VIRUS

Discussion in 'Computers & Website Forum' started by LauraB, May 25, 2004.

  1. LauraB

    LauraB
    Expand Collapse
    New Member

    Joined:
    Oct 1, 2002
    Messages:
    473
    Likes Received:
    0
    Hi, I was wondering if anyone can help me. I was on a website today and all these windows started popping up, and that is not the normal since I have the Avant Browser that has a great pop up blocker. In any event after I got everything closed down my AGV anti virus came up saying that I contracted a virus. So I ran a complete test and it came up with [ Trojan Horse PSW.AGENT.H ] and says it can not be removed.

    Any advice on how to remove it?
    I run on Windows XP
     
  2. dianetavegia

    dianetavegia
    Expand Collapse
    Guest

    Yep.

    Go to this site, run their FREE virus scan. When the Trojan shows up, delete it right there. I've had to do that when our 27 year old son picked up a virus while chatting on Yahoo.


    http://housecall.trendmicro.com/

    Try deleting it first. Here's a link to some more specific details on it.

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.X

    Just search for sysupd.exe and then note the location.

    logon in MS-DOS mode and then delete that file sysupd.exe then, go there to the TEMP Folder, the location your said NAV pointed to above, and delete the _UPDATE file as well as clear all the files in that directory then after you logon in normal mode, check again with NAV

    However, it's probably going to be gone once you use the free scan from Trend / Housecall antivirus.

    Diane
     
  3. LauraB

    LauraB
    Expand Collapse
    New Member

    Joined:
    Oct 1, 2002
    Messages:
    473
    Likes Received:
    0
    Thanks for the tips Diane.
    I ran the House Call scan and it showed no virus. I ran the AVG again and still showed the virus. I located where it was but it will not let me delete it nor block it. It must have attached itself to something.

    :eek:

    Laura
     
  4. SpiritualMadMan

    SpiritualMadMan
    Expand Collapse
    New Member

    Joined:
    Nov 10, 2003
    Messages:
    2,734
    Likes Received:
    0
    WinXP can be a *real* bear to work with once stuff gets into the registry...

    What I am about to tell you is 'dangerous' because it requires you to modify your registry...

    And, messing with your registry can render your PC inoperative until technical help works on it.

    But, if you *only* search for the specific file noted as the trojan source file. You *should* be alright.

    Here's the problem...

    In Windows, especially WinXP, once something is in the registry and loaded it is marked as being in use... That's why you can't delete it. It's in the registry as 'in-use' and Windows thinks it has to have it...

    One reason the scan from Trend Micro didn't work was you proibably do not have full administrative rights to the registry... Therefore you, and, by default, any program you run can't make changes to the registry leaving you stuck with an entry that prevents you from healing your computer.

    The *Safest* way to proceed is to re-run the on-line scans with full Administrative Rights enabled on your PC.

    That *should* enable the on-line scan to remove both the registry entry and the source file(s).


    If that doesn't work... (The version of trojan you have may be a new mutation)

    Go to Karenware.com and download RegRipper and the VB6 Runtime... You may also like Cookie Viewer and Registry Pruner...

    These are FREE for home use...

    Once both VB6 Runtime and RegRipper is installed run Reg Ripper and do a search (with all check boxes enabled) for the Trojan File...

    At the bottom of the screen there is a checkbox that says 'delete after saving' You want that checked because you are trying to remove the entries.

    Follow the instructions and save (using a useful filename) the removed registry entires then allow then to be deleted.

    (Saving the removed entries allows you to double-click on the .REG file to re-install them if you accidently break your system...)

    After which you should be able to manually delete the affected files.

    Note: you can also edit the resulting .REG file using any text editor. This is useful if you accidently include something in the deletion you shouldn't have [​IMG]

    Again, **WARNING** it is possible when 'playing' in the registry to make WinXP not boot requiring a trip to the Tech Center. Or, you re-installing Windows yourself.

    BUT... If you have one of those blasted 'Restore' disks you could lose (and probably will) everything you personally have added to your system...

    That's why I won't buy a system without a standalone Windows install disk. Windows is pretty good about picking up after itself when allowed to do so on it's own...

    But, a 'Restore' disk is just a Disk Image and overwrites **EVERYTHING** on the hard disk...
     
  5. LauraB

    LauraB
    Expand Collapse
    New Member

    Joined:
    Oct 1, 2002
    Messages:
    473
    Likes Received:
    0
    SpiritualMadMan,

    Thank you for the information. I finally was able to get on the internat today to check this thread. Everytime in the last 2 days I tried to get online my screen would just freeze.

    I am not a computer wiz or even literate when it comes to what you are talking about.

    Is there anyway you can give me a detailed step by step for me to do the first part?

    You are right, when I try to delete it, it tells me can not delete because it is in use by another program.
    How do I go about getting Full Administration rights?

    Please forgive me if I seem ignorant to this, I really am. :rolleyes:

    Here is my e-mail address or you can just PM me here or post, but sometimes I can get to my e-mail but not anywhere else. I will PM you my address.

    Thank you for your help.

    Laura
     

Share This Page

Loading...