Need help removing trojan.agent.cn


  1. Gil
    Posts : 109
    Windows 7 x64
       #1

    Need help removing trojan.agent.cn


    Help please.

    I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe

    How can I remove it completely?
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    Trojan.Agent.cn communicates with hackers and steals your confidential data.
    Since the infection compromises personal data, it's recommended you change all your passwords at any sites you visit. Be sure to do this on a clean PC.

    Run RKill to attempt to stop the malicious process & then run Malwarebytes again. Do not reboot after running RKill

    RKill Download

    RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

    As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
    Listed here is a site for manual removal of the infection:

    Remove Trojan.Agent.cn Easily - Manual Removal Guide towards Virus That Infects svchost.exe - Tee Support Blog

    Since this this virus is also known for dropping adware/spware on systems, it's suggested you make a copy of Windows Defender Offline & run it.

    You should make WDO on a clean PC to ensure the scanner is not compromised.

    Windows Defender Offline

    Another precaution, run TDSSKiller to be sure you don't have a rootkit (There has been a rise in rootkit infections).

    Also consider running AdwCleaner to check for any unwanted toolbars, adware, etc.
      My Computer


  3. Gil
    Posts : 109
    Windows 7 x64
    Thread Starter
       #3

    Hi thanks for the help.
    This is the log from rkill:

    Code:
    Rkill 2.4.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html
    
    Program started at: 01/03/2013 01:40:49 AM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1
    
    Checking for Windows services to stop:
    
     * No malware services found to stop.
    
    Checking for processes to terminate:
    
     * No malware processes found to kill.
    
    Checking Registry for malware related settings:
    
     * No issues found in the Registry.
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
      * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
    
      * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
    
    
    Performing miscellaneous checks:
    
     * No issues found.
    
    Checking Windows Service Integrity: 
    
     * Windows Firewall (MpsSvc) is not Running.
       Startup Type set to: Disabled
    
     * Security Center (wscsvc) is not Running.
       Startup Type set to: Disabled
    
     * Windows Firewall Authorization Driver (mpsdrv) is not Running.
       Startup Type set to: Manual
    
    Searching for Missing Digital Signatures: 
    
     * No issues found.
    
    Checking HOSTS File: 
    
     * HOSTS file entries found: 
    
      127.0.0.1       localhost
    
    Program finished at: 01/03/2013 01:40:51 AM
    Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
    The link for manually removing is not helping since I have nothing close to what is shown in the guide.
      My Computer


  4. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #4

    Go ahead & run TDSSKiller & see if there are any rootkits present. Also run AdwCleaner. Run Malwarebytes again & see if the problem is still showing up.

    Are you running an AV that has a built in Firewall? If so, it generally disables Windows Firewall. Some of them disable the security center to avoid conflicts.

    If your AV does not have it's own firewall, then look at these & manually enable windows firewall & security center:

    How to Repair Microsoft Windows Security Center | Tech Tips - Salon.com

    Windows Firewall - Turn On or Off

    See if you can make a copy of WDO & run it. As stated, this needs to be made on a clean PC

    Also: http://support.microsoft.com/mats/wi...ty_diagnostic/

    Another post you can look at to solve the problem, should it still be present

    Security Center and Firewall Services are disabled on each boot
    Last edited by Borg 386; 03 Jan 2013 at 10:51.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:36.
Find Us