Description of Trend Micro TROJ_AGENT.SN

[Frankster]

Does anyone know where I can get a description of the subject Trojan
(TROJ_AGENT.SN).

For some reason it can't be found on Trend Micro's website and I can't
figure out what other names other Anti-Virus vendors use for this one.

Trend Micro Officescan identifies this as a found virus after scanning. It
is found in the "c:\system volume Information\_restore directory. My
symptoms are that the desktop is populated (regenerating after deletion)
with about 10 or so shortcuts to porn and sex sites (and others).
Additionally, popups keep appearing, some suggesting to "click here" to
download Anti-spyware and "fix" your machine. All browser attempts are
preempted and get redirected to http://ng(somethingIcan'tremember.com (or
vaguely similar). Seems also to disconnect modem dial up (maybe just a
byproduct of browser infection).

Thanks,

-Frank

 

[David H. Lipman]

From: "Frankster" <[email protected]>

| Does anyone know where I can get a description of the subject Trojan
| (TROJ_AGENT.SN).
|
| For some reason it can't be found on Trend Micro's website and I can't
| figure out what other names other Anti-Virus vendors use for this one.
|
| Trend Micro Officescan identifies this as a found virus after scanning. It
| is found in the "c:\system volume Information\_restore directory. My
| symptoms are that the desktop is populated (regenerating after deletion)
| with about 10 or so shortcuts to porn and sex sites (and others).
| Additionally, popups keep appearing, some suggesting to "click here" to
| download Anti-spyware and "fix" your machine. All browser attempts are
| preempted and get redirected to http://ng(somethingIcan'tremember.com (or
| vaguely similar). Seems also to disconnect modem dial up (maybe just a
| byproduct of browser infection).
|
| Thanks,
|
| -Frank
|



Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE
(free personal version v1.05)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu exit the utility so you can boot into Safe Mode.

4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\sysclean.com
Let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
This time, choose to execute SYSCLEAN.COM from the menu.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *