1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan horse Help!!!!

Discussion in 'General Chat' started by plaver, May 15, 2005.

  1. plaver

    plaver
    Active Member

    Joined:
    Oct 12, 2003
    Messages:
    2,305
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    Bannockburn , Victoria, Australia
    Ratings:
    +98
    Has anybody heard for the following 'Trojan horse TR/Agent.CS.'

    and how can I delete the file

    I have run a scan using 'Trend' and it does not find it but my anti virus sotware
    AntiVir XP does :confused: :confused:
     
  2. eviljohn2

    eviljohn2
    Well-known Member

    Joined:
    Jul 8, 2002
    Messages:
    7,529
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    Near London.
    Ratings:
    +208
  3. mjn

    mjn
    Distinguished Member

    Joined:
    May 24, 2001
    Messages:
    17,622
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Herts, England
    Ratings:
    +4,542
    Or try the MS Spyware thingy.
     
  4. Bev478

    Bev478
    Active Member

    Joined:
    Apr 13, 2005
    Messages:
    140
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +8
    You could visit this website & download their 30 day trial software.
    http://www.simplysup.com/tremover/

    I used it to get rid of a Trojan I couldn't totally remove with AVG. (But I had not disabled System Restore when I tried with AVG, so that could have been the problem). Whatever, Trojan Remover is good & simple to use. :thumbsup:
     
  5. Dr Diversity

    Dr Diversity
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Spybot Search & Destroy / MS Anti Spy and Grisoft's AVG: All free and should do the trick.
     
  6. plaver

    plaver
    Active Member

    Joined:
    Oct 12, 2003
    Messages:
    2,305
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    Bannockburn , Victoria, Australia
    Ratings:
    +98
    I have tried them all, and its still on my machine. Everything appears to working OK. Could the 'Anti-Vir' program be a bit over sensitive, Its happened before with some JAVA applications
     
  7. SanPedro

    SanPedro
    Well-known Member

    Joined:
    Jan 11, 2001
    Messages:
    4,497
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +503
    If you still want to get rid of then use "HiJackThis" available from http://www.merijn.org/downloads.html . I've used this for really persistent spyware and the like that seem to find ways of re-installing themselves.

    The software scans your system and then presents you with a list of what it belives to be suspect files. It's up to you to decide whether to delete them or not. I just run Google on anything I'm not sure about and keep or delete as appropriate.

    Chris
     
  8. plaver

    plaver
    Active Member

    Joined:
    Oct 12, 2003
    Messages:
    2,305
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    Bannockburn , Victoria, Australia
    Ratings:
    +98
    Sorry for the late response, I have been away on business, dowloaded the file you suggested, found the file ticked the boxed to delete hit the fix button, guess what still there, rebooted, run again file still there. I re run Anti-Vir Pro again and it found but can't detele it because it has been locked by windows, any ideas how I can unlock the file??????
     
  9. overkill

    overkill
    Well-known Member

    Joined:
    Nov 6, 2003
    Messages:
    11,776
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Murkeyside
    Ratings:
    +1,192
    Risky, just been hit with the same virus. None of the following did anything:

    Norton
    AVG
    Avast
    and from the wife's pc, Panda

    It appears to damage certain system files before the AV software can deal with it. I had to re-install after hours of plugging away at it. If you remove the infected files Windows lock ups.

    Will be installing Goback now as system restore couldn't beat it either.............

    If you find a way please let me know!! :rolleyes:
     
  10. plaver

    plaver
    Active Member

    Joined:
    Oct 12, 2003
    Messages:
    2,305
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    Bannockburn , Victoria, Australia
    Ratings:
    +98
    I'm not convinced it's a virus, if I allow AntiVir Guard to be active it opens a window telling that it has detected 'C:\WINDOWS\INF\DBSVR.DLL Is the Trojan horse TR/Agent.CS.1' but only when I open Internet explorer, it does not effect any other program, if I deactive AntiVir Guard and open IE no virus warning, I also have MS anti-spyware active and no warning from that either. I have known in the past AntiVir Guard is a little over sensitve, it has given me warnings in past about a virus from a perfectly good file. This not much help I know so for the time being I playing a watching brief and will only use FireFox.

    A little side issue, do you get the following when you boot up 'CHKDISK' needs to check the following disk in my case 'D' it run through a scan and then reports no error.

    I'm using XP Pro with SP2 installed
     
  11. iZombine

    iZombine
    Member

    Joined:
    Jan 21, 2005
    Messages:
    870
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Ratings:
    +33
  12. plaver

    plaver
    Active Member

    Joined:
    Oct 12, 2003
    Messages:
    2,305
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    Bannockburn , Victoria, Australia
    Ratings:
    +98
  13. Seth Gecko

    Seth Gecko
    retired member

    Joined:
    Oct 9, 2004
    Messages:
    3,349
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +193
  14. doctorjuggles

    doctorjuggles
    Active Member

    Joined:
    Aug 31, 2004
    Messages:
    743
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    London
    Ratings:
    +17
    I find trendmicro's online scan to be really good for malware. Here's their breakdown of Agent.CS

    From trendmicro's website:

    "Terminating the Malware Program

    This procedure terminates the running malware process.

    1. Open Windows Task Manager by pressing CTRL+SHIFT+ESC, then clicking the Processes tab.
    2. In the list of running programs*, locate the process:
    SVPHOSTU.EXE
    SVPHOST.EXE
    3. Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
    4. To check if the malware process has been terminated, close Task Manager, and then open it again.
    5. Close Task Manager.

    *NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing at startup.

    1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
    2. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Run
    3. In the right panel, locate and delete the entry:
    svphost.exe = %System%/svphost.exe
    (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.)
    4. Close Registry Editor.

    NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as TROJ_AGENT.CS, TROJ_AGENT.CY, and TROJ_AGