[Closed] Help removing Trojan-spy.win32.agent.bahu

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Closed] Help removing Trojan-spy.win32.agent.bahu

jspizzy View Member Profile	Oct 22 2009, 03:21 PM Post #1
New Member Group: New Member Posts: 1 Joined: 22-October 09 Member No.: 88,482 Operating System: Windows 7 Ultimate	I am running windows 7 ultimate and my firefox 3.5.4 browser got hijacked apparently. I have tried all the usual things but I can not get any of them to run as the trojan is shutting them down before I can get any log files. I did use Kapersky online and was able to determine what it was but now I can't get rid of it. Attached is the log file any help on how to proceed would be much appreciated. Combofix even renaming it on the download does not install, i tried running as administrator and in compatibility mode XP Service Pack 2. Malware Bytes and hijack this installs and runs but during the scans gets shut down and the files are permission locked. I used Inherit to unlock them and uninstall the programs. I installed AVG 9.0 FREE after the fact and scanned the computer but it did not detect anything so I uninstalled it. I also ran EXEHelper and was able to get a log as well UPDATE: I ran the online superantispyware.com and during the scan it shut down as well this thing is pissing me off. the Kapersky and EXEhelper logs are posted below thanks for your help!! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, October 22, 2009 Operating system: Microsoft Professional (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 22, 2009 16:25:32 Records in database: 3045602 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 102267 Threats found: 2 Infected objects found: 45 Suspicious objects found: 2 Scan duration: 01:32:53 File name / Threat / Threats count wininit.exe\CAFB175D.x86.dll/wininit.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 globalroot\Device\__max++>\CAFB175D.x86.dll/globalroot\Device\__max++>\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 23 services.exe\CAFB175D.x86.dll/services.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 svchost.exe\CAFB175D.x86.dll/svchost.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 8 spoolsv.exe\CAFB175D.x86.dll/spoolsv.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 AppleMobileDeviceService.exe\CAFB175D.x86.dll/AppleMobileDeviceService.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 mDNSResponder.exe\CAFB175D.x86.dll/mDNSResponder.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 msmdsrv.exe\CAFB175D.x86.dll/msmdsrv.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 sqlbrowser.exe\CAFB175D.x86.dll/sqlbrowser.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 WLIDSVC.EXE\CAFB175D.x86.dll/WLIDSVC.EXE\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 explorer.exe\CAFB175D.x86.dll/explorer.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 SQLAGENT.EXE\CAFB175D.x86.dll/SQLAGENT.EXE\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 jusched.exe\CAFB175D.x86.dll/jusched.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 iTunesHelper.exe\CAFB175D.x86.dll/iTunesHelper.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 firefox.exe\CAFB175D.x86.dll/firefox.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 java.exe\CAFB175D.x86.dll/java.exe\CAFB175D.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1 Selected area has been scanned. _______________________________________ _______________________________________ ____ exeHelper by Raktor Build 20091021 Run at 15:00:33 on 10/22/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

Tomk View Member Profile	Oct 26 2009, 11:27 AM Post #2
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,291 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi jspizzy, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download DDS and save it to your desktop from Here here or here. Disable any script blocking protection (How to Disable your Security Programs) Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. We Need to check for Rootkits with RootRepeal Download RootRepeal from one of the following locations and save it to your desktop. Here Here or Here Open on your desktop. Click the tab. Click the button. In the Select Scan dialog, check Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post. Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post. *Attach* the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk View Member Profile	Nov 2 2009, 12:37 AM Post #3
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,291 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Due to inactivity this topic will be closed. If you need help please start a new thread.

« Next Oldest · Infections Removal · Next Newest »

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal recurring Win32.kstp trojan, may be rootkit? 12	16	JoHawk	276	Today, 12:49 PM Last post by: schrauber
		Infections Removal [Closed] Kaspersky Log	2	ArtemusGordon	62	Today, 09:41 AM Last post by: LDTate
		Infections Removal [Closed] hijack this logfile	5	livewiredrinker	76	Today, 09:23 AM Last post by: SweetTech
		Infections Removal WIN32 Infection - I think	1	KristyK	46	Today, 09:23 AM Last post by: CatByte

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 16th March 2010 - 08:32 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.