Home > General > 100211-Trojan-PSW.Win32.Agent.pew

100211-Trojan-PSW.Win32.Agent.pew

Wow worked fine and didn't say anything last night but today it gave me the 100211-trojan-PSW.win32.agent.pew message. Running this program may compromise the security of your computer and jeopardize your ability to play World Of Warcraft. s r.o. It generated the attached combofix log file.Please advise of the next steps if any richbuff 23.01.2009 08:13 Run this one:CODEbeginCreateQurantineArchive('c:\quarantine.zip');end.A file called quarantine.zip should be created in C:\. http://avissoft.net/general/adware-win32-agent-at.php

I have tried google searching for it and majority of the 7 posts are from forum post on here. Use the forums!Don't let BleepingComputer be silenced. s r.o. - All rights reserved. It may take a while to complete scanning and this is normal.You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is https://www.bleepingcomputer.com/forums/t/303203/extremely-elusive-trojan-pswwin32agentpew/?view=getlastpost

BLEEPINGCOMPUTER NEEDS YOUR HELP! The rest wasn't to helpful. The trojan collects the following information: loginusernamesforcertainapplications/services loginpasswordsforcertainapplications/services FTPaccountinformation informationabouttheinfectedcomputer The following programs are affected: 3D-FTP 32bitFTP ALFTP BitKinex BlazeFtp Bromium BulletProofFTP ClassicFTP CoffeeCupSoftware Comodo COREFTP CuteFTP Cyberduck DeluxeFTP DirectoryOpus EasyFTP As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

To learn more and to read the lawsuit, click here. Several functions may not work. Usually located in c:\combofix.txt , please attach it to your next post. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

The trojan creates the following file: %temp%\­ytk.bat The file is then executed. Run this script, instructions linked in pinned topics at top of this forum page, PC will reboot:CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); QuarantineFile('C:\autorun.inf',''); DeleteFile('C:\autorun.inf');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.After run script, attach a Combofix log, please review and follow these or ESET North America. http://newwikipost.org/topic/sAuAnEFphvKtI3ukypGN8IPZD94qabi1/Extremely-elusive-Trojan-PSW-Win32-Agent-pew.html Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileTB: {A057A204-BACC-4D26-9990-79A187E2698E} -

All other names and brands are registered trademarks of their respective companies. If we have ever helped you in the past, please consider helping us. This is a "lo-fi" version of our main content. VPS アップデート 履歴 avast!ウィルスデータベース(VPS) アップデート 履歴 2010年 7.9.2010 - 100907-1 JS:Pdfka-ANA [Expl], JS:Pdfka-ANB [Expl], JS:Pdfka-ANC [Expl], JS:Pdfka-AND [Expl], JS:Pdfka-ANE [Expl], JS:Pdfka-ANF [Expl], JS:Pdfka-ANG [Expl], JS:Pdfka-ANH [Expl], PDF:CVE-2010-0188-C [Expl], PDF:CVE-2010-0188-D [Expl],

here is my hijackthis log Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 2:10:33 AM, on 3/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Installation The trojan does not create any copies of itself. The HTTP protocol is used. To view the full version with more information, formatting and images, please click here.

GeoJab 23.01.2009 07:55 Thanks for the quick reply.I executed the script and ran combofix. http://avissoft.net/general/agent-r-g.php Toolbar) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2009/08/24 00:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}[2009/04/29 23:47:46 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}[2009/10/27 12:58:03 | 000,000,000 | ---D Inc.)IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"FF - prefs.js..browser.search.order.1: "Yahoo"FF - prefs.js..browser.search.order.2: ""FF - prefs.js..browser.search.selectedEngine: "Yahoo"FF - prefs.js..browser.startup.homepage: Contact |Privacy |Legal Information |Sitemap 1992 - 2017 ESET, spol.

I suggest you do this and select Immediate E-Mail notification and click on Proceed. Other information The trojan contains a list of (12) URLs. Go to MMO-Champion Forums » All General General Discussion - US Story Forum - US General - GB Achievements - GB Achievements - US General - GB General Discussion - US http://avissoft.net/general/spyware-onlinegames-trojan-agent.php Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

The reason for this is so we know what is going on with the machine at any time. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it Extremely elusive Trojan-PSW.Win32.Agent.pew Started by Swayvo , Mar 17 2010 05:03 PM This topic is locked 11 replies to this topic #1 Swayvo Swayvo Members 6 posts OFFLINE Local time:12:44

Or Start > run > type 123c /u > ok.

Once rebooted seems to work fine. I also have an authenticator but haven't used it since the message started showing up. I also attached the kAV activity report.I would greatly appreciate any help with the removal of these viruses.Thanks richbuff 23.01.2009 06:38 Welcome. Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo!

Restart Kaspersky. If you click on this in the drop-down menu you can choose Track this topic. Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dllBHO: RealPlayer Download http://avissoft.net/general/adware-bho-trojon-vundo-backdoor-bot-trojan-agent-malware-trace.php Timeline Prevalence Map Please enable Javascript to ensure correct displaying of this content and refresh this page. 태터데스크 관리자 태터데스크 메시지 저장하였습니다. 世界1億人が愛用するアバスト!アンチウィルスの最新ニュースと活用サポートをお届けします! ホーム カスタマサポート(FAQ) よくある質問(Q&A) avast!ニュース avast!オンライン特価購入 avast!製品ホーム

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dllBHO: &Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! The trojan removes itself from the computer. My computer crashed due to a kernal issue at the end of the combofix scan.

Lastly, uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Trademarks used therein are trademarks or registered trademarks of ESET, spol. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. It tries to download several files from the addresses.

Invision Power Board © 2001-2017 Invision Power Services, Inc. Click here to Register a free account now! It is highly advised that you correct this problem before playing the game."The only problem is that i cannot get rid of this trojan!I've run AVG, a-squared, Comod, and TrojanHunter.None of Please note that your topic was not intentionally overlooked.

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. The only time i have logged in was to post this.