent.uj
>> > >> that
>> > >> was
>> > >> found when scanning the memory. I tried MS Antispyware and Ewido in
>> > >> safe
>> > >> mode
>> > >> but the infection is still there.
>> > >>
>> > >> Everytime I open IExplorer it seems to open the door to the trojans
>> > >> I
>> > >> mentioned above and some others that are reinstalled in my system.
>> > >>
>> > >> Any suggestion?
>> >
>> >
>> >