Need help removing trojan.agent.cn

G

Gil

Sleep Guru
Member
VIP
Local time
9:41 PM
Messages
109
Location
Sydney
Help please.

I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe

How can I remove it completely?
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 x64
CPU
Core i7 3770K @ 4.5Ghz
Motherboard
Asus P8Z77-V-Deluxe
Memory
4x4 Corsair Vengence 1600
Graphics Card(s)
Sepphire HD 6970
Hard Drives
Intel 520 SSD 240GB
PSU
Thermaltake 750W
Case
Antec P2
Cooling
Corsair H100i
Keyboard
Razer blackwidow 2012
Mouse
Roccat Kone XTD
Antivirus
Bitdefender
Browser
Chrome
Trojan.Agent.cn communicates with hackers and steals your confidential data.
Click to expand...
Since the infection compromises personal data, it's recommended you change all your passwords at any sites you visit. Be sure to do this on a clean PC.

Run RKill to attempt to stop the malicious process & then run Malwarebytes again. Do not reboot after running RKill

RKill Download

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
Click to expand...
Listed here is a site for manual removal of the infection:

Remove Trojan.Agent.cn Easily - Manual Removal Guide towards Virus That Infects svchost.exe - Tee Support Blog

Since this this virus is also known for dropping adware/spware on systems, it's suggested you make a copy of Windows Defender Offline & run it.

You should make WDO on a clean PC to ensure the scanner is not compromised.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html?filter

Another precaution, run TDSSKiller to be sure you don't have a rootkit (There has been a rise in rootkit infections).

Also consider running AdwCleaner to check for any unwanted toolbars, adware, etc.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Hi thanks for the help.
This is the log from rkill:

Code: 
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2013 01:40:49 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 01/03/2013 01:40:51 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

The link for manually removing is not helping since I have nothing close to what is shown in the guide.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 x64
CPU
Core i7 3770K @ 4.5Ghz
Motherboard
Asus P8Z77-V-Deluxe
Memory
4x4 Corsair Vengence 1600
Graphics Card(s)
Sepphire HD 6970
Hard Drives
Intel 520 SSD 240GB
PSU
Thermaltake 750W
Case
Antec P2
Cooling
Corsair H100i
Keyboard
Razer blackwidow 2012
Mouse
Roccat Kone XTD
Antivirus
Bitdefender
Browser
Chrome
Go ahead & run TDSSKiller & see if there are any rootkits present. Also run AdwCleaner. Run Malwarebytes again & see if the problem is still showing up.

Are you running an AV that has a built in Firewall? If so, it generally disables Windows Firewall. Some of them disable the security center to avoid conflicts.

If your AV does not have it's own firewall, then look at these & manually enable windows firewall & security center:

How to Repair Microsoft Windows Security Center | Tech Tips - Salon.com

http://www.sevenforums.com/tutorials/522-windows-firewall-turn-off.html

See if you can make a copy of WDO & run it. As stated, this needs to be made on a clean PC

Also: http://support.microsoft.com/mats/windows_security_diagnostic/

Another post you can look at to solve the problem, should it still be present

http://www.sevenforums.com/system-s...ter-firewall-services-disabled-each-boot.html
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
You must log in or register to reply here.

Similar threads

Solved Removing account with a forgotten password
Replies
6
Views
4K
Jana1979
J
How can I completely remove and uninstall all components of Chinese?
Replies
1
Views
525
disu1950
disu1950
need help installing windows 7 on dell latitiude 3190 laptop
Replies
2
Views
1K
Toxicspree
T
Real time anti-virus that works on r3dfox?
Replies
1
Views
1K
michael diemer
M
Solved Received BSOD on 04/19/26 after istalling manual windows update
Replies
9
Views
4K
torchwood
torchwood
Back
Top