1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan horse downloader.Agent.BJ

Discussion in 'Virus & Other Malware Removal' started by MsKittie_1, Jul 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. MsKittie_1

    MsKittie_1 Thread Starter

    Joined:
    Apr 29, 2004
    Messages:
    16
    A friend of mine has a Trojan horse downloader.Agent.BJ on her computer. We have managed to contain it so it isn't running but I am looking for a way to remove it. If you have any suggestings or links please let me know.

    Thanks
     
  2. bosshogg151

    bosshogg151

    Joined:
    Jan 17, 2004
    Messages:
    553
    Please go to http://www.spychecker.com/program/hijackthis.html

    Please note: When you download HijackThis put it in its own permanent folder like My Documents for example. DO NOT download to a temp folder or the desktop.

    Launch program and click on the SCAN button. After scan click on “ Save Log “. It should save to Notepad.

    Click on Edit, then Select All. Then click Edit again then Copy. Then paste log back here in a reply.

    DO NOT have HijackThis fix anything yet. Most of what it shows will be harmless / needed stuff. Wait for an expert to review it and advise you.
     
  3. chubob

    chubob

    Joined:
    Aug 26, 2004
    Messages:
    7
    I have the Trojan horse downloader.Agent.BJ ... and I really need help... I dont know how to get rid of it, so, here is the log I got from the Hijackthis:


    I really, really need help, and by the way, if any could tell me what damage or what is the function of this trojan... HElp!!! :eek:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:58:13 a.m., on 26/08/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ARCHIV~1\Grisoft\AVG6\avgserv.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\ipkz32.exe
    C:\WINDOWS\Mixer.exe
    C:\ARCHIV~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\winjm.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ROBERTO JR\Escritorio\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rftml.dll/sp.html#29126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {24D78427-B916-4EF1-6574-F9CC427F1DFC} - C:\WINDOWS\iert32.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: T1msn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.2001.0001\es-mx\msntb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\ARCHIV~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [winjm.exe] C:\WINDOWS\winjm.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093481110527
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/254060