power manager trojan

[Debbie Graham]

I keep getting this power manager running in my services and even if I
disabled it on every reboot it starts itself back up. I used Malwarebytes
to remove it but when I reboot it comes back. How do I get rid of this? I
delete it in the registry and on reboot it comes back. Thanks


Debbie

 

[1PW]

I keep getting this power manager running in my services and even if I
disabled it on every reboot it starts itself back up. I used Malwarebytes
to remove it but when I reboot it comes back. How do I get rid of this? I
delete it in the registry and on reboot it comes back. Thanks

Debbie

Hello Debbie:

What is the precise/exact name given to the malware when removed by MBAM?

Exactly which registry entry do you delete?

We often follow MBAM malware removals with SAS run in your OS's "Safe
Mode":

<http://www.superantispyware.com/>

What version OS does you PC report with the "winver" command?

Please intersperse detailed answers in a reply to this thread with
your progress.

Best wishes to you.

 

[Debbie Graham]

Win XP 5.1 SP 3



Memory Processes Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\powermanager
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager
(Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted
successfully.


Debbie

 

[Twayne]

Trojan.Agent:

http://www.2-spyware.com/remove-trojan-agent.html

http://www.spyware-techie.com/trojanagent-removal-guide/

http://www.obcomputerrepair.com/SecuritySoftware/2009/06/04/how-to-remove-trojan-agent-asmu/

http://www.malwarebytes.org/forums/index.php?showtopic=4558

All on the first page of a search engine; see how handy they are?

HTH,

Twayne`

 

[Debbie Graham]

It seems I fixed it by using my drives backups. It seems even though it was
being removed from the windows dir. it infected all other exe files on the
other drives so on reboot those infected files would bring that file back
into the windows directory. I had backups of all my partitions and had to
do them all at once because if you did one and rebooted the infected files
on the other partitions infected the backup. So you have to do all the
backups before you start the computer.

Debbie