Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?


  1. JanZborovjan
    Posts : 5
    Windows 7 Home Premium x64
       New #1

    Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?


    Hello,

    the title says it all. Few days ago, Malwarebytes Anti-Malware scan encountered a Trojan.Agent.Trace.

    So I booted to safe mode and removed it. Then I scanned again and 0 threats were detected, so I suppose the trojan has been removed.

    I also checked the system with Malwarebytes Anti-Rootkit, 0 threats found. Panda antivirus scan also showed 0 threats so... the system looks and behaves clean.

    But still a question lingers here. Some security experts on the internet say even after removing backdoor trojans there is vulnerability in the system left... so the best option is allegedly to reformat>reinstall.

    What is your opinion guys ? Do I really NEED to reformat>reinstall ? I got automatic Windows Updates, constantly turned on Windows Firewall... and doing regular antivirus scans. Is there really any threat in NOT doing reformat>reinstall ?

    Many Thanks !
      My Computer
    Quote Quote

  3. MoxieMomma
    Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       New #2

    Hi:

    Trojan.Agent.Trace
    That's rather "TLI" (too little information).

    It is exactly that: a "trace" (aka leftover or remnant) from some sort of trojan.

    Without scan logs and more data from the system, it's impossible to say for sure what the original trojan was, or whether is was a "backdoor" critter, or whether you are completely clean.

    Reinstalling Windows would seem be a bit over-the-top, under the circumstances, without more information.

    If you're not sure, then you would probably need to run additional, deeper scans -- preferably under the guidance of a trained malware expert -- either here, or at a dedicated, reputable computer disinfection forum. It helps to have a bit of expert guidance, in order to run the correct tools in the proper order.

    >>>Also, for the record, MBAM should be run under NORMAL Windows mode, in order to work properly and completely. Running it under Safe Mode is a workaround only for extreme cases where it will not work under Normal mode.

    Hope this helps a bit,

    MM
      My Computer
    Quote Quote

  4. JanZborovjan
    Posts : 5
    Windows 7 Home Premium x64
    Thread Starter
       New #3

    Thanks Moxie for the reply.

    First I ran MBAM under NORMAL Windows mode, but when the scan reached certain folder, MBAM just stopped responding. Very weird behaviour, so I was suspecting either HW failure or a virus. Rebooting to SAFE mode gave me answer.

    Here is a scanlog, hope it helps.

    Code:
    Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8. 11. 2015
Scan Time: 22:14
Logfile: 
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.08.05
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: eraser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382751
Time Elapsed: 9 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent.Trace, C:\Users\eraser\AppData\Roaming\apachesrvin.vbs, Quarantined, [61349ae14249f640f8fb2087857e8c74], 
Trojan.Agent.Trace, C:\Users\eraser\AppData\Roaming\die.bat, Quarantined, [41540c6f503b1521b67be3c5669db848], 

Physical Sectors: 0
(No malicious items detected)


(end)
      My Computer
    Quote Quote

  6. Laith
    Posts : 2,781
    Windows 10 Pro x64
       New #4

    There's no need for re-installing or anything. Just scan your system daily and you are good to go. Also don't worry, because Malwarebytes has quarantined it.
      My Computer
    Quote Quote

  7. JanZborovjan
    Posts : 5
    Windows 7 Home Premium x64
    Thread Starter
       New #5

    Thank you. I had to reinstall anyway (because of AMD drivers messed my system), but appreciate your answer anyway !
      My Computer
    Quote Quote

  8. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #6

    I would recommend changing all passwords for everything. They could of been stolen.
    I would also recommend contacting all your banking and credit card institution to inform them your accounts might of been compromised. Then follow their instruction.

    Trojan.Agent.Trace.
    This is a piece of malware that has worm, downloader, backdoor, keylogger and spy ability. It may arrive on a system after being exploited by a copy of the worm, residing on an infected machine in the network. After execution, the malware will inject a piece of code in kernel mode (by gaining access to \Device\PhysicalMemory). It will make a copy of itself inside c:\windows\fonts\unwise_.exe (hidden), execute it and continue execution there. The original file it will then be deleted. The worm will register itself as a service under the name: Windows Hosts Controller, and setting the information to "Enables Windows Host Controller Service. This service cannot be stopped." discouraging users from deleting it.
    - The worm has the ability to spread via:
    o USB drives; when it detects a new drive, it will make a fresh copy of itself, on the USB drive in the following directory:
    Recycler\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\file-name.exe. It will also create an autorun.inf file that will point to the new cop
      My Computer
    Quote Quote

 

  Related Discussions
Trojan.Agent/Gen-Faldesc
in System Security

Hello there guys, In a few words, I just try to find if this kind of malware/virus is it still in a PC. The SUPERAntiSpyware has found an .exe/.pf file and successfully removed ,but I was wonder if this thread can be somwhere in background running also in different kind of file extensions (not so...
Trojan.Agent/Gen-FakeAlert
in System Security

Within the past few days my computer has been freezing which is something that has never happened before. The only solution to the issue was to reboot. Today I decided to do some virus scans. I used avast, then malwarebytes, then superantispyware. Only superantispyware turned up any results. Here's...
Help please. I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe How can I remove it completely?
Hello, I ran a full system scan with malwarebytes and found this: Registry Keys Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. malwarebytes then prompted me to restart my computer, so I did. I ran the scan after...
Trojan.Agent
in System Security

Hi Everyone - Cannot belive this! Just did a MBam quick scan and found a new item. Can anyone identify it? I removed both items and the computer needed to reboot and now I am unsure how to retrieve the log for your review. Thanks, Sally
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:43.
Find Us