Kapersky found Trojan.Win32.Agent.avfi

  • Thread starter Thread starter carolyn
  • Start date Start date
C

carolyn

Hi,

I have been having slow computer problems and began running some alternate
virus programs suggested in some of the forums. I currenlty have Windows
Live One Care as my virus protection. After running Symantec, House Call,
Spybot, I ran Kapersky. It found this virus which I have posted-- Any idean
how much damage it has done and what this trojan's main focus is? Also,
Kapersky doesn't clean it- so how do I get rid of it? Below is the report
from Kapersky

Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build
2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 10:23:23
Records in database: 1465372


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Carolyn Bollig\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 47092
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:25:13

File name Threat name Threats count
C:\WINDOWS\RMAgentOutput.dll Infected: Trojan.Win32.Agent.avfi 1

The selected area was scanned.
 
Scan your computer with the 2 Programs below, and your Anti-virus, while in
Safe Mode.
All info below.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.
 
From: "carolyn" <[email protected]>

| Hi,

| I have been having slow computer problems and began running some alternate
| virus programs suggested in some of the forums. I currenlty have Windows
| Live One Care as my virus protection. After running Symantec, House Call,
| Spybot, I ran Kapersky. It found this virus which I have posted-- Any idean
| how much damage it has done and what this trojan's main focus is? Also,
| Kapersky doesn't clean it- so how do I get rid of it? Below is the report
| from Kapersky

< snip >

| Scan statistics
| Files scanned 47092
| Threat name 1
| Infected objects 1
| Suspicious objects 0
| Duration of the scan 01:25:13

| File name Threat name Threats count
| C:\WINDOWS\RMAgentOutput.dll Infected: Trojan.Win32.Agent.avfi 1

| The selected area was scanned.

It found a trojan, not a virus.

Use the Kaspersky module of my Multi AV Scanning Tool and set it to scan C:\windows


Download MULTI_AV.EXE from the URL --
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/


To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
OK - I already have Spybot and Malwarebytes installed on my computer. I ran
Spybot yesterday and this morning in regular mode and it finds nothing. I
also ran Malwarebytes earlier today before I got your message and it came up
with this- something totally different. I ignored the action. See below
post, I will also do as you suggested in Safe Mode and see what happens and
let you know.

Malwarebytes' Anti-Malware 1.31
Database version: 1507
Windows 5.1.2600 Service Pack 3

12/16/2008 1:39:48 PM
mbam-log-2008-12-16 (13-39-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145349
Time elapsed: 1 hour(s), 30 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\LG Electronics\LG USB Modem Drivers\InstallUSB64.exe
(Trojan.Agent) -> No action taken.
 
OK - ran spybot in safe mode nothing, ran malwarebytes- same as my last post
only there is one less? (also posted below) - but not the same as the
Kapersky find-- wasn't quite sure what to do with the Malwarebytes finds so I
ignored them for now-- it wouldn't let me quarantine them. I recognize the
name of this as I have an LG cell phone - but still don't quite get it--

Malwarebytes' Anti-Malware 1.31
Database version: 1507
Windows 5.1.2600 Service Pack 3

12/16/2008 9:05:56 PM
mbam-log-2008-12-16 (21-05-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 143973
Time elapsed: 2 hour(s), 30 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\LG Electronics\LG USB Modem Drivers\InstallUSB64.exe
(Trojan.Agent) -> No action taken.
 
Sorry David, I'm not quite sure I understand your instructions. I guess I
need a more remedial step-by-step. Can you clarify in steps what I need to
do in laymans terms-- I don't really consider myself a novice on this stuff--
but then again maybe I am. Thanks


David H. Lipman said:
From: "carolyn" <[email protected]>

| Hi,

| I have been having slow computer problems and began running some alternate
| virus programs suggested in some of the forums. I currenlty have Windows
| Live One Care as my virus protection. After running Symantec, House Call,
| Spybot, I ran Kapersky. It found this virus which I have posted-- Any idean
| how much damage it has done and what this trojan's main focus is? Also,
| Kapersky doesn't clean it- so how do I get rid of it? Below is the report
| from Kapersky

< snip >

| Scan statistics
| Files scanned 47092
| Threat name 1
| Infected objects 1
| Suspicious objects 0
| Duration of the scan 01:25:13

| File name Threat name Threats count
| C:\WINDOWS\RMAgentOutput.dll Infected: Trojan.Win32.Agent.avfi 1

| The selected area was scanned.

It found a trojan, not a virus.

Use the Kaspersky module of my Multi AV Scanning Tool and set it to scan C:\windows


Download MULTI_AV.EXE from the URL --
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/


To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
From: "carolyn" <[email protected]>

| Sorry David, I'm not quite sure I understand your instructions. I guess I
| need a more remedial step-by-step. Can you clarify in steps what I need to
| do in laymans terms-- I don't really consider myself a novice on this stuff--
| but then again maybe I am. Thanks

Read the included PDF Help File.

Use the kaspersky module.

Choose to scan a specific location with it being C:\windows
 
Back
Top