Trojan.Agent

[greens85]

Hi all,

I recently did a scan of my computer and it found Trojan.Agent. I use the computer for online banking & I'm just wondering if this Trojan has anything to do with the one that steals such personal information. I haven't logged onto my online banking since discovering the trojan.

Is anyone able to advise, the malwarebytes log is below:

Malwarebytes' Anti-Malware 1.41
Database version: 3082
Windows 5.1.2600 Service Pack 3

02/11/2009 11:54:28
mbam-log-2009-11-02 (11-54-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 314767
Time elapsed: 1 hour(s), 29 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.

[greens85]

anyone? Im quite concerned by this... I would do a reformat but I have web development software on the machine, that I no longer have the discs for!

[tetonbob]

Hello -

This section of the forum is very busy, and it can sometimes take several days to receive a reply.You've not posted the required logs, which also slows down any possible help.

To answer your question, it's always a good idea to get to a known clean computer and change any and all passwords once a machine has been infected.

Some information on one of the items MBAM has removed, which indeed is identified in some variations as a password stealer. wsnpoem is associated as a trojan downloader, what happens after it gets to the machine depends on what the malicious party is using it for.

http://vil.nai.com/vil/content/v_142936.htm

http://home.mcafee.com/VirusInfo/Vir...ey=141745#none


http://www.threatexpert.com/reports....snpoem&x=0&y=0

Some would say the only way to trust a machine after such an infection is to format. We clean many such machines, and leave the decision to the user.

===========================

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.