Author Topic: Win32:Agent-VM trojan  (Read 2487 times)

0 Members and 1 Guest are viewing this topic.

jbujons

  • Guest
Win32:Agent-VM trojan
« on: December 29, 2007, 11:18:19 AM »
Hi,

I installed Avast!_Home a few days ago and removed some files detected as infected. Previous to that I had Norton 360, but I uninstalled it since it was quite buggy and gave a few problems. Since then, I am getting periodical messages of Win32:Agent-VM trojan signs detected by Avast:

25/12/2007 1:47:27   SYSTEM   976   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\77ex\[UPX]" file. 
25/12/2007 2:18:45   SYSTEM   976   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\86ex\[UPX]" file. 
25/12/2007 2:33:02   SYSTEM   976   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\76ex\[UPX]" file. 
26/12/2007 9:02:46   PAPAS   1312   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\94ex\[UPX]" file. 
26/12/2007 10:16:00   PAPAS   1332   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\14ex\[UPX]" file. 
26/12/2007 10:31:01   PAPAS   1332   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\65ex\[UPX]" file. 
26/12/2007 18:32:42   PAPAS   1332   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\19ex\[UPX]" file. 
27/12/2007 7:45:50   PAPAS   1328   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\55ex\[UPX]" file. 
27/12/2007 9:30:53   PAPAS   1328   Sign of "Win32:Agent-VM [trj]" has been found in "C:\DOCUME~1\PAPAS\CONFIG~1\Temp\80ex\[UPX]" file. 

I always ask Avast to remove the file since apparently they are temporary files. However I would like to know if Avast can definitively remove this trojan and what would be the right way to do it. I guess that there might be some file infected hidden somewhere or registry entry that activates with every reboot. Or it could also be a false detection, since I don't see any particular signs of malfunction of the computer?

Any comments/suggestions to remove or solve this incovenience will be appreciated.

Jordi


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Win32:Agent-VM trojan
« Reply #1 on: December 29, 2007, 11:54:45 AM »
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster (for XP/Vista). For XP: Panda (for XP).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Win32:Agent-VM trojan
« Reply #2 on: December 29, 2007, 12:00:02 PM »
Oh, I've forgot. It will be good if you really get clean of Norton.
http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
The best things in life are free.