Trojan.Agent.BI & Trojan.Downloaders.Agent.BQ Etc.
Hey everyone. I'm new here, my names Joe...
Well I've taken on the task of fixing a relatives old gateway computer... Of course, they didn't use a firewall or anti-virus, anti-spyware... They had their friend reformat the hard drive and then just started browsing the net!!! So here I am... I already fixed alot of there stuff but I got these two nasty ones that keep poppin up. I have updated their windows XP Home with SP1 & SP2 along with all the other updates... I've ran anti-virus and anti-spyware and nothing seems to get rid of these...
Programs in use (now) are:
Microsoft Anti-Spyware (latest version with latest updates)
Bit Defender Professional Plus 9 (with latest updates)
CCleaner (newest version)
Heres the HiJackThis log..
Logfile of HijackThis v1.99.1
Scan saved at 5:24:34 AM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Re: Trojan.Agent.BI & Trojan.Downloaders.Agent.BQ Etc.
Dedicated HIJACKTHIS FOLDER NEEDED: – very important
You need to set up a dedicated HijackThis folder to ensure that available recovery features of the tool are possible should they be needed. Create a folder HJT such as C:\HJT or C:\Program Files\HJT. Copy or drag-and-drop the HijackThis program to the newly created folder. Then make or alter the shortcut to the HJT program.
You have a nasty About:Blank infection. Fixing this requires several cleanup tools to be downloaded for later use.
Unzip it to your desktop.
Initially, run AboutBuster 5.0 and press ‘Update’ to make sure you have the latest reference file version.
Do not run the actual scan/fix until instructed below.
You will run About:Buster while you are in Safe Mode.
It will create a log in addition to cleaning your system. Post that log into your next reply in this thread.
DISCONNECT FROM THE INTERNET
During the fix do NOT connect to the Internet (turn your modem off or disconnect your internet connection wire).
Unless you can memorize these instructions, it would be a good idea to print them out or save these instructions to a file on your desktop (NOTEPAD).
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O2 - BHO: Class - {196066D6-4FB2-A00C-7E08-A151674E1789} - C:\WINDOWS\system32\addmm32.dll (file missing)
O2 - BHO: Class - {2CDE1514-2193-6763-C430-05413232D3E7} - C:\WINDOWS\system32\mspi32.dll
O2 - BHO: Class - {9B7B8469-5DD6-2CC3-6510-338DE167588F} - C:\WINDOWS\appud32.dll
O2 - BHO: Class - {B11BCDC9-1DD6-8BB6-933F-3824A67B8492} - C:\WINDOWS\apphk32.dll (file missing)
O2 - BHO: Class - {C47F26FB-2717-FEB3-9E41-FD54EB783896} - C:\WINDOWS\netld.dll
O2 - BHO: Class - {EB56A74D-84CE-7822-6816-C95DF458D0FD} - C:\WINDOWS\mfcsa32.dll
Make sure that all browser windows and internet links are closed, even this one! CLICK ’FIX CHECKED’ with HijackThis.
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).
Now, run AboutBuster and select ’Begin Removal’. Continue running the scan until it shows clean.
Post a copy of the scan results, which will appear in the AboutBuster folder.
Next, run CWShredder
-Click on the: ‘Fix’ button
-Follow the prompts, and press OK
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok. Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files Click OK or Enter
Check that none of the DLL files still exist on your PC from HJT items removed.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Re: Trojan.Agent.BI & Trojan.Downloaders.Agent.BQ Etc.
Hey, Thanks for your help...
Well I followed your directions exactly... Once I restarted windows I still got some anti-virus alerts... I only stuck around to see 2 errors but there might have been more... Usually there are tons of files effected from GenPack:Trojan.Agent.BI
Anyway... the computer I'm working on only has 128mb of SD Ram with a Pent 4 2.5ghz ... So needless to say its very slow just because it has barely any ram and the spyware, viruses, etc. So I'm thinking I will just stick in their windows disk and reinstall windows and reformat the hard drive....
Otherwise I'd have to keep burning discs back and forth to transfer log files from hijack this. Not to mention unplugging the keyboard, mouse, and monitor from this pc and into that one, and back and forth... (which is hard the way this pc is setup) Oh and hijack this didnt show any of the things that you had me delete when i ran it again... I don't have the new log file tho, sorry. (i know thats not much help)
IE won't even run on that computer when I have my cable modem hooked up to it... (although i didnt try after removal instructions)
So reinstalling windows will do the trick right? That way i dont even have to mess wit all this stuff... I already spent like 10 hours on this pc just trying to install updates, etc. ITS THAT SLOW!!!
Re: Trojan.Agent.BI & Trojan.Downloaders.Agent.BQ Etc.
Quote:
So reinstalling windows will do the trick right? That way i dont even have to mess wit all this stuff... I already spent like 10 hours on this pc just trying to install updates, etc. ITS THAT SLOW!!!
You definitely need more memory just to ensure that such a PC has a fighting chance (critical updates and download tools) to get and stay healthy.
I wouldn't want to be the one reinstalling that one with less than 256MB (preferably 512MB) of RAM. Those circumstances will continue to make your association with that PC most frustrating and generally unproductive.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Re: Trojan.Agent.BI & Trojan.Downloaders.Agent.BQ Etc.
Yeah, I'm not gonna do anything until I get more ram for it.
I'm checked gateway and their computer can hold 3 512mb sticks so I'm gonna have her upgrade to 2 512 sticks and keep one of the lousy 64mb sticks she has... So as soon as them get here the computer should be alot faster....
Thanks again... I'm sorry if I wasted your time VopThis... You were very helpful... I just don't have the energy to play around with this computer. I've already spent like 10 hours on it and I'm not sure if shes even gonna give me any money for all this... grrr...
