New
#1
Need help removing trojan.agent.cn
Help please.
I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe
How can I remove it completely?
Help please.
I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe
How can I remove it completely?
Since the infection compromises personal data, it's recommended you change all your passwords at any sites you visit. Be sure to do this on a clean PC.Trojan.Agent.cn communicates with hackers and steals your confidential data.
Run RKill to attempt to stop the malicious process & then run Malwarebytes again. Do not reboot after running RKill
RKill Download
Listed here is a site for manual removal of the infection:RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
Remove Trojan.Agent.cn Easily - Manual Removal Guide towards Virus That Infects svchost.exe - Tee Support Blog
Since this this virus is also known for dropping adware/spware on systems, it's suggested you make a copy of Windows Defender Offline & run it.
You should make WDO on a clean PC to ensure the scanner is not compromised.
Windows Defender Offline
Another precaution, run TDSSKiller to be sure you don't have a rootkit (There has been a rise in rootkit infections).
Also consider running AdwCleaner to check for any unwanted toolbars, adware, etc.
Hi thanks for the help.
This is the log from rkill:
The link for manually removing is not helping since I have nothing close to what is shown in the guide.Code:Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/03/2013 01:40:49 AM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*! * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*! Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * Windows Firewall (MpsSvc) is not Running. Startup Type set to: Disabled * Security Center (wscsvc) is not Running. Startup Type set to: Disabled * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 01/03/2013 01:40:51 AM Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
Go ahead & run TDSSKiller & see if there are any rootkits present. Also run AdwCleaner. Run Malwarebytes again & see if the problem is still showing up.
Are you running an AV that has a built in Firewall? If so, it generally disables Windows Firewall. Some of them disable the security center to avoid conflicts.
If your AV does not have it's own firewall, then look at these & manually enable windows firewall & security center:
How to Repair Microsoft Windows Security Center | Tech Tips - Salon.com
Windows Firewall - Turn On or Off
See if you can make a copy of WDO & run it. As stated, this needs to be made on a clean PC
Also: http://support.microsoft.com/mats/wi...ty_diagnostic/
Another post you can look at to solve the problem, should it still be present
Security Center and Firewall Services are disabled on each boot
Last edited by Borg 386; 03 Jan 2013 at 10:51.