[b]Hi,
Im silvio , from Portugal,
Please I have a problem and I would like to know if you could help me…
When my Norton antivirus date expires, I had install free AVG antivirus, big mistake.
It reports some virus and doesn’t delete them, but I remove them manually.
But yesterday it reports a trojan named: “Backdoor.agent.ba”, in the location:
Windows\system32\com.dl
I go to see but doesn’t exists com.dll in my computer, I try restart in safe mode and find, nothing.
My computer because of that, now I couldn’t acess to painel control, or system restore, or I can’t run any anti-spyware program, the programs doesn’t work, I couldn’t install the windows xp cd, I couldn’t acess internet.
(now im writing from my work computer, not at home).
I go to internet searching for backdoor.agent.ba and doesn’t exists, symantec virus list doesn’t report it, I run online antivirus and all of them doesn’t find that trojan.
I only find one forum where some people have that trojan, and all of them have avg antivirus, so I think avg creates that trojan, it came when it makes update virus database.
I go to AVG site, grisoft.com, in virus encyclopedia the don’t have any backdoor.agent.ba, how is that possible? If avg detects that trojan, how is possible that in site encyclopedia the don’t have any report of that trojan??
Now I couldn’t find the trojan, is invisible to all virus online scans, my programs (ad-aware, hijakcthis, pest patrol, spybot) don’t work so I couldn’t remove the trojan.
What can I do? I will have to pay for fixing…
Do you know anything could help me?
Do you know a really good firewall wich prevents trojan invasions?
I try agnitum, sygate, and kerios firewall, but they are bad.
Let AVG rename the file next time it finds it. Maybe then you will able(after restart) to delete the file, or to test the file here: http://www.kaspersky.com/scanforvirus
Thanks Raman!..
but my AVG is free edition, it only could “move to virus vault” a infected file,
but it shows me:
windows\system32\com.dll
i go to that folder and didn’t find com.dll, i search in computer but… that file doesn’t exist.
in other foruns i read some messages,people wich have that trojan, but avg show them other dll file, like ccl.dll, its strange that avg gives a different name for the trojan backdoor.agent.ba ,and i go to avg site (to virus encyclopedia) and they don’t have a knowledge of this trojan existence.
This came for a simple google.com search, learn to use it, it is your best friend. This is the search and it returns 353 hits. The one from pest patrol is the first, I would also suggest that you bookmark pest patrols home page.
thanks DAVID r.
i will check this pest patrol backdoor agent.
well i have pest patrol in my computer, but i think only removes pests when i run the program, sometimes im surfing on the internet and pest patrol alerts me if there is a pest in a file.
but after avg detects that trojan “backdoor.agent.ba”, no more programs run, it blocks acess to all programs, so now i couldn’t run pestpatrol, or antivirus
tambem fui atacado por uma porcaria dessas. encontrei uma resposta que, no entanto, ainda n experiemntei, mas que me parece lógica
TUTORIAL PRA REMOVER O BACKDOOR.AGENT.BA
Para começar desative a restauraçao do sistema (System Restore)
Va:
Painel de Controle > Restauraçao do Sistema > X Desativer restauraçao do sistema.
Reinicie a maquina.
Entre COMO ADMINISTRADOR.
Ao Voltar faça:
Painel de Controle > Ferramentas Administrativas > Diretiva de Segurança Local > Diretivas locais > Opções de segurança > Acesso à rede: compartilhamento e modelo de segurança para contas locais COLOQUE ISSO EM CLASSICO.
Depois localize o registro desse arquivo dll no regedit.
Iniciar > Executar > Regedit > APERTE CTRL + F e coloque o nome do arquivo dll infectado. Ao encontrar remova tudo associado a ele… e oque esta em sua pasta.
Depois va ao local onde está o arquivo infectado clique em suas Propiedades depois va na aba Segurança, em Permissões para Administradores marque em Permitir: CONTROLE TOTAL.
Clique OK.
Depois Selecione o arquivo infectado e destrua-o de uma vez com Shift+Del pra exclui-lo de uma vez.
Certifique-se q o registro nao ficou com nenhum vestigio desse arquivo.
Caso nao consigo de primeira tente mover o arquivo e deleta-lo.
I could translate because I’m brazilian but I think it will be easier if you run the avast! Cleaner (a standalone, downloadable, application) to clean the Registry.
Maybe you have to run it in Safe Mode (press F8 while booting).
In the first topic of this forum there is a long explanation on how to get rid of infections.