68 variations of downloader.agent found on my computer!

[Starman]

My anti-virus has found 68 different variations of this trojan most of them
satrting with downloader.agent. Most of these infected files are exes. I ran
the computer in safe mode and used ad-aware, spy-bot, anti-virus software,
cwshredder and god knows what else to no avail. These infections are still
remaining on my computer. Please help me in what to do to rid these. I'm at
of my tether and am genuinely seeking somebody's help.

Thank you.

 

[RonK]

Give this one a try - It's free for 30 days. I bought it after I tried it.
It also runs in the background to stop trojans from getting on your puter.
http://www.misec.net/trojanhunter.jsp

 

[Detlev Dreyer]

My anti-virus has found 68 different variations of this trojan most of
them satrting with downloader.agent. Most of these infected files are
exes. I ran the computer in safe mode and used ad-aware, spy-bot,
anti-virus software, cwshredder and god knows what else to no avail.
These infections are still remaining on my computer. Please help me in
what to do to rid these.

Save important data and re-install Windows on a fresh formatted drive.
Anything else is useless since you've lost the control of your system.

 

[Guest]

Computer Viruses: Description, Prevention, and Recovery
http://support.microsoft.com/default.aspx?scid=KB;en-us;129972

You may have to format your computer’s hard disk and reinstall Windows and
all your computer programs if one or more of the following conditions are
true:

• Your antivirus software displays a message that it cannot fix or remove
the virus.

• The virus damaged or deleted some of the important files on your computer.
This may be the case if Windows or some of the programs do not start, or if
they start with error messages that indicate that you have damaged or missing
files

• The symptoms that are described in this article persist even after you
clean your workstation and you are sure the problems are caused by a virus.

 

[David H. Lipman]

First, don't listen to those that say reinstall the OS. That's way too draconian and is NOT
needed at this time.

Second, there are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Finally, Please perform the following.

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt285.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .



2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave






| My anti-virus has found 68 different variations of this trojan most of them
| satrting with downloader.agent. Most of these infected files are exes. I ran
| the computer in safe mode and used ad-aware, spy-bot, anti-virus software,
| cwshredder and god knows what else to no avail. These infections are still
| remaining on my computer. Please help me in what to do to rid these. I'm at
| of my tether and am genuinely seeking somebody's help.
|
| Thank you.
|
|

 

[Detlev Dreyer]

First, don't listen to those that say reinstall the OS. That's way
too draconian and is NOT needed at this time.

Read this article written by the Microsoft Security Program Manager.
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

| The only way to clean a compromised system is to flatten and rebuild.
| That's right. If you have a system that has been completely
| compromised, the only thing you can do is to flatten the system
| (reformat the system disk) and rebuild it from scratch (reinstall
| Windows and your applications). Alternatively, you could of course
| work on your resume instead, but I don't want to see you doing that.

 

[Starman]

I did as you said David, and nothing worked!!!!

What now?

 

[Kelly]

You really seem to need secondary help, David. These issues are able to be
controlled.

--
All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Starman]

I've tried everything as outlined by David and others. I even purchashed the
software Spyware Doctor which found the infections and deleted. But, they
returned and now the Spyware Doctor says I have no infestations but the
culprits are still there.

In my control panel you can';t delete Search Assistant or Search Extender so
the hijacking keeps infecting my computer. Please, please help me, I'm at
the end of my tether. There has to be something to rid this infection. And
these infections are somehow preventing me from downloading updates for my
anti-virus, spyware doctor etc softwares.

Star

 

[Detlev Dreyer]

In my control panel you can';t delete Search Assistant or Search
Extender so the hijacking keeps infecting my computer. Please, please
help me, I'm at the end of my tether. There has to be something to rid
this infection. And these infections are somehow preventing me from
downloading updates for my anti-virus, spyware doctor etc softwares.

Today's trojans know how to bypass anti-virus and anti-spyware software.
Blocking Update downloads is just one of their strategies. Again,
rebuild your system from scratch and change all your passwords (home
banking etc.). At present, your system is widely open like a barn door.
Even when removing all 68 trojans, you will never be sure if your system
is already under the control of an intruder.

 

[David H. Lipman]

Like I said -- It is way too draconian and I see NO need to do that at this time. Wiping
the system clean and reinstalling is a knee jerk reaction and should *only* be done on a
severely compromised system where all other methods have been tried and failed.

This is "my field" of expertise. I know what I am talking about.

Dave




|
| > First, don't listen to those that say reinstall the OS. That's way
| > too draconian and is NOT needed at this time.
|
| Read this article written by the Microsoft Security Program Manager.
| http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
|
| | The only way to clean a compromised system is to flatten and rebuild.
| | That's right. If you have a system that has been completely
| | compromised, the only thing you can do is to flatten the system
| | (reformat the system disk) and rebuild it from scratch (reinstall
| | Windows and your applications). Alternatively, you could of course
| | work on your resume instead, but I don't want to see you doing that.
|
| --
| d-d

 

[Leythos]

Like I said -- It is way too draconian and I see NO need to do that at this time. Wiping
the system clean and reinstalling is a knee jerk reaction and should *only* be done on a
severely compromised system where all other methods have been tried and failed.

This is "my field" of expertise. I know what I am talking about.

Dave, there are many security professionals that lurk in this group, and
I can't think of one that's worth his salt that would tell a user, who
that have no history with, that they can safely remove infections from a
compromised system and be sure that it's clean, unless the professional
is doing the work.

