|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-09-2005, 01:15 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 6
OS: xp
|
Help : Dropper.agent.8.B
help! my AVG antivirus recently (hours ago) detected a trojan horse : dropper.agent.8.B, it has infected 2 cisvc.exe files; one is located at Windows\system32\dllcache\cisvc.exe, the other one is under Windows\system32\cisvc.exe. The infected files were moved and placed in AVG's vault. Shortly after the infections a small window popped out telling that windows is missing or some system files have been replaced, and windows may not run properly or something like that.
More importantly I have no idea what this dropper trojan horse can do or damage.  Does anyone know how heal or disinfect the infected files? what do i need to do? help me solve this problem..
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-09-2005, 03:00 AM
|
#2 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
This is a new Trojan that has corrupted both those files. Try to replace them with a clean copy. Click..start...run...type in sfc /scannow and see if windows will find this missing and corrupt file.
I also need the following logs as I want to see if this trojan has any other entrys... Download: StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread.. Download Silent runners.Vbs http://www.silentrunners.org/ 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post. Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT) Open hijackthis...click...config..misctools. Check the 2 box’s next to "Generate Startup List" and then click "Generate Startup List". Post that log in your next post.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-09-2005, 12:19 PM
|
#3 (permalink) | |
|
Registered User
Join Date: Aug 2005
Posts: 6
OS: xp
|
Thanks for the info. I was able to replace them with new ones. For the log files, i was able to get all except the log of Silentrunners; The script didn't do anything, i double clicked it but it didn't run. Its default program is xingmpeg, i couldn't find any program that runs VBS file. anyway, here are the following log files :
StartDrecker Quote:
|
|
|
|
|
|
08-09-2005, 12:20 PM
|
#4 (permalink) | |
|
Registered User
Join Date: Aug 2005
Posts: 6
OS: xp
|
Here's the result for :
HiJack This Quote:
|
|
|
|
|
|
08-09-2005, 12:27 PM
|
#5 (permalink) | |
|
Registered User
Join Date: Aug 2005
Posts: 6
OS: xp
|
i really don't know what program to open silentrunners; how do i open it... by the way, i also scanned my computer with kaspersky's MWAV offline scanner and online scanner. And both had the same result and were not successful in detecting the trojan horse Dropper.Agent.8.B. For online here's the result :
Quote:
Last edited by razorstab; 08-09-2005 at 12:36 PM. |
|
|
|
|
|
08-09-2005, 01:03 PM
|
#6 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 7
OS: WinXP
|
Hey guys,
I just had the same problem yesterday! AVG detected the trojan horse Dropper.Agent.8.B . sUBs helped me, and you can find the topic here on this forum. But, the files are still in vault, so I think they are still corrupted... The problem is that this trojan infected my WinXP install disk that I kept on my C:\, so I´m pretty sure that if I format the PC, this trojan will come back 
|
|
|
|
|
08-09-2005, 01:58 PM
|
#7 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Razor:
I've just confirm this is a false Postive from AVG. This file is NOT infected!! Update your virus definitions!
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder Last edited by MicroBell; 08-09-2005 at 05:53 PM. |
|
|
|
|
08-13-2005, 11:53 PM
|
#8 (permalink) | |
|
Registered User
Join Date: Aug 2005
Posts: 6
OS: xp
|
Quote:
I updated my virus definitions then made a complete scan afterwards, and nothing was detected. Thanks for your help. case solved. 
|
|
|
|
|
| Thread Tools | |
|
|
