Virus Removal

[Lavert]

AVG 6 found a virus on my computer named Trojan Horse Downloader Agent 2k.
Shows the virus infected the file ipconfigs.exe.
Need help in removing. AVG 6 could not remove virus. It is still on my
computer.

 

[Carey Frisch [MVP]]

There is a very helpful virus removal newsgroup you may wish to post to:
news://msnews.microsoft.com/microsoft.public.security.virus

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Virus Removal Tools
http://securityresponse.symantec.com/avcenter/tools.list.html

Online Virus Removal Tutorials
http://www.symantec.com/techsupp/virusremoval/virusremoval_info_tutorial.html

3 Simple Steps to Insure the Security of Your PC
http://www.microsoft.com/security/protect/

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------------------------------


| AVG 6 found a virus on my computer named Trojan Horse Downloader Agent 2k.
| Shows the virus infected the file ipconfigs.exe.
| Need help in removing. AVG 6 could not remove virus. It is still on my
| computer.
|
| --
| Lavert Bryant
| Powder Springs GA

 

[PA Bear]

Run an AVG scan in Safe Mode, Lavert, per
http://aumha.org/forum/viewtopic.php?t=5878
--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

Protect Your PC
http://www.microsoft.com/security/protect

 

[=?Big5?B?uamkpCBCZW4=?=]

AVG 6 found a virus on my computer named Trojan Horse Downloader Agent 2k.
Shows the virus infected the file ipconfigs.exe.
Need help in removing. AVG 6 could not remove virus. It is still on my
computer.

http://housecall.trendmicro.com/housecall/start_corp.asp
Try this.....

 

[=?Big5?B?uamkpCBCZW4=?=]

AVG 6 found a virus on my computer named Trojan Horse Downloader Agent 2k.
Shows the virus infected the file ipconfigs.exe.
Need help in removing. AVG 6 could not remove virus. It is still on my
computer.

Here you go...........
http://forums.thetechguys.com/showthread.php?p=22879#post22879

 

[Lavert]

Robear:

Thanks for your reply. AVG 6 will not run in Safe Mode. I get error notice
that says "Drive Core not found winerr=2.
I ran AVG 6 a few minutes ago and it found another virus. Infected file
C:\Windows\System32\ZoneLockup.exe. The virus is named Trojan Horse
BackDoor Hackamy. Any more help /b appreciated.

 

[PA Bear]

Open AVG and check your definitions database, Lavert. As of this writing,
it should be dated 22 Jul-04. Compare to
http://free.grisoft.com/freeweb.php/doc/4.

Are you running MS Office or Outlook 2000?
http://support.microsoft.com/default.aspx?scid=kb;en-us;814437

See this l o n g thread from another forum:
http://www.dslreports.com/forum/remark,9557473~mode=flat?hilite=New+AVG+free+corrupted

I'd completely uninstall (including deleting AVG's program folder) and
either reinstall it or download a new copy using the key you already have.
Make certain AVG installs to C:\Program files. Now seek updates again (if
you need to get updates manually, see
http://free.grisoft.com/freeweb.php/doc/565/lng/us/tpl/v5) and then try the
Safe Mode scan again, Lavert.

In all likelihood AVG can't completely remove all traces of the Trojans
because some reside in your protected System Restore files. Running AVG in
Safe Mode with Show Hidden Files enabled should be able to address this.

I'd also recommend running at least two (2) of the free online scans listed
at http://aumha.org/secure.php#freeav (I suggest Panda and Symantec). You
won't be able to run 'em in Safe Mode but you can enable 'Show Hidden
Files'.

The next step would be to check for hijackware.

 

[Lavert]

Robear:

I never could get AVG 6 to run in Safe Mode. Uninstalled AVG 6 and
downloaded AVG 7 Trial Version. AVG 7 ran in Safe Mode and found virus.
Got virus to move to Virus Vault. Virus Vault shows virus name as Trojan
Horse Downloader.Agent.2.k, date of detection 23 Jul 04, path
C:\Windows\System32\ipconfigs.exe, file name ipconfigs.exe, file size 5.53
KB.

At this point I have three options. 1 - Wipe object. 2- Heal object.
Restore Object. Which option do you suggest I take? I am thinking option
1. Will option one get rid of the virus completely? Thanks again for your
help.

 

[PA Bear]

<winking> I'd take door #1, Lavert. Sure sounds like you had a faulty
install of AVG 6. Remember to send in your payment for AVG 7, as it's
certainly worth it.

AVG 7 FAQ
http://www.grisoft.com/faq/us_faqindex.php?id_rodice=1

FOLLOWUP:

1. Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

2. Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

 

[Lavert]

Bear:
Ran AVG 7 in normal mode. Took option 1 (Wipe Object). My computer is now
clear of this virus. Thanks again for your help. I really appreciate it. I
am going to order AVG 7 tomorrow.

 

[PA Bear]

Make *certain* you run the followups I posted, Lavert. If you had Trojan
Horse Downloader.Agent.2.k, you prolly have more troublemakers!