I need a help with two trojan AGENT.XJ e GROMP

[fuzzy]

please, I hope someone can help me somehow.

Is there any way to remove theese viruses than are slowing down my PC?

Sorry for english mistakes, but I'm not ienglish mother tounge.
I tried to look for solution by searcing the net, and in this NG, but
I didn't find.

I scanned my PC with Spyware doctor free licence (no removing).

Some suggestion, program or past tread on the matter?

thanks in advance
regards
Fuzzy (italy)

 

[David H. Lipman]

From: "fuzzy" <[email protected]>

| please, I hope someone can help me somehow.
|
| Is there any way to remove theese viruses than are slowing down my PC?
|
| Sorry for english mistakes, but I'm not ienglish mother tounge.
| I tried to look for solution by searcing the net, and in this NG, but
| I didn't find.
|
| I scanned my PC with Spyware doctor free licence (no removing).
|
| Some suggestion, program or past tread on the matter?
|
| thanks in advance
| regards
| Fuzzy (italy)


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[fuzzy]

From: "fuzzy" <[email protected]>

| please, I hope someone can help me somehow.
|
| Is there any way to remove theese viruses than are slowing down my PC?
|
| Sorry for english mistakes, but I'm not ienglish mother tounge.
| I tried to look for solution by searcing the net, and in this NG, but
| I didn't find.
|
| I scanned my PC with Spyware doctor free licence (no removing).
|
| Some suggestion, program or past tread on the matter?
|
| thanks in advance
| regards
| Fuzzy (italy)

Download MULTI_AV.EXE from the URL --http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky,

I'm quite sure these anti-virus cannot see nor remove the malware I'm
talking about.

fuzzy

 

[David H. Lipman]

From: "fuzzy" <[email protected]>



| I'm quite sure these anti-virus cannot see nor remove the malware I'm
| talking about.

| fuzzy

Based upon what facts ?

 

[fuzzy]

From: "fuzzy" <[email protected]>

| I'm quite sure these anti-virus cannot see nor remove the malware I'm
| talking about.

| fuzzy

Based upon what facts ?

because I have CA antivirus installed on my pc, I've tried kasperky
and mcafee online scanning, without any results. I haven't tried
sophos, instead...

fuzzy

 

[David H. Lipman]

From: "fuzzy" <[email protected]>


|
| because I have CA antivirus installed on my pc, I've tried kasperky
| and mcafee online scanning, without any results. I haven't tried
| sophos, instead...
|
| fuzzy

Then I must ask...

How do you know that you have "...two trojan AGENT.XJ e GROMP" infected files ?

Please provide full details.

BTW: The reason I include 4 different AV scanners from 4 different vendors is because one
may catch what another may miss.

 

[fuzzy]

From: "fuzzy" <[email protected]>

|
| because I have CA antivirus installed on my pc, I've tried kasperky
| and mcafee online scanning, without any results. I haven't tried
| sophos, instead...
|
| fuzzy

Then I must ask...

How do you know that you have "...two trojan AGENT.XJ e GROMP" infected files ?

As I wrote in the first post:
"I scanned my PC with Spyware doctor free licence" (scanning only).

If you want to remove them you have to pay. I don't want.
If I should pay each single AV, just because one sees a virus, one
sees another... how much I'd to spend?
I don't even know whether it is a trick from sw productor to sell more
software...

We say: thinking bad is not good, but often you hit the target
(well this is my terrible personal translation of italian way of
saying...)

BTW: The reason I include 4 different AV scanners from 4 different vendors is because one
may catch what another may miss.

I just have to try sophos, that I downloaded from the site. It' free
trial for 30 days. I'll let you know results.

I think AGENT.XJ to be a rootkit maleware

Dave

sus
fuzzy

 

[Ayatollah Yootweiss Al-Reddi]

I think AGENT.XJ to be a rootkit maleware

Well then I hope you tried those other scanners from Safe Mode,
or preferably Safe Mode With Commaond Prompt, or after booting
from some other copy of Windows.

 

[fuzzy]

Well then I hope you tried those other scanners from Safe Mode,
or preferably Safe Mode With Commaond Prompt, or after booting
from some other copy of Windows.

No, i think I have to try it, right?.

Anyway I just tried Sophos (30days trial full option), but it cannot
individuate them
Instead I tried Sophos anti-rootkit tool (free) and it sees one of the
infected files, then it
says it'll remove it, but when I restart, the file is still there.
Probably I've to
scan from another sys as you pointed...

thank you all very much.

I'm sinking into a frustration...

fuzzy

 

[Phil Weldon]

'fuzzy' wrote, in part:
| As I wrote in the first post:
| "I scanned my PC with Spyware doctor free licence" (scanning only).
|
| If you want to remove them you have to pay. I don't want.
| If I should pay each single AV, just because one sees a virus, one
| sees another... how much I'd to spend?
_____

Almost certainly what you have is a scam; rogue anti-malware.

