Removing Win32/Malagent Trojan - The Easiest Way

[BooperGrandson]

Well, I recently found out that I had the infamous Win32/Malagent Trojan on my PC when I ran a quick scan through Microsoft Security Essentials. As you know, if you just remove it while in your regular mode, it will just keep coming back. I found a way to easily remove it. Here's what I did. I rebooted the computer into Safe Mode with Networking. I made sure to log into the administrator account so I had all administrator permissions. I then ran a quick scan through Microsoft Security Essentials. It picked it up and I clicked remove. It was then gone, it didn't come back at all. Now I have a nice, clean and fast PC and the infamous threat was gone. Never knew it could be that easy. Hope I helped anyone suffering with this infection. Remember, if you discover this threat on your PC, take action immediately and remove it as it can seriously damage your computer throughout time and even mess with protected registry keys. Save your computer before it's too late!

 

[Jacee]

Well, it might not be that easy
http://www.threatexpert.com/report.aspx?md5=87ba7cdd87cf5f5bcd7616e41da21684

Trojan.Win32.Malagent.a is a very malicious item that's designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits, to record/steal your personal information.

Change all passwords, using a known "clean" computer.

Next, you will need to flush the DNS cache and restore MS's Hosts file by doing this...

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the flush.bat file to run it as Administrator (press enter key). Your computer will reboot itself.

Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Scan with Malwarebytes (free) Anti-Malware:

Download Malwarebytes' Anti-Malware to your desktop
Download Malwarebytes' Anti-Malware 1.51.2.1300 Free - Thoroughly detect and remove even the most advanced malware - Softpedia
* Right-click (to run as Administrator) mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[byrdieep]

I had both win32/Malagent and win32/keygen. MS Security Essentials couldn't remove either before doing the suggestions here. I ran the bat file, then the malawarebytes - which did not find either. But MS Security essentials still found the keygen, but by running it (after doing the bat file) in safe mode, it was able to remove the keygen. I've restarted and run both security programs and it seems all is well..... Should I breathe easily now?.