Author Topic: Win32:Agent-OLD [Trj] (Read 22590 times)

oldman · « **Reply #45 on:** January 13, 2008, 11:15:20 PM »

All right, the autorun may be part of the restore feature in this case.

Suggestion is to restore it. Then watch for any adverse effects.

Raybo · « **Reply #46 on:** January 14, 2008, 12:16:06 AM »

Thanks a lot for following up on this oldman. I actually restored the autorun file yesterday because I was just too anxious thinking I might have disabled recovery. So far Avast, Onescan, AVG, Spybot, and AVG Rootkit have NOT found an infection. I still sometimes get "System has recovered from a serious error" messages but I'm hopeful that is not malware-related. And I think the messages from AVG about changes to system files are OK. A couple of sites indicated the message just means the system files were updated at some time since they were originally installed, not necessarily since the last scan.

Re the "serious error" message I did check out your reference but I didn't find files of the type the article discussed (.sys files with hidden attributes, odd names, and no product, version, or company info).

I will keep you posted. Thanks again!

oldman · « **Reply #47 on:** January 14, 2008, 12:26:15 AM »

Quote from: Raybo on January 14, 2008, 12:16:06 AM

I still sometimes get "System has recovered from a serious error" messages but I'm hopeful that is not malware-related.

After or before you restore the file?

Will keep watching this thread.

Raybo · « **Reply #48 on:** January 14, 2008, 12:42:38 AM »

I restored the autorun file yesterday and this afternoon I got the "recovered from a serious error" message. In between I had done a bootscan on all my drives and it was clean. I rebooted and got the "serious error" message again but I noticed Windows Defender was acting flaky, showing me a message but then not responding when I clicked on it. I also noticed in Event Viewer that Windows Defender complained about my Sysinternals version of Process Explorer shortly before the serious error, saying it did not recognize the process. I configured WD to ignore processes it did not recognize and rebooted with no error message ensuing. So I'm still experimenting but hopeful.

Thanks for keeping an eye out for me.

oldman · « **Reply #49 on:** January 14, 2008, 12:51:32 AM »

Okay, keep plugging away at it. Like I said, the syntax in the autorun is new to me. If you keep getting the error, you could try to rename the autorun to autorun.inff, just to see if the errors cease. You could also check the manufacturer's web site for a forum and find out if the autorun is valid.

Raybo · « **Reply #50 on:** January 18, 2008, 12:00:44 AM »

For the past several days I have been free of infections and no "System has recovered from a serious error" messages have recurred.

Do you think I should uninstall combofix now and call it resolved?

oldman · « **Reply #51 on:** January 18, 2008, 09:52:02 AM »

Yes, it time for it to go. If combo fix was the only tool you downloaded and it was saved to the desktop you can do this:

click satrt button, click run, copy and paste this into the box and click ok

combofix /u

Raybo · « **Reply #52 on:** January 24, 2008, 03:41:35 AM »

Thanks very much oldman, tech, and Polonus. Combofix is uninstalled and everything seems to be working fine now. I appreciate all your help.
Raybo

Author Topic: Win32:Agent-OLD [Trj] (Read 22590 times)

oldman

Re: Win32:Agent-OLD [Trj]

Raybo

Re: Win32:Agent-OLD [Trj]

oldman

Re: Win32:Agent-OLD [Trj]

Raybo

Re: Win32:Agent-OLD [Trj]

oldman

Re: Win32:Agent-OLD [Trj]

Raybo

Re: Win32:Agent-OLD [Trj]

oldman

Re: Win32:Agent-OLD [Trj]

Raybo

Re: Win32:Agent-OLD [Trj]