Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Clicker.HTML.Agen.a problem


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Nowhere to be found.

Your last post there I can find is this one:
http://www.thespykil...hp?topic=2642.0
where you attached: ffdddfefb_g.dll
  • 0

Advertisements


#17
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Something is going wrong with Spykillers.
I am going to repeat again uploads.
  • 0

#18
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Please let me know if you find the files I uploaded.
Maybe you can find usefull this info:http://www.viruslist.com/en/viruses/encyclopedia?virusid=111088
Regards,
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
I did find the file, but I can't see that doing anything usefull
The filesize is 5 bytes.

Can you compare to the original you have?
Also check to see the date it was created.
Maybe that will give us something to look for.

The description at viruslist is pretty useless:
Currently there is no description available for this program. :whistling:
  • 0

#20
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Yes. the filsize is 5 bytes, modified Tuesday, August 08, 2006, 4:00:52 PM.
In System 32 is written that the file is a part of ActiveX Control 1KB.
Except the name all is identical as the first one.
In meantime done scan wit KAV 6.0 in Safe Mode.
Besides this two Trojan files in the stat-up cleaning sequenze,nothing other found as malware.
Regards,
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
I feel a headache coming up. :whistling:
  • Please download StartupList to your desktop.
  • Double click the startuplist.zip to extract the files inside.
  • When the new window opens, please double click on StartupList.exe
  • A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
  • At the top of the window, click File>Save As and save startuplist.txt to your desktop.
  • Close startuplist.exe window
  • Attach a copy of startuplist.txt in your next reply
Posting it will not work in one post, so please use the File Attachments box.
I will take the time to have a looooooooooong read.

Regards,
  • 0

#22
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi,
I send you attachment you ask.
Regards,

Attached Files


  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Wow. You really like to try a lot of software out, don't you.

Nothing bad that I could spot, but there was one opening that might help.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Click Start > Run > and type in notepad and click OK
Copy and paste the text in the quote box into the Notepad window (including the Windows Registry Editor Version 5.00):
(Note: copy and paste from Windows Registry Editor Version 5.00 down – Don’t include the word quote from the quote box)

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]
@="WebCheck"

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
@="C:\\WINDOWS\\System32\\webcheck.dll"


Click File and then select Save As
In the ‘Save in’ box - Save it to your Desktop
In the ‘File name’ box – type in fix.reg
In the ‘Save as type’ box - use the drop down arrow and select All Files
Click Save
Close Notepad

Close all open windows and Browsers

Double Click fix.reg on your Desktop
When it asks you if you want to merge the contents to the registry, click yes/ok.
A window saying “Information in fix.reg has been successfully entered into the registry” should come up – Click OK.

Then empty your cache using ATF and reboot.

Let me know if the warning still comes up.

Regards,
  • 0

#24
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ,
All done according your advice, all operations strictly respected, but at athe end, after reboot, in KAV menu still same wornings appears.
Norhing change :whistling:
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
They have to be coming from somewhere. :whistling:

I noticed you are using FireFox. Is that your default browser?

The remarkable thing is that these files called popup[1].htm are in the cache for IE.
I don't see any iexplore.exe running however.

Do you have an Active Desktop (with internet content)?

Regards,
  • 0

Advertisements


#26
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
May default browser is IE.
Ocassionaly I am using Firefox and Opera.
I have some like:
-IE active Context menu
-IE ActiveX program dowloaded automatically by IE
-IE installed Plugins
-IE Toolbars ( nothing)
Please explain what you mean egzactly regarding "Active Desktop"
Regards,
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Active desktop is when youhave some kind of information or content of the internet displayed on your desktop.
http://en.wikipedia..../Active_Desktop

It is a way in which something could sneak in.

You can follow the instructions here to disable it:
http://support.micro...om/?kbid=190228
  • 0

#28
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi,
Disabled Active Desktop-no changes
Regards,
  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,942 posts
Can you tell me if the same files show up if you reboot into safe mode and then scan your
C:\Documents and Settings\momo\Local Settings\Temporary Intenet files
folder?

Also have a look around in that folder if you do and let me know if you find any leads about the site the files might be coming from.

Regards,
  • 0

#30
morog

morog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Metellica,
Scanned in Safe Mode concerned folder and all Documents and Settings-nothing found.
When start KAV found this info abt two trojans dated 09.09.2006.
Clicking on them seleted option "Discard" and after reboot in Normal Mode there i no worning about those trojans.
.Accordin my modest opinion , KAV has discovered those trojans during Startup scan on 09.09.2006.
Don't know how much you are familiar with KAV 6.0- I start use it recently, before was KAV 5.0 so maybe hi cleared those trojans one time for ever.If not they are somwhere in Startup programs but any how KAV is neutralizing them , so probably no risk.
At the end we shall wait for removal tool .
Thanks for your help and assistance m'8,
Regards,
NB: if you are interested I can send you PM with a/m information (trojans)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP