Not asking for help, but what the... agent-bsu?

Hi All,

A little disappointed in Avast (im using the free-edition), the latest for windows.

But last night? or sometime yesterday, I received an email, and it totally fooled the crap out of me plus I was tired. So it’s basically my own fault anyway… but…
I clicked this link, IE closed down, icon appeared on the desktop.

Avast detected virus, deleted it.
Avast found more viruses, couldn’t delete it, it’s in use.

… but as the virus info showed…
it said “Win32:Agent-BSU”

well, asked it to do a system scan, the blue screen part (forgot what it’s called, where the chkdsk happens)…
anyway did that…

found and deleted the viruses…

logged into Windows… avast detected more viruses…
woohoo…

but for me, for being a professional technical support…
i never checked the “msconfig/system startup” and I found “svchost” in “%temp_dir%”, so
i checked the

restarted and got into safe mode and deleted the file… and disabled the system startup on that file.

restarted into normal mode, and everything is okay… just doing a last minute scan… to delete the other trojans/viruses that it’s left.
found 6 now… and still scanning but they are getting deleted…

now im wondering…
why the hell didn’t avast detect the “svchost.exe” in the temp dir?
I have scanned the machine a few times today and it never picked it up.

but after searching for “agent-bsu” nothing was found…
searched for “svchost” and http://www.avast.com/eng/win32-kapucen-b.html this was listed… and this was the “symptom” i was having…

anyone explain to me why… didn’t avast pick it up?

tick tock.
spent the last 4 hours… xD when it should have taken me 5 minutes… but for me, i was being slow.

woohoo?

cheers
Peter …

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.

  2. Clean your temporary files. You can use the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

  5. Use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

Well we (avast users) would like to know too, so did you send a sample to avast for analysis so that it can be included in the VPS updates.

Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Seems to be similar to the attack in this topic.

http://forum.avast.com/index.php?topic=27671.0

If you click on links in e-mails, you’re always likely to be taken to a site using the latest exploits to install malware, and the malware itself is very likely to be a variant undetected by most AV’s, because new variants are churned out every hour.

Starting with Agent-a to Agent-z, that’s 26 variants. Agent-aa is number 27 and Agent-zz is number 676. Adding a third letter goes up to 17576 varaints.

With so many new variants emerging, no AV will catch all of them.

If you still have a copy of the file, submit it to VirusTotal to compare AV performance.

Well, the virus re-appeared by magic… after the computer being inactive.

but i have uninstalled avast and spyware and installed norton internet security 2006,

and it found this virus
http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99

… ashame that avast didn’t find it.

well, i hope it stops appearing now…

Did you try the steps I’ve posted before?

Yes, I did… but no luck.

well, now… I have a bigger issue…
i installed norton yes, but now i open IE7 no images appears… they just come up as " little box" and have to right click and show picture…

i have uninstalled and installed bitdefender, and that found 3 more viruses… and removed them… that norton nor avast didnt detect

im having a fantastic last few days lol

the images work in firefox… oh well… im giving up, im gonna back up and reinstall OS.

but anyone know how i get images back on in IE7? the temp/temp internet files are empty so it’s not full…

Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

nevermind, images dont work in firefox browser neither… XD

i don’t have two scanners installed… i would never have two installed.

Norton is notorious for leaving debris behind which can have an impact on other AVs later. It gets its hooks into everything.
A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

thanks for that. :slight_smile:

but least i got rid of all the craping viruses/trojans anyway… but to fix the “no images are showing on any browser” problem (which im still having problems… ), I created a new windows profile.

oh well

cheers, im done with this topic now.