Trojan.Agent

[FCUSA]

Hi Everyone -

Cannot belive this! Just did a MBam quick scan and found a new item. Can anyone identify it?

I removed both items and the computer needed to reboot and now I am unsure how to retrieve the log for your review.

Thanks,
Sally

 

[Golden]

Hi FCUSA,

Please go to these locations and get the latest log files, and upload them here.

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Regards,
Golden

 

[FCUSA]

Golden -

Thanks for that direction - I was looking at the file, but couldn't find it to upload

 

[Golden]

Hi,

OK. I've had a quick look. The second item PUM.HIJACK.STARTMENU could be either:

1. A consequence of the first item (the Trojan), or
2. A form of false positive (I say false positive because if you made changes to your Start menu, then MBAM sees this as a potential security issue).

At any rate, MBAM has cleaned up both items succesfully, so you don't have anything to worry about. For your own peace of mind, please use this site to perform an on-line scan of your PC Free ESET Online Antivirus Scanner

Do you use the paid version of MBAM? If so, have you got the protection module activated?

Regards,
Golden

 

[Hopalong X]

It won't hurt to run Mbam again just to make sure all is deleted. I would if it were mine. I'm paranoid though! LOL

From the log it appears it should be clean. Post new log if you run it again and want an extra set of eyes to take a look.

Goldens advice to use the ESET is a good idea also.

Mike

 

[FCUSA]

Hello Golden -

I am currently not using the paid version - in fact until last week I did not even know what MBam was! Sadly my Vista was infected with backdoor.cycbot (I probably do not have that correct) - but very bad. The fine folks over at Vista have helped me nonstop with that; and so my business would not suffer, I purchased this alternate system. We did the first scan and came with the false positive, but when I came up with another problem just now - totally freaked.

Thank you so much for analyzing that and I will look into the on-line scan in the morning. Do you think it is necessary or preferred to do a full MBam scan?

Thank you so much for your quick assistance!

It won't hurt to run Mbam again just to make sure all is deleted. I would if it were mine. I'm paranoid though! LOL

From the log it appears it should be clean. Post new log if you run it again and want an extra set of eyes to take a look.

Goldens advice to use the ESET is a good idea also.

Mike

I guess you answered it before I wrote - I just love you wonderful here at both forums!!

I am paranoid - very paranoid (so you may be my new best friend!

Thanks to you both! I will rerun MBam and run the on-line scan in the AM!

 

[Golden]

Hi,

If you use this computer for your business, and you have already been infected a few times, I would most definately consider a paid version of MBAM. That way you can turn on the protection module so it works in the background to catch all the nasties, without having to rely on you remembering to perform scans.

After you run the ESET scan, do a Full Scan with MBAM too.

For your own information, here is some background information on backdoor.cycbot : as you can see its potentially extremly damaging :

http://www.precisesecurity.com/trojan/backdoor-cycbot/

What other security systems do you have installed on your PC? Would you like me to help you review them and your security in general?

Regards,
Golden

 

[FCUSA]

Good advice, Golden!

It certainly has performed spectacular.

PS These items are in Quarantine - should I delete them? or does it matter?

 

[Golden]

Hi,

Empty the quarantine folder by deleting them.

Then do another scan, and see if they re-appear.

Regards,
Golden

 

[FCUSA]

Empty the quarantine folder by deleting them.

Then do another scan, and see if they re-appear.

Regards,
Golden

I will do that - thank you.

For your own information, here is some background information on backdoor.cycbot : as you can see its potentially extremly damaging :

Backdoor.Cycbot - Virus Solution and Removal

What other security systems do you have installed on your PC? Would you like me to help you review them and your security in general?

I most definitely know. Just to clarify, that ocurred on the Vista and Jacee and many others assisted me with it and winding down - I hope to get a great report soon (fingers crossed)! So when this came up, well - no need to say more.

I plan on changing all the security software on both systems - but can only work with one at a time (just in the event trouble ensues with the removals, loading etc.) - I cannot afford to keep buying new machines each month! LOL

I will certainly look forward to your input on that subject!

Thank you again and I will run some of these now.

 

[Golden]

Hi,

Ah if Jacee is helping you then you have expert help. I imagine she has already recommended both anti-virus (such as MSE) and anti-malware (such as MBAM) to you, in addition to having your Firewall turned on, so I can't really add more to that.

Get those scans done, and then post back here with the results.

Regards,
Golden

 

[FCUSA]

Yes, that is exactly the road we are taking!

I just did a full MBam and all is well. Will do the other scans tomorrow.

Thank you again & best wishes for the New Year!!

 

[Golden]

No worries - happy to help

 

[Jacee]

First, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
***Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next, run a full MBam scan.

 

[Jacee]

Also, scroll down to Tony Klein's post for explanation PUM.Hijack.StartMenu Update MalwareBytes Issues (two) - Security | DSLReports Forums-

 

[FCUSA]

Golden -

Here is the log from last evening - I may be slow, but I try! BTW, your instructions getting to those logs were excellent, thanks!

Jacee -
I will get TFC done now - thank you so much!

 

[Golden]

No worries FCUSA.

I'll step back from this a bit now so that Jacee (who is far more experienced in this than me) can guide you through this cleanly, but I'd like to follow the thread if thats OK.

Jacee : thanks for posting the link to the PUM hit. I got this on a guaranteed clean XP system recently, but never made any changes to the Start menu. The effect seems innocous at any rate, if I understand Tony Klein's post correctly.

 

[FCUSA]

I cannot seem to ahead on all this. I had to restart computer because there was an update and now it shows the update failed. I am sure this belongs in another section but I have attached a snip anyway. Can I proceed with TFC etc without addressing this first?

 

[Jacee]

Yes.

 

[FCUSA]

Also, scroll down to Tony Klein's post for explanation PUM.Hijack.StartMenu Update MalwareBytes Issues (two) - Security | DSLReports Forums-

OK - I have read this (thank you) but have already removed it? What kind of problems might I be expecting