Many people can clean their systems to an acceptable level, as long as
they monitor them for x amount of time after cleaning, but, for most
home users, there is only one way to clean the system and be 100% sure
it's clean - wipe/reinstall.

 

[David Candy]

Surely it depends on the person. For some it is the best choice. It's how my 13 YO niece mainains her computer.

 

[Detlev Dreyer]

Like I said -- It is way too draconian and I see NO need to do that at
this time. Wiping the system clean and reinstalling is a knee jerk
reaction and should *only* be done on a severely compromised system

Any system having 68 trojans installed *is* a severely compromised
system.

This is "my field" of expertise. I know what I am talking about.

Same here. Period and EOD.

 

[Starman]

Those who have said that David is wrong, I disagree. I finally got rid of
the trojans and malware and computer is absolutely clean. I find it
astonishing some people on this group attacked David's helpful advice. I
agree with him that a full reformat and clean is not the only way and it a
drastic measure not needed at this point. For those who also offered advice
to me, thank you very much.

 

[Starman]

By the way Spyware Doctor was what finally cleaned my system, I ran it in
safe mode and it found ever single trojan including removing the Search
Assistant/Search Extender/Shopping Wizard. I checked my Control Panel and
they're removed from there too! This is great.

 

[Kelly]

I still disagree and would take your system on any day.
--
All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Ron Martell]

Read this article written by the Microsoft Security Program Manager.
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

| The only way to clean a compromised system is to flatten and rebuild.
| That's right. If you have a system that has been completely
| compromised, the only thing you can do is to flatten the system
| (reformat the system disk) and rebuild it from scratch (reinstall
| Windows and your applications). Alternatively, you could of course
| work on your resume instead, but I don't want to see you doing that.

In my opinion, you are both right.

Detlev you are right with respect the the Microsoft type environment.
That is where there are hundreds or thousands of computers in the
organisation and a small army of trained I.T. professionals to look
after the "care and feeding" of these computers. Under those
circumstances, where the downtime for the computer user can be
measured in minutes or perhaps a couple of hours at most, flattening
the system is an appropriate action.

But for a home user or a micro sized business, with nobody but
themselves to do the work, it will take several days at least to get
the system back up with all the applications installed, data restored
from backups, and everything reconfigured. For these, David is right.
Flattening the system is the equivalent of capital punishment and the
problem may be no more serious than jaywalking. So it is worth
putting a bit of effort into the repair and recovery before resorting
to drastic measures.


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."

 

[Detlev Dreyer]

In my opinion, you are both right.
[...]
Under those circumstances, where the downtime for the computer user
can be measured in minutes or perhaps a couple of hours at most,
flattening the system is an appropriate action.

I agree, time is (much) money. In this particular case, however, other
aspects in that referred article count as well (excerpt):

| You can't clean a compromised system by removing the back doors. You
| can never guarantee that you found all the back doors the attacker put
| in. The fact that you can't find any more may only mean you don't know
| where to look, or that the system is so compromised that what you are
| seeing is not actually what is there.

When the original poster states that his system is "clean" now, that's
simply ridiculous. In fact, he doesn't even know what a "back door" is.

| You can't clean a compromised system by using a virus scanner. To tell
| you the truth, a fully compromised system can't be trusted. Even virus
| scanners must at some level rely on the system to not lie to them.

'Modern' trojans are way more smart than years ago. The problem is, that
an anti-virus showing no results may sway you in illusory safety. Only
an IT professional can find out if the system is secure or not. Telling
an low-brow user from afar that his system is secure when removing 68
trojans is frivolous, to say at least. In other words, the user has the
choice between pestilence and cholera only. He may either let his system
to a professional, spending much money or flatten the system in order to
be really secure.

 

[Kelly]

Hi Ron and Detlev,

Flattening the system is the equivalent of capital punishment and the
problem may be no more serious than jaywalking. So it is worth
putting a bit of effort into the repair and recovery before resorting
to drastic measures.

He may either let his system to a professional, spending much money or
flatten the system in order to be really secure.

I agree totally, thus my drive to help others.

It depends on the environment of the user. For a home user, there is no
need to seek professional help, if the user can help themselves. I have
never, in my years, had to do a flatline nor advise one to do so under these
conditions.

--
All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

In my opinion, you are both right.
[...]
Under those circumstances, where the downtime for the computer user
can be measured in minutes or perhaps a couple of hours at most,
flattening the system is an appropriate action.

I agree, time is (much) money. In this particular case, however, other
aspects in that referred article count as well (excerpt):

| You can't clean a compromised system by removing the back doors. You
| can never guarantee that you found all the back doors the attacker put
| in. The fact that you can't find any more may only mean you don't know
| where to look, or that the system is so compromised that what you are
| seeing is not actually what is there.

When the original poster states that his system is "clean" now, that's
simply ridiculous. In fact, he doesn't even know what a "back door" is.

| You can't clean a compromised system by using a virus scanner. To tell
| you the truth, a fully compromised system can't be trusted. Even virus
| scanners must at some level rely on the system to not lie to them.

'Modern' trojans are way more smart than years ago. The problem is, that
an anti-virus showing no results may sway you in illusory safety. Only
an IT professional can find out if the system is secure or not. Telling
an low-brow user from afar that his system is secure when removing 68
trojans is frivolous, to say at least. In other words, the user has the
choice between pestilence and cholera only. He may either let his system
to a professional, spending much money or flatten the system in order to
be really secure.