Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?

11 Nov 2015   #1
JanZborovjan

Windows 7 Home Premium x64
 
 
Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?

Hello,

the title says it all. Few days ago, Malwarebytes Anti-Malware scan encountered a Trojan.Agent.Trace.

So I booted to safe mode and removed it. Then I scanned again and 0 threats were detected, so I suppose the trojan has been removed.

I also checked the system with Malwarebytes Anti-Rootkit, 0 threats found. Panda antivirus scan also showed 0 threats so... the system looks and behaves clean.

But still a question lingers here. Some security experts on the internet say even after removing backdoor trojans there is vulnerability in the system left... so the best option is allegedly to reformat>reinstall.

What is your opinion guys ? Do I really NEED to reformat>reinstall ? I got automatic Windows Updates, constantly turned on Windows Firewall... and doing regular antivirus scans. Is there really any threat in NOT doing reformat>reinstall ?

Many Thanks !


My System SpecsSystem Spec
.
11 Nov 2015   #2
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

Quote:
Trojan.Agent.Trace
That's rather "TLI" (too little information).

It is exactly that: a "trace" (aka leftover or remnant) from some sort of trojan.

Without scan logs and more data from the system, it's impossible to say for sure what the original trojan was, or whether is was a "backdoor" critter, or whether you are completely clean.

Reinstalling Windows would seem be a bit over-the-top, under the circumstances, without more information.

If you're not sure, then you would probably need to run additional, deeper scans -- preferably under the guidance of a trained malware expert -- either here, or at a dedicated, reputable computer disinfection forum. It helps to have a bit of expert guidance, in order to run the correct tools in the proper order.

>>>Also, for the record, MBAM should be run under NORMAL Windows mode, in order to work properly and completely. Running it under Safe Mode is a workaround only for extreme cases where it will not work under Normal mode.

Hope this helps a bit,

MM
My System SpecsSystem Spec
11 Nov 2015   #3
JanZborovjan

Windows 7 Home Premium x64
 
 

Thanks Moxie for the reply.

First I ran MBAM under NORMAL Windows mode, but when the scan reached certain folder, MBAM just stopped responding. Very weird behaviour, so I was suspecting either HW failure or a virus. Rebooting to SAFE mode gave me answer.

Here is a scanlog, hope it helps.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8. 11. 2015
Scan Time: 22:14
Logfile: 
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.08.05
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: eraser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382751
Time Elapsed: 9 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent.Trace, C:\Users\eraser\AppData\Roaming\apachesrvin.vbs, Quarantined, [61349ae14249f640f8fb2087857e8c74], 
Trojan.Agent.Trace, C:\Users\eraser\AppData\Roaming\die.bat, Quarantined, [41540c6f503b1521b67be3c5669db848], 

Physical Sectors: 0
(No malicious items detected)


(end)
My System SpecsSystem Spec
.

13 Nov 2015   #4
Laith

Windows 10 Professional x64
 
 

There's no need for re-installing or anything. Just scan your system daily and you are good to go. Also don't worry, because Malwarebytes has quarantined it.
My System SpecsSystem Spec
16 Nov 2015   #5
JanZborovjan

Windows 7 Home Premium x64
 
 

Thank you. I had to reinstall anyway (because of AMD drivers messed my system), but appreciate your answer anyway !
My System SpecsSystem Spec
16 Nov 2015   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I would recommend changing all passwords for everything. They could of been stolen.
I would also recommend contacting all your banking and credit card institution to inform them your accounts might of been compromised. Then follow their instruction.

Trojan.Agent.Trace.
This is a piece of malware that has worm, downloader, backdoor, keylogger and spy ability. It may arrive on a system after being exploited by a copy of the worm, residing on an infected machine in the network. After execution, the malware will inject a piece of code in kernel mode (by gaining access to \Device\PhysicalMemory). It will make a copy of itself inside c:\windows\fonts\unwise_.exe (hidden), execute it and continue execution there. The original file it will then be deleted. The worm will register itself as a service under the name: Windows Hosts Controller, and setting the information to "Enables Windows Host Controller Service. This service cannot be stopped." discouraging users from deleting it.
- The worm has the ability to spread via:
o USB drives; when it detects a new drive, it will make a fresh copy of itself, on the USB drive in the following directory:
Recycler\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\file-name.exe. It will also create an autorun.inf file that will point to the new cop
My System SpecsSystem Spec
Reply

 Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trojan.Agent/Gen-Faldesc
Hello there guys, In a few words, I just try to find if this kind of malware/virus is it still in a PC. The SUPERAntiSpyware has found an .exe/.pf file and successfully removed ,but I was wonder if this thread can be somwhere in background running also in different kind of file extensions (not so...
System Security
Trojan.Agent/Gen-FakeAlert
Within the past few days my computer has been freezing which is something that has never happened before. The only solution to the issue was to reboot. Today I decided to do some virus scans. I used avast, then malwarebytes, then superantispyware. Only superantispyware turned up any results. Here's...
System Security
Need help removing trojan.agent.cn
Help please. I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe How can I remove it completely?
System Security
Can't delete reg trojan.agent (Malwarebytes)
Hello, I ran a full system scan with malwarebytes and found this: Registry Keys Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. malwarebytes then prompted me to restart my computer, so I did. I ran the scan after...
System Security
Not sure if I removed Trojan:JS/Redirector.HQ
In an exces of stupidity,I've clicked a link that I received via mail. MSE found out about the trojan and I've applied the suggested action(remove). There's just one problem...MSE gave an error,not very sure what it was,and it gave 3 options,one of them being "get help",or something like that,and...
System Security
Trojan.Agent
Hi Everyone - Cannot belive this! Just did a MBam quick scan and found a new item. Can anyone identify it? I removed both items and the computer needed to reboot and now I am unsure how to retrieve the log for your review. Thanks, Sally
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App