Did you deliberately install this 'Spyware doctor'? If so, why?

Was it recommended?

Did you check reviews?

Don't you think it a bit suspicious that the ONLY scan that detects these
'trojan' files also requests you pay for removal?

Have you checked the actual name at
http://spywarewarrior.com/rogue_anti-spyware.htm ?

Have you submitted the 'infected' files to anti-virus companies?

Phil Weldon


| On 20 Mar, 21:48, "David H. Lipman" <[email protected]>
| wrote:
| > From: "fuzzy" <[email protected]>
| >
| > |
| > | because I have CA antivirus installed on my pc, I've tried kasperky
| > | and mcafee online scanning, without any results. I haven't tried
| > | sophos, instead...
| > |
| > | fuzzy
| >
| > Then I must ask...
| >
| > How do you know that you have "...two trojan AGENT.XJ e GROMP" infected
files ?
|
| As I wrote in the first post:
| "I scanned my PC with Spyware doctor free licence" (scanning only).
|
| If you want to remove them you have to pay. I don't want.
| If I should pay each single AV, just because one sees a virus, one
| sees another... how much I'd to spend?
| I don't even know whether it is a trick from sw productor to sell more
| software...
|
| We say: thinking bad is not good, but often you hit the target
| (well this is my terrible personal translation of italian way of
| saying...)
|
| > BTW: The reason I include 4 different AV scanners from 4 different
vendors is because one
| > may catch what another may miss.
|
| I just have to try sophos, that I downloaded from the site. It' free
| trial for 30 days. I'll let you know results.
|
| I think AGENT.XJ to be a rootkit maleware
|
| > Dave
|
| sus
| fuzzy
|

 

[fuzzy]

'fuzzy' wrote, in part:
| As I wrote in the first post:
| "I scanned my PC with Spyware doctor free licence" (scanning only).
|
| If you want to remove them you have to pay. I don't want.
| If I should pay each single AV, just because one sees a virus, one
| sees another... how much I'd to spend?
_____

Almost certainly what you have is a scam; rogue anti-malware.

I'm not expert about such a stuff, and I don't know what
is a "scam" (maybe because of english).

Anyway consider that before installing Spyware doctor,
I had CA antivirus and it detects Win32/Stresid.T virus
and it cannot remove it. Is CA anti-v a "scam" also?

Certanly I'm getting puzzled.

Did you deliberately install this 'Spyware doctor'? If so, why?
Was it recommended?
Did you check reviews?

No, I was suggested by people on italian usenet pc-security
news group (it.comp.sicurezza.virus). They told me it's the best anti-
virus on the net.
I also tell you that at first I didn' trust who gave me
this suggestion, and I asked other people on
that NG. I received only positive reply.

At that point I decided to install spyware doct. and scan.

Don't you think it a bit suspicious that the ONLY
scan that detects these 'trojan' files also requests
you pay for removal?

Yes, I already wrote that.

Have you checked the actual name >athttp://spywarewarrior.com/rogue_anti-spyware.htm?

No, thanks i'm going to read it. But assume that I'm not going to
trust it either.

Have you submitted the 'infected' files to anti-virus companies?

No. Which company you suggest?

Phil Weldon

thanks
fuzzy

 

[fuzzy]

No. I checked on the site you suggest.
"Spyware doctor" result on "Trustworthy Anti-Spyware Products " list.

fuzzy

 

[Bullseye]

No. I checked on the site you suggest.
"Spyware doctor" result on "Trustworthy Anti-Spyware Products " list.

fuzzy

I hesitate to trust any product that "finds" malware then charges me to
remove it. I also tried Spyware Doctor around a year ago and it "found"
around 15 pieces of "malware" that NOD32, CounterSpy, A-Squared, Ewido, et
al, did not "find." Before getting all excited about not being able to
remove this thing, I would scan with some other anti-malware apps to see
what they find. You can download Superantispyware, AVG Antispyware, etc
for free. I have seen a lot of posts in security forums from people who
have experienced their share of false positives with Spyware Doctor, so
just because it says some nasty is there doesn't mean it is actually
malware. That's why it's good to use multiple tools.

 

[Phil Weldon]

'fuzzy' wrote:
| No. I checked on the site you suggest.
| "Spyware doctor" result on "Trustworthy Anti-Spyware Products " list.
_____

Guardare:
"Spyware Doctor 5 suffers from software glitches; failed to identify or
remove a test Trojan horse; returned a high number of false positive or
extremely low-risk results; ..."
a
http://reviews.cnet.com/PC_Tools_Spyware_Doctor_2007/4505-3688_7-32305499.html .

|
| > > Almost certainly what you have is a scam; rogue anti-malware.
|
| No. I checked on the site you suggest.
| "Spyware doctor" result on "Trustworthy Anti-Spyware Products " list.
|
| fuzzy
|