Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: baileyjm1 on January 15, 2007, 04:25:29 AM

Title: Win32:Agent-AJN [Trj]
Post by: baileyjm1 on January 15, 2007, 04:25:29 AM

I downloaded some bad software and my CPU crashed before Avast! found the virus.  I was able to recover the OS, and Avast! immediately found this:

Sign of "Win32:Agent-AJN [Trj]" has been found in "C:\WINDOWS\system32\Agent.dll" file.

So I deleted it, then Avast! found this: 

Sign of "Win32:Agent-AJN [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1123561945-776561741-725345543-1004\Dc18.dll" file.

Then, I emptied the recyle bin and received this error messge!

Sign of "Win32:Agent-AJN [Trj]" has been found in "C:\System Volume Information\_restore{F07181F7-2E92-4824-A850-63DF9E861551}\RP215\A0081282.dll" file.

I have routinely scanned the harddrive and have not been able to locate and other warnings, but I still don't feel safe.  Should I reformat my hardrive or am I being too worried?

Title: Re: Win32:Agent-AJN [Trj]
Post by: mauserme on January 15, 2007, 05:26:02 AM

No, don't reformat.

Open the avast! interface and schedule a boot scan.  Turn off system restore, and reboot.  This will remove the trojan from the restore point and scan your computer before windows loads.  This scan may take a while depending on the size of your hard drive.

If anything is found its better to quarantine rather than delete.  Assuming you come up clean you can turn system restore on again when the computer finishes booting.  Let us know how this goes.

Oh, and welcome to the forum.

Title: Re: Win32:Agent-AJN [Trj]
Post by: DavidR on January 15, 2007, 02:51:42 PM

Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can't delete or move files in use. So schedule boot-time scan in avast's menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn't in use and avast should be able to deal with it.

As part of this protection, files deleted from the system folders are often copied to the C:\System Volume Information\ folder as restore points by windows system restore.

Whilst it doesn't seem to be an issue here, but deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.