Hi Everyone,

I am hoping someone in here can help please.

I Have the lastest Version of Avast

I keep getting Warning Virus found everytime I start up my computer.

I have tried to send it to the chest and then it dissapears but when I restart my computer again it comes back everytime. I did a google search and found Adware reccomended and after speaking to one of there Techs I even paid for the full version of it and they assured me that their software would remove it but that did not work either. I have cleared my Cache, Deleted Temp files, cookies etc… but still Avast keeps picking it up.

There is no explanations anywhere of what this virus does so not sure how damaging it is.

Here is the virus name win32:Agent-RE [Trj]

Somone please help this is doing my head in

Also one other Question please. Does Avast have a built in Firewall or is it best to use the XP with Avast or a third party one ?? I notice it says on access scanner but is this scanning for viruses only or will it block intrusions also ??

I would really appreciate any help I can get to both of my problems

Thanks In Advance

Nev

First thing we need is the file name and path e.g programme files\prog.exe or whatever. Also have you tried a boot time scan ? as some files are protected by windows when it starts and they can’t be moved or deleted. Additionally you could try Ewido which is a good trojan killer download - instal and update before running. Avast does not have a firewall as such and windows firewall only stops inbound, not out bound problems so I would suggest ZA or any other software fire wall there are various recomendations on this forum .

Ewido http://www.ewido.net/en/download/

ZA Free http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Welcome to our world

Hi Nev,

Look if what is mentioned here is on your computer.
http://www.pestpatrol.com/zks/pestinfo/t/trojanproxy_win32_agent_ad.asp#Detection%20and%20Removal
Then the removal instruction could be appropriate, you might need killbox to kill one of these files if present, get it from here:
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Usage Information:

Download this file, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

polonus

Thank you Essexboy and Polonus,

I tried the Boot Scan and it came up with over 200 system 32 viruses All Win 32 Agents so I sent them all to the Chest and after the Boot Scan had finished I rebooted my PC and low and behold the Virus was back. I take it that it must have installed itself in the registry hence why it keeps coming back after a reboot but after sending it to the chest from the Boot Scan surely that is enough to get rid of it because I was under the impression the bootscan was removing the virus from the registry.

I am now Baffled as to what to do lol

I have the whole file name now

C:\WINDOWS\sytem32\msclock32.dll[upx]contains sample of’Win32:Agent-RE[Trj]'!

I have downloaded Zone Alarm Also

Please would very much appreciate more help if you can please

Thanks In Advance

Nev

This is a rootkit infection: you will need to run F-Secure BlackLight:

http://www.f-secure.com/sw-desc/navipromo.shtml

When you have removed the hidden file, run a boot time scan with avast! again, followed by a scan with Ewido in safe mode.

If you do not use these programs, download, install, update and run them in safe mode:

Ad-Aware
Spybot Search & Destroy

Wow you Guy’s Are Amazing !!

So much support in here and so many talented people.

I wll let you know how it goes.

Thanks again

Nev

I’ve got the same problem. Backlight found 5 files, all with the same beginning: fremwtkg. Is it safe to rename all of them?

Thanks in advance.

05/08/06 13:00:47 [Info]: Hidden process: C:\windows\system32\fremwtkg.exe
05/08/06 13:00:47 [Note]: FSRAW library version 1.7.1015
05/08/06 13:03:37 [Info]: Hidden file: c:\WINDOWS\Prefetch\FREMWTKG.EXE-14161075.pf
05/08/06 13:03:37 [Note]: 10002 1
05/08/06 13:03:48 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\fremwtkg.dat
05/08/06 13:03:48 [Note]: 10002 1
05/08/06 13:03:48 [Info]: Hidden file: C:\windows\system32\fremwtkg.exe
05/08/06 13:03:48 [Note]: 10002 1
05/08/06 13:03:49 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\fremwtkg_nav.dat
05/08/06 13:03:49 [Note]: 10002 1
05/08/06 13:03:49 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\fremwtkg_navps.dat
05/08/06 13:03:49 [Note]: 10002 1
05/08/06 13:08:08 [Note]: 7007 0

Nothing comes up with a Google search. I would think it would be safe to remove them, indeed, they are very probably malware files.

The triple wammy seems to have worked. No more Avast warnings on boot.

Nothing beats an active forum and alittle black magic…

Thanks for your help.

Hi,

Glad it worked for you Robkel !!

As for me nothing seems to get rid of it. I try to delete it and it keeps coming back, even tried regedit and spent hours looking for it to remove it manually but can’t seem to find it. What a knightmare.

Tried the Backlight Beta and that found it but did not delete it.

If you rename a trojan or Virus I suppose it means it is still there on your Pc but non active is that correct please ?

Even tried the kill box

Nothing seems to actually get rid of it and delete it for good.

Can someone please advise what they think I should do please.

Thanks Again in Advance

Nev

Have you tried everything advised? (In this order)

Boot time scan with avast!?

Scan with Ewido?

Scan with BlackLight?

Installing a third-party firewall?

Yep, I have done all that and still I can’t remove it.

Please post a HijackThis! log for us to look at:

http://www.bleepingcomputer.com/tutorials/tutorial42.html