Win32:Agent-OJW [Trj] trojan

Viruses and worms
1

Hi! i need help for this virus:

Win32:Agent-OJW [trj]
trojan
VPS version: 080202-0, 02/02/2008

it has infected C:\WNDOWS\MEMORY.DMP

help me please!!!

2

Hi EnrY_90,

f you wish to go on with cleaning, please follow these next instructions carefully ;
Download SDFix (by AndyManchesta) from here: http://downloads.andymanchesta.com/removaltools/sdfix.exe
and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears,
tap the F8 key continually;Instead of Windows loading as normal,
the Advanced Options Menu should appear;Select the first option,
to run Windows in Safe Mode, then press Enter.Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).

Close the text file for now, I will ask for it later on. After the restart : Download ComboFix.exe using either of these links: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you.

Post (Copy/Paste) that log in your next reply. Note: Do not mouseclick combofix’s window whilst it’s running.

That may cause it to stall Logs that I need in your next reply : - SDFix (located in the SDFix folder >>

C:\SDFix) - ComboFix - Post a HijackThis log!

polonus

3

It means that at some point that your system crashed and created a memory dump, unfortunately at that point there was malware in memory.

Under normal circumstances I would say you should have sent it to the avast chest (and investigate), one of the options given on detection (what did you choose ?). However, in this case deletion would be OK.

Just delete the memory.dmp file as it is redundant, it is only of use at the time of the crash and then only for someone with the tools to analyse it. Should you have a system crash in the future windows will create the file again. If the file still existed at the time of a crash it would be replaced, so there is no problem in deleting it.

I would remove your email address from the post unless you like spam. The forums are publicly available and could be scanned by bots looking for email addresses to add to lists.

4

sorry for the spam i’ve just remove my mail

5

No not you spamming, just that posting your email address could get it harvested by robots that trawl the internet looking for email addresses and add them to spam lists, or other malicious email lists. So you could end up with unwanted email.

6

your memory.dmp file could be full of “randomly” overlaying data (some binary garbage) or it can really contain the dump of the process related to Agent virus… but since you don’t have any other infected files, i assume the first option…