Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need help removing trojan.agent.cn


02 Jan 2013   #1
Gil

Windows 7 x64
 
 
Need help removing trojan.agent.cn

Help please.

I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe

How can I remove it completely?

My System SpecsSystem Spec
.

02 Jan 2013   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote:
Trojan.Agent.cn communicates with hackers and steals your confidential data.
Since the infection compromises personal data, it's recommended you change all your passwords at any sites you visit. Be sure to do this on a clean PC.

Run RKill to attempt to stop the malicious process & then run Malwarebytes again. Do not reboot after running RKill

RKill Download

Quote:
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
Listed here is a site for manual removal of the infection:

Remove Trojan.Agent.cn Easily - Manual Removal Guide towards Virus That Infects svchost.exe - Tee Support Blog

Since this this virus is also known for dropping adware/spware on systems, it's suggested you make a copy of Windows Defender Offline & run it.

You should make WDO on a clean PC to ensure the scanner is not compromised.

Windows Defender Offline

Another precaution, run TDSSKiller to be sure you don't have a rootkit (There has been a rise in rootkit infections).

Also consider running AdwCleaner to check for any unwanted toolbars, adware, etc.
My System SpecsSystem Spec
02 Jan 2013   #3
Gil

Windows 7 x64
 
 

Hi thanks for the help.
This is the log from rkill:

Code:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2013 01:40:49 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 01/03/2013 01:40:51 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
The link for manually removing is not helping since I have nothing close to what is shown in the guide.
My System SpecsSystem Spec
.


02 Jan 2013   #4

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Go ahead & run TDSSKiller & see if there are any rootkits present. Also run AdwCleaner. Run Malwarebytes again & see if the problem is still showing up.

Are you running an AV that has a built in Firewall? If so, it generally disables Windows Firewall. Some of them disable the security center to avoid conflicts.

If your AV does not have it's own firewall, then look at these & manually enable windows firewall & security center:

How to Repair Microsoft Windows Security Center | Tech Tips - Salon.com

Windows Firewall - Turn On or Off

See if you can make a copy of WDO & run it. As stated, this needs to be made on a clean PC

Also: http://support.microsoft.com/mats/wi...ty_diagnostic/

Another post you can look at to solve the problem, should it still be present

Security Center and Firewall Services are disabled on each boot
My System SpecsSystem Spec
Reply

 Need help removing trojan.agent.cn




Thread Tools



Similar help and support threads for2: Need help removing trojan.agent.cn
Thread Forum
Solved Trojan.Agent/Gen-Faldesc System Security
Solved Trojan.Agent/Gen-FakeAlert System Security
Solved Can't delete reg trojan.agent (Malwarebytes) System Security
Trojan.Sirefef virus, problems removing it System Security
Removing Win32/Malagent Trojan - The Easiest Way System Security
Trojan.Agent System Security
Help with removing new Trojan System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:20 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33