Viruses

  • Thread starter Thread starter Patty
  • Start date Start date
P

Patty

Does anybody know what these are or how to get rid of them?

Trojan-downloader.win32.agent.bq
Trojan.clicker.win32.Tiny.h

I keep getting what appears to be Windows Security Boxes telling me my
firewall has detected suspicious activity. I should have know something was
up because I don't even have my Windows firewall activated. I tried
"googling" a manual removal but I don't know where in the regedit to fine the
keys I'm suppose to remove.

If any of you MVP's or very knowledgable computer people can help me
out.....I'd truly much appreciate it because it's a nuisance.

Thanx.......Patty
 
Either of these applications should delete the trojans.

Download A-Squared Free
http://www.emsisoft.com/en/software/free/

Download Malwarebytes Anti-Malware
http://www.malwarebytes.org/


If you want to know more about the two trojans check the links... just read
the information but do not scan your computer with their online scanner or
download their software... SpyHunter is on the suspicious Anti Spyware List
probably for a good reason.

Info: Trojan-Downloader.Win32.Agent.bq
http://www.411-spyware.com/remove-trojan-downloader-win32-agent-bq

Info:
Trojan-Clicker.Win32.Tiny.h
http://www.411-spyware.com/remove-trojan-clicker-win32-tiny-h
 
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
From: "Patty" <[email protected]>

| Does anybody know what these are or how to get rid of them?

| Trojan-downloader.win32.agent.bq
| Trojan.clicker.win32.Tiny.h

| I keep getting what appears to be Windows Security Boxes telling me my
| firewall has detected suspicious activity. I should have know something was
| up because I don't even have my Windows firewall activated. I tried
| "googling" a manual removal but I don't know where in the regedit to fine the
| keys I'm suppose to remove.

| If any of you MVP's or very knowledgable computer people can help me
| out.....I'd truly much appreciate it because it's a nuisance.

| Thanx.......Patty

Neither are "viruses", they are trojans.

The first, as its name implies, is a trojan downloader which mens that once installed, it
will dowload peers.
I'm not sure of exaclty what the trojan clicker family is.

You left out important information.
- What is the fully qulaified name and path to the files deemed infected
- What is the anti virus application that deemed the files to be infected.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Thank you all for your replies. I think I know now how it got there. I
guess I got dupped awhile ago and downloaded Spyhunter. I'm going to remove
Spyhunter from my computer (guess there's no chance in getting my money
back.....huh?) and try all your suggestions.

Dave: Unfortunately I'm not very computer literate so I'll have to wait for
my son to do as you suggested if all else fails. As far as the antivirus
software goes, I use AVG. I actually have it set up to update and scan every
morning and so far it hasn't picked anything up. I also don't know the fully
qualified name of path of the files infected because I don't know how to find
that. I've been running my Ad-Aware and that has found infected files but it
was unable to remove 14 of them. Also, when I try to run my ad-aware in safe
mode (which I was told a long time ago was best to do) I get an error message
and it won't scan.

Again, thank you all for your suggestions. If I have more problems, I will
post back.

Patty


David H. Lipman said:
From: "Patty" <[email protected]>

| Does anybody know what these are or how to get rid of them?

| Trojan-downloader.win32.agent.bq
| Trojan.clicker.win32.Tiny.h

| I keep getting what appears to be Windows Security Boxes telling me my
| firewall has detected suspicious activity. I should have know something was
| up because I don't even have my Windows firewall activated. I tried
| "googling" a manual removal but I don't know where in the regedit to fine the
| keys I'm suppose to remove.

| If any of you MVP's or very knowledgable computer people can help me
| out.....I'd truly much appreciate it because it's a nuisance.

| Thanx.......Patty

Neither are "viruses", they are trojans.

The first, as its name implies, is a trojan downloader which mens that once installed, it
will dowload peers.
I'm not sure of exaclty what the trojan clicker family is.

You left out important information.
- What is the fully qulaified name and path to the files deemed infected
- What is the anti virus application that deemed the files to be infected.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
Click to expand...
 
From: "Patty" <[email protected]>

| Thank you all for your replies. I think I know now how it got there. I
| guess I got dupped awhile ago and downloaded Spyhunter. I'm going to remove
| Spyhunter from my computer (guess there's no chance in getting my money
| back.....huh?) and try all your suggestions.

| Dave: Unfortunately I'm not very computer literate so I'll have to wait for
| my son to do as you suggested if all else fails. As far as the antivirus
| software goes, I use AVG. I actually have it set up to update and scan every
| morning and so far it hasn't picked anything up. I also don't know the fully
| qualified name of path of the files infected because I don't know how to find
| that. I've been running my Ad-Aware and that has found infected files but it
| was unable to remove 14 of them. Also, when I try to run my ad-aware in safe
| mode (which I was told a long time ago was best to do) I get an error message
| and it won't scan.

| Again, thank you all for your suggestions. If I have more problems, I will
| post back.

| Patty

Oh yes, Engma SpyHunter.

