Agent.uj trojan downloader remains in memory.

[Guest]

When looking for the removal of small.popcorn 64 and PWS-Pinch password
stealers that couldn't be removed with Microsoft Antispyware I used the Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj that was
found when scanning the memory. I tried MS Antispyware and Ewido in safe mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans I
mentioned above and some others that are reinstalled in my system.

Any suggestion?

 

[Guest]

I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton Antivirus
doesn't even find it (I'm losing faith in that product very quickly)] How
can I remove this?

Cheers,
Gregory

 

[Bill Sanderson]

Are you doing scans in safe mode?
--

I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton Antivirus
doesn't even find it (I'm losing faith in that product very quickly)] How
can I remove this?

Cheers,
Gregory

When looking for the removal of small.popcorn 64 and PWS-Pinch password
stealers that couldn't be removed with Microsoft Antispyware I used the
Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj that
was
found when scanning the memory. I tried MS Antispyware and Ewido in safe
mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans I
mentioned above and some others that are reinstalled in my system.

Any suggestion?

 

[Guest]

Yes, I have been doing scans in both safe and normal mode.

Are you doing scans in safe mode?
--

I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton Antivirus
doesn't even find it (I'm losing faith in that product very quickly)] How
can I remove this?

Cheers,
Gregory

When looking for the removal of small.popcorn 64 and PWS-Pinch password
stealers that couldn't be removed with Microsoft Antispyware I used the
Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj that
was
found when scanning the memory. I tried MS Antispyware and Ewido in safe
mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans I
mentioned above and some others that are reinstalled in my system.

Any suggestion?

 

[Guest]

Hi guys.

Some helpful fellows at Ewido solved my problem regarding agent.uj

Here is what they suggested: Download Blacklight at

http://www.f-secure.com/exclude/blacklight/index.shtml

and run a search. My search turned up several hidden processes. They asked
me to rename a few of them, which is an option given in the program (they
told me to NEVER rename C:\WINDOWS\system32\wbem\wbemtest.exe - this is a
legitimate file). The program renamedthe files and rebooted the computer. I
then ran the computer in Safe Mode and Ran Ewido again. This completely
cleared Agent.uj off my computer.

However, I must warn everyone that I am NOT a computer tech. Please check
with more educated people about which files to rename and which to leave
alone after running blacklight.

For reference, the files I had to rename included

C:\WINDOWS\system32\dmxbb.exe
C:\WINDOWS\system32\filesafer23.exe
C:\WINDOWS\system32\favset.exe
C:\WINDOWS\system32\howiper.exe
C:\WINDOWS\system32\cspyb.exe
C:\WINDOWS\system32\csiqx.exe

These were the source of agent.uj on my computer. They are renamed with a
new extension - for example, howiper.exe becomes howiper.exe.ren - and they
can then be manually deleted.

Yes, I have been doing scans in both safe and normal mode.

Are you doing scans in safe mode?
--

I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton Antivirus
doesn't even find it (I'm losing faith in that product very quickly)] How
can I remove this?

Cheers,
Gregory

:

When looking for the removal of small.popcorn 64 and PWS-Pinch password
stealers that couldn't be removed with Microsoft Antispyware I used the
Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj that
was
found when scanning the memory. I tried MS Antispyware and Ewido in safe
mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans I
mentioned above and some others that are reinstalled in my system.

Any suggestion?

 

[Bill Sanderson]

Thanks very much for the update. I'd done some research using the name of
the critter and hadn't found anything I thought would be useful to you, and
lost track of the thread, I'm afraid.

This is the second message I've seen recently involving spyware or viral
trojan software masked using root kit techniques. I believe that a
Microsoft solution to this issue will need to detect these bugs--and I hope
to see improvement in this area.

--

Hi guys.

Some helpful fellows at Ewido solved my problem regarding agent.uj

Here is what they suggested: Download Blacklight at

http://www.f-secure.com/exclude/blacklight/index.shtml

and run a search. My search turned up several hidden processes. They
asked
me to rename a few of them, which is an option given in the program (they
told me to NEVER rename C:\WINDOWS\system32\wbem\wbemtest.exe - this is a
legitimate file). The program renamedthe files and rebooted the computer.
I
then ran the computer in Safe Mode and Ran Ewido again. This completely
cleared Agent.uj off my computer.

However, I must warn everyone that I am NOT a computer tech. Please check
with more educated people about which files to rename and which to leave
alone after running blacklight.

For reference, the files I had to rename included

C:\WINDOWS\system32\dmxbb.exe
C:\WINDOWS\system32\filesafer23.exe
C:\WINDOWS\system32\favset.exe
C:\WINDOWS\system32\howiper.exe
C:\WINDOWS\system32\cspyb.exe
C:\WINDOWS\system32\csiqx.exe

These were the source of agent.uj on my computer. They are renamed with a
new extension - for example, howiper.exe becomes howiper.exe.ren - and
they
can then be manually deleted.

Yes, I have been doing scans in both safe and normal mode.

Are you doing scans in safe mode?
--

message
I too am having the EXACT same problem with Agent.uj

It is found in the momory and Ewido will not erase it. [Norton
Antivirus
doesn't even find it (I'm losing faith in that product very quickly)]
How
can I remove this?

Cheers,
Gregory

:

When looking for the removal of small.popcorn 64 and PWS-Pinch
password
stealers that couldn't be removed with Microsoft Antispyware I used
the
Ewido
and found about 20 other trojans in my computer.

Ewido took charge of them but showed an error removing the Agent.uj
that
was
found when scanning the memory. I tried MS Antispyware and Ewido in
safe
mode
but the infection is still there.

Everytime I open IExplorer it seems to open the door to the trojans
I
mentioned above and some others that are reinstalled in my system.

Any suggestion?