I am unable to permanently remove Win32:Agent-OTF trojan from my Windows XP SP3 computer here and would appreciate tech help. Avast virus scan continues to read …error in sending to chest. Spybot S&D shows 2 entries which I removed again today as well…
Thank you in advance.
I have a hijackthis to copy/paste here if it helps.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:33 PM, on 23/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
You need to upgrade your OS. The newer version SP3 has been available for months. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.
You do not seem to have any active process of a firewall on your system. If you have a firewall, please tell us what it is.
From your HJT log :
This one should be fixed as it may be related to malware …
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
If you do not recognize this site … streak.fimc.net … then this one should be fixed :
This one is related to Windows Live Call Not malware:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Acrobat reader is out of date and as such vulnerable to attack.
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
Thank you for guidance here CharleyO and David R re my trying to permanently remove Win32:Agent-OTF trojan.
I scanned online using the initial scan scania link posted and it shows I do have Microsoft XP3 and know that my settings are to download latest updates from Microsoft and that was upgraded that way onto my system here.
Other basic checks show Adobe Reader 7.x is ok
Microsoft IE 7.x is ok
Microsoft Outlook Express 6 is ok
Microsoft windows live messenger 8.x is ok
Microsoft windows media player 11.x is ok
Java is ok as I updated that recently.
I do need to upgrade my Adobe Flash player 9x and shall do this later on today as it is vulnerable and I shall also check out and scan if able more programs using secunia link as well.
I do not know where exactly and why the Win32:Agent-OTF Trojan keeps returning that shows up with my Avast scans as yet so I can remove or repair this problem from reappearing though but do thank you for your input as it does help guide me here.
I’m sure adobe reader 7 is at least one version out of date (see below), so I don’t know how it is reporting it as OK. I use FoxIt Reader as my default PDF reader.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis. (You can skip this step as you’ve already done it).
Disable System Restore and then reenable it again.
Hi Mickey. I know I downloaded Hijackthis and scanned a log a few hours ago so wondering if I have posted an earlier log saved back some time ago by mistake?
I shall look at this and post the recent one mentioned if I have posted a wrong one. It is very late here and shall check and fix that in my morning now.
No excuse but I have scanned so often and checked things over and over my head is beginning to spin. Guess the positive is I am learning more about computers from the experience.
A copy of hijackthis log file done this morning…need split in half in post as too many characters to do as one only post it says.
Logfile of HijackThis v1.99.1
Scan saved at 10:24:22 AM, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
This is even stranger, this is the most recent one but it is run on an old version of HiJackThis, yet the old log was run on the latest version of HJT ???
You should uninstall the old version and only use the latest version as the old one had some notable flaws. You only have to see it believes some the avast files are missing, where the new version recognises the files are there.
I had not realized I used an old Hijackthis for my log.
I have cleaned out my temporary files. Scanned with Avast Antirootkit which is clear. Scanned with Malwarebytes which shows as clear. I have done another Secunia scan online and decided to change my pdf reader from Adobe reader 7 to Fixit instead and have removed the Adobe reader 7 from my system and installed the Fixit program.
I want to download Adobe Flash player 10 and have tried unsuccessfully twice today as part of updating from my older version because it was a vulnerability. I can download the first part but part of the program needs to download Adobe air and it will not do this for me today so shall try again another time.
I am in the process of scanning with Dr Webit and am hoping this program does detect problems so they can be repaired.
Shall see how things work out . I am also reading up on Mozilla Firefox versus Internet Explorer and not sure as yet what to do about keeping IE or changing to Firefox.
My computer ran slow especially when online today so feel things are not right yet.
Hi Avast Tech. First thing I did this morning was do an Avast normal scan which picked up Win32:Agent-OTF [trj] and sent it to Chest which on completion of the scan showed once again ‘error sending to chest’.
I have done an Avast boot time shedule scan which ran clear. Scanned with DrWeb CureIt which went to a Quick scan before I could change it to do a Custom scan or Full scan. Took ages to download this one today. This ran clear.
Scanned with MBAM and Superantispyware programs both showed as clear.
I changed the programs mentioned in my post above and as shared in that earlier post I am unable to install Adobe Flash player 10 so read in the help section at their site. It was mentioned if one has a damaged system registery or incorrect permission in registry this may stop Flash Player from installing properly. I can download this flash player up to where Flash air needs to be downloaded and my page goes into problems to stay there.
I am basic computer literate to follow instructions set out however I am really not literate enough to touch my registry at all and ask if there is a genuine free registry clean/fix program to scan my computer with or do you advise against running any of those programs? I have read to be very careful of such programs…what do you suggest?
You’re welcome, I don’t know what additional methods you use for stuff like the CLSID that weird number that is related to windows live call, but I use the firefox add-on, Malware Search 0.8.5. This is very handy as it is a highlight the clsid/file name and right click, it uses various malware databases this makes it a little easier than trying to visit a site and search in each site, etc.
However, I really don’t know if the BHO requires a file to work in the case of Windows Live Call or some of the other Windows Live products as I frequently see them also reported as file missing and I would assume if the user was using these they would say or ask why they weren’t working. So in the cases of any windows live BHO I just confirm the CLSID and leave it as is.
Tiggers, that entry O4 - HKCU..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot. Did you install this program.I can find very little about it, especially anything good.On its download page it illustrates how to download, using the file setupxv.exe. This file seems to be associated with other error/reg fix type programs linked to malware.Upload a hjt log using the latest version. Did your malware problem coincide with this program ? Probably a long shot, but worth a mention.
I can uninstall the Adobe Flash player 10 Active x that goes into my Add\Remove program. I had removed my older version successfully.
I did download and scan once with ErrorFix.exe a few days ago and read how serious many of those programs are so chose to remove it. The Trojan showed about 3-4 weeks ago so was prior downloading ErrorFix.
I shall take advice given here however and try either CCleaner plus try the online VirusTotal-online scan and post results here.
I can also do another hijackthis and post the log.
A message occasionally shows Virtual memory needs more…(space?) but allow the computer do whatever it needs do there. This may not be a problem…not sure.
Shall also do an Avast scan and as Malwarebytes found and removed the problem eventually before I want to run another scan of this today too.
The Avast scan reads Win32:Agent-OTF [trj] in C:\Documents and Settings\All users\Application Data\Smilebox\c if that helps at all.
Sent mail from OE two days ago not received …they use virus protection working well perhaps.