« previous next »
Pages: 1 [2]   Go Down

Author Topic: Agent-DZ  (Read 6317 times)

0 Members and 1 Guest are viewing this topic.

jskytx

  • Guest
Re: Agent-DZ
« Reply #15 on: June 20, 2011, 08:08:35 PM »
It appears that the problem is now gone!  Thanks so much for your help.  Now that it is fixed can you tell me what the problem was? 

Here is the log from the fix:

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{013F3497-11DC-4DCF-B18F-E0948D14CBB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{013F3497-11DC-4DCF-B18F-E0948D14CBB0}\ deleted successfully.
C:\Windows\System32\audiodev32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E0A8207-782A-8A4B-D64C-8BDDE63B9D4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E0A8207-782A-8A4B-D64C-8BDDE63B9D4A}\ deleted successfully.
C:\ProgramData\audiodev32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\audiodev32.dll deleted successfully.
File C:\ProgramData\audiodev32.dll not found.
[Files/Folders - Created Within 30 Days]
C:\ProgramData\HotStartUserAgent32.exe moved successfully.
File C:\ProgramData\audiodev32.dll not found!
File C:\Windows\System32\audiodev32.dll not found!
[Files/Folders - Modified Within 30 Days]
File C:\ProgramData\audiodev32.dll not found!
C:\Windows\System32\1516886069 moved successfully.
File C:\Windows\System32\audiodev32.dll not found!
File C:\ProgramData\HotStartUserAgent32.exe not found!
[Files - No Company Name]
File C:\Windows\System32\1516886069 not found!
[Empty Temp Folders]
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 55193 bytes
->Temporary Internet Files folder emptied: 3659106 bytes
->Java cache emptied: 587813 bytes
->Flash cache emptied: 456 bytes
 
User: Home
->Temp folder emptied: 33109751 bytes
->Temporary Internet Files folder emptied: 216299662 bytes
->Java cache emptied: 170701594 bytes
->Flash cache emptied: 1227018 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137261514 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33172 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 709740608 bytes
 
Total Files Cleaned = 1,214.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guest
->Flash cache emptied: 0 bytes
 
User: Home
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 06202011_125145

Files\Folders moved on Reboot...
C:\Users\Home\AppData\Local\Temp\Low\~DFBDDF.tmp moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOE94RC0\main[1].js moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MIIISERS\print[1].css moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2AP18ELD\indexCAN2VR24.htm moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...



Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Agent-DZ
« Reply #16 on: June 20, 2011, 11:23:48 PM »
It goes by various names trjan krypt gen/tracur  is the more common  http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fTracur.A

Let it run for a day or so and if no further problems appear I will remove my tools

Could you go to the following file and add to the virus chest and then upload to the virus lab please

C:\_OTS\moved files\C:\Windows\System32\audiodev32.dll .
Logged

jskytx

  • Guest
Re: Agent-DZ
« Reply #17 on: June 27, 2011, 07:52:27 PM »
Thanks for the help essexboy.  It seems that whatever fix you gave me worked and I haven't had any problems since!  I uploaded the file you mentioned to the virus lab last week. 
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Agent-DZ
« Reply #18 on: June 27, 2011, 08:51:06 PM »
Thankee - now to remove my rubbish  ;D

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
 
Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:
Logged
Pages: 1 [2]   Go Up
« previous next »