Win32:Agent-LTS [trj]
Is the virus and I’ve tried sending it to the chest and deleting it and doing a boot scan but nothing works the warning pops up every five minutes or so and when I choose an action my desktop goes blank and about 30 seconds later my desktop is back
I got this virus trying to watch a movie on a streaming website
And it was some codec that I downloaded and I did not install it It was an exe file and Avast immediately found it but cant delete it
the infected file is here
C:\DOCUME~1\Owner\LOCALS~1\Temp\ac8zt2\msmdev.dll
Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
[*]create a new System Restore point in Windows XP and Vista.
[*]clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
[*]check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Note: If you don’t have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen !
If malware has added itself as a startup entry without you clicking on the .exe, you probably have some out of date software on your system allowing this sort of auto-install via an expoit. I’d recommend a scan with Secunia Software Inspector later on to check for vulnerable softwarwe.
Try the usual free adware/spyware scanners to clean up the infection first:
Also check your version of sun java, install the latest version and then remove the older one. Your better protected that way against these vulnerabilities,
Frank - that’s not how meant it. Its just that DSS is probably going to be the most effective approach and SNOWHITE is the one that asked for it. And the all caps thing, well, that’s how she spells it …
If this forum is going to become an extension of Geeks to Go, I’d like to point out the rules at Geeks to Go:
Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).
Seems to me some people are coming here to practise their manual malware removal skills without first recommending what anti-malware forums recommend:
Do some anti-malware scans with the usual products first!
Asking everybody to post a log from specialist system scanners ask a first step is not recommended where these ‘experts’ come from, so why are they doing it here?
I like to come to sort of the same conclusion. Rule one for any malware fighter and in any removal routine should be “Do as minimal damage as possible”. We have to point out to people when they try to manually remove malware, that they can do so if they are familiar with the normal cleansing routines and take the precautions that it takes to perform these routines (back up registry, safe mode, analysis of malware processes and files).
It is always good to ask for a second opinion, and to guide those affected step by step through the malware cleansing routine, while explaining what you try to achieve. A hjt log or a vsb runner script log or a smartdreck log won’t hurt anyone, and can deliver the malware fighter with some useful information, sometimes following up the usual anti-malware scanning procedures (online or non-resident) can also aid in this process.
I always felt that a good analysis of the malware at hand: processes, files, registry alterings etc. could be very helpful in malware removal. But not everyone is confident enough or that familiar with the cleansing routines to get the right results at one go. I would like to add Avast Webforum, sometimes we are even better than GeekstoGo. And I mean that.