A rogue anti malware in that the company practices unethical tactics to boost the bottom
line because it is a publically traded company.

There are *much* better products out there!
 
David H. Lipman said:
From: "Patty" <[email protected]>

| Thank you all for your replies. I think I know now how it got there. I
| guess I got dupped awhile ago and downloaded Spyhunter. I'm going to remove
| Spyhunter from my computer (guess there's no chance in getting my money
| back.....huh?) and try all your suggestions.

| Dave: Unfortunately I'm not very computer literate so I'll have to wait for
| my son to do as you suggested if all else fails. As far as the antivirus
| software goes, I use AVG. I actually have it set up to update and scan every
| morning and so far it hasn't picked anything up. I also don't know the fully
| qualified name of path of the files infected because I don't know how to find
| that. I've been running my Ad-Aware and that has found infected files but it
| was unable to remove 14 of them. Also, when I try to run my ad-aware in safe
| mode (which I was told a long time ago was best to do) I get an error message
| and it won't scan.

| Again, thank you all for your suggestions. If I have more problems, I will
| post back.

| Patty

Oh yes, Engma SpyHunter.

A rogue anti malware in that the company practices unethical tactics to boost the bottom
line because it is a publically traded company.

There are *much* better products out there!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

I think the 2 suggested tools worked. Just one more question if you don't mind though. Can I run these programs regularly (as I do Ad-Aware) and, can I run them in safe mode? Also, should I enable my Windows Firewall? I thought I had a problem with it conflicting with my AVG (I have the paid version with a firewall) so that's why I disabled it.
Click to expand...

Okay....so technically it was 3 questions but who's counting... :).

Thanx

Patty
 
From: "Patty" <[email protected]>




| Okay....so technically it was 3 questions but who's counting... :).

| Thanx

| Patty


The Multi AV Scanning Tool can be used on a regular basis and each time you use it each
module will keep itself up o date.

All can be run in Safe Mode.
 
Sad to say.....they got my $40.00... :(. Next time I want to download
something that looks too good to be true, I'll ask around here first.

Thanx again to all of you for your help.....you guys/gals are the best!!

Patty
 
From: "Patty" <[email protected]>

| Sad to say.....they got my $40.00... :(. Next time I want to download
| something that looks too good to be true, I'll ask around here first.

| Thanx again to all of you for your help.....you guys/gals are the best!!

| Patty

OK but "not around here".

In the future, please post malware related problems in a virus related neww group such as;
microsoft.public.security.virus
 
From: "Unknown" <[email protected]>

| Handled very well here also and this is a good/excellent newsgroup for
| newbies..

People like me can't afford to browse EVERY bloody news group.

Those who post this subject matter all over the place will often get; mislead,
misdirected, trolled, or worse.

This is NOT an excellent news group for this subject matter as malware affects every OS.
This is a WinXP news group, albeit general, and should stick to constructs specific to
WinXP.
 
People like you do nothing but complain. Are you obligated to answer the
questions in this group?
Can't afford to browse other groups??? Makes no sense. People who post
this subject matter
generally do not 'post all over the place'. Since malware affects every OS,
this is an excellent place to
post this subject.
[email protected]> wrote in message
news:[email protected]...
 
From: "Unknown" <[email protected]>

| People like you do nothing but complain. Are you obligated to answer the
| questions in this group?
| Can't afford to browse other groups??? Makes no sense. People who post
| this subject matter
| generally do not 'post all over the place'. Since malware affects every OS,
| this is an excellent place to
| post this subject.

I have been in Usenet posting and replying about viruses and Today's malware in general
for almost 20 years. People like me have helped numerous posters deal with the epidemic
of malware. I know what I am talking about.

There are reasons why Usenet has specific news group discussing specific subject matter.
MS Outlook may run under WinXP but queries are best made in a MS Outlook related news
group.
MS Outlook Express may run under WinXP but queries are best made in a MS Outlook Express
related news group.
etc, etc.

I do not flame nor argue a subject matter. Think as you wish. I have made my statement.
 
From: "ArameFarpado" <[email protected]>

| Em Segunda, 22 de Setembro de 2008 22:04, David H. Lipman escreveu:

| Not true.

It sure is.

The only thing is some operating systems are targeted more than others. Win32 is the most
targeted OS familiy (and we are in the Microsoft Usenet hierarchy) but you name an OS and
there is some form of malware for it.
 
Em Segunda, 22 de Setembro de 2008 23:25, David H. Lipman escreveu:
From: "ArameFarpado" <[email protected]>

| Em Segunda, 22 de Setembro de 2008 22:04, David H. Lipman escreveu:


| Not true.

It sure is. No.

The only thing is some operating systems are targeted more than others.
Win32 is the most targeted OS familiy (and we are in the Microsoft Usenet
hierarchy)
Click to expand...
almost all huge internet servers runs on unix like OSs, so as big company
servers... are you thinking this machines are not tempting targets?

Ms OSs are the most target by malware because it is easy to target them...

There had been several attempts to create a virus that infect unix like
systems like they infect windows, and they all failed, because they can
only workout in badly configured or wrongly used systems.
but you name an OS and there is some form of malware for it.
Click to expand...
They can be hacked if they have open ports like all servers have, but can't
be infected like windows and symbian (nokia phones) can.
Actualy, these are the two systems that need to be protected by anti-malware
progs... an MacOS or Linux user will only install an antivirus if he is
paranoid.

For windows to get the same level of imunity, it would have to change a lot:
---stop identifying file types by its extention's name (weekness)
---stop loading bynaries (as programs) by clicking directly on them (extreme
weekness)
---create a new permissions system that really works...
---ban the autorun in removable volumes.
---does not allow the administrator to have a grafical desktop.
and this would go on and on...

the best way to fight the threat of malware is to correct the flaws and
weekness they exploit... not trusting on anti-malware to solve it...
anti-malware could be used only as a temporary solution, not a permanet
one.

Microsoft did some of these corrections allready (the RPC exploit) but they
wore not enought

regards
 
From: "ArameFarpado" <[email protected]>

| Em Segunda, 22 de Setembro de 2008 23:25, David H. Lipman escreveu:
| No.
| almost all huge internet servers runs on unix like OSs, so as big company
| servers... are you thinking this machines are not tempting targets?

| Ms OSs are the most target by malware because it is easy to target them...

| There had been several attempts to create a virus that infect unix like
| systems like they infect windows, and they all failed, because they can
| only workout in badly configured or wrongly used systems.
| They can be hacked if they have open ports like all servers have, but can't
| be infected like windows and symbian (nokia phones) can.
| Actualy, these are the two systems that need to be protected by anti-malware
| progs... an MacOS or Linux user will only install an antivirus if he is
| paranoid.

| For windows to get the same level of imunity, it would have to change a lot:
| ---stop identifying file types by its extention's name (weekness)
| ---stop loading bynaries (as programs) by clicking directly on them (extreme
| weekness)
| ---create a new permissions system that really works...
| ---ban the autorun in removable volumes.
| ---does not allow the administrator to have a grafical desktop.
| and this would go on and on...

| the best way to fight the threat of malware is to correct the flaws and
| weekness they exploit... not trusting on anti-malware to solve it...
| anti-malware could be used only as a temporary solution, not a permanet
| one.

| Microsoft did some of these corrections allready (the RPC exploit) but they
| wore not enought

| regards


Attempts at infecteing Unix/Linux didn't fail. They weren't as successful as with Win16
and Win32.
Let see...

There was the Bliss. Remember that ?
Then there is the RST.a/RST.b (aka; ELF.RST.a), Rike, Ramen, Metaphor, Lindoes, Kagob and
the infamous OSF.8759.
We also have the Lion, Kork, Millen and Slapper worms and the Obsidian.

I'm sorry...

There is malware for the 'nix families whether they are configured properly or not, they
exist and there will continue to be new ones created. As the MAC and 'nix OS' become more
prevalent they too will have a larger targeting base.

Even the venerable VM/CMS had its virus holiday in '88 on Christmas < LOL >

Like the Amiga ? It had viruses. It even got Aids < lol >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Pesky TROJAN virus won't go away. 4
looking for an ISO for Win XP Black x64 0
PC Infected Full of TROJANS......Can’t Delete & Keep Coming Back!! 1
Peper Trojan 6
Trojan Downloader.small.6.1 3
Trojan 10
~ file??? 6
Would you continue using a HD you disinfected--or do a cleanreinstall or Ghost an older HD image? 26

Back
Top