Win32/Rootkit.Agent.ODG trojan [Closed]

re-opened at user request

Hello again,

Please post a fresh Malwarebytes Anti-Malware log, OTL log, and let me know how things are running now.

I did a virus scan with Kaspersky WebScanner and the following is the report:
What do I have and how do I get rid of it? What are these trojans? What do they do exactly?
What should I do now please? Advice?
Thank you


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, June 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 13, 2009 01:33:16
Records in database: 2338632
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 78999
Threat name: 12
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 02:52:15


File name / Threat name / Threats count
C:\Documents and Settings\Joe\Desktop\ares\ares-lite_v181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
C:\Documents and Settings\Joe\Desktop\ares\ares-lite_v181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
C:\Documents and Settings\Joe\Desktop\ares\ares-lite_v181.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\Documents and Settings\Joe\Desktop\ares\ares-lite_v181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\Documents and Settings\Joe\Desktop\ares\ares-lite_v181.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-31_23.26.59.zip Infected: Trojan.Win32.Crypt.bbc 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-31_23.26.59.zip Infected: Trojan.Win32.Crypt.bbw 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-31_23.26.59.zip Infected: Trojan.Win32.Crypt.bbi 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-31_23.26.59.zip Infected: Trojan.Win32.Crypt.bbj 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-31_23.26.59.zip Infected: Trojan.Win32.Crypt.bbk 1
C:\System Volume Information\_restore{1495C5A3-FD4B-40DB-9E02-353B8A727AB1}\RP1119\A0518544.dll Infected: Trojan.Win32.Agent2.jai 1
C:\System Volume Information\_restore{1495C5A3-FD4B-40DB-9E02-353B8A727AB1}\RP1123\A0518596.dll Infected: Trojan.Win32.Agent2.jai 1
C:\System Volume Information\_restore{1495C5A3-FD4B-40DB-9E02-353B8A727AB1}\RP1123\A0518624.dll Infected: Trojan.Win32.Agent2.jai 1

The selected area was scanned.

The online scanner shows that I STILL have trojans. Bad trojans too. Why? What do i do please?


I used an external hard drive on the computer that this report was generated from a few days ago to back up some stuff. Is this external hd infected now too? What do I do? How do I clean the external hard drive? I used the external hd on a few other computers as well.
Advice?
Thank you very much

Also I merged your other topic you started today with this one, please keep all post in this topic, and do not start new ones.

I need you to post the logs I requested, the infections found on the scan are already in Quarantine.

Before you do the scan with Malwarebytes Anti-Malware make sure your external drive is hooked up so it scans that too.

With all due respect, how do you know they are still in quarantine? ALL of them are in quarantine? I have no threats as of now?
What kind of MBAM scan do you want?
what is otl
Thanks

With all due respect, how do you know they are still in quarantine? ALL of them are in quarantine? I have no threats as of now?
What kind of MBAM scan do you want?
what is otl
Thanks

Through my training and experience of doing this for a couple years, I can see where the infections are. They are in the Combofix quarantine, and your system restore points, and we will clean those out at the end when we are finishing up.

The scan with MBAM is just running Malwarebytes Anti-Malware again and posting the log.

OTL is from the Malware and Spyware Cleaning Guide that I referred you to back in post # 2 you can get it by following the below directions….

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  [list]
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post the MBAM log and the OTL log in your next reply.

Also just to make sure we are NOT wasting our time here… is this the computer with the hard drive you plan to erase, Because if it is that will clean out all the infections when you reinstall the operating system??

I have a question please
So right now if these trojans are in quarantine, then they cannot affect my computer whatsoever? It is as if they arent even there?
Based on the online scan, I currently do not have any virulent viruses on my computer? They are ALL quarantined and safe?
If I completely clean these viruses later, then any evidence of ever having these viruses will be gone for good?
No you are not wasting your time
I appreciate it

Edited by nicolecolgate, 13 June 2009 - 05:41 PM.

I have a question please
So right now if these trojans are in quarantine, then they cannot affect my computer whatsoever? It is as if they arent even there?

well almost, but if you do a system restore, or open the quarantine folder and click on a file you will instantly be reinfected again.

I just need to take a look at your logs I requested so I can make sure and then we will clean everything up

I think I clicked on one of the files before... out of curiosity
is that bad?
i am doing the scan now
thanks

I think I clicked on one of the files before... out of curiosity
is that bad?

Probably, depends on witch one it was…. I will be able to tell when I see the logs.

As this is the second time you abandoned this log, I will not reopen it again.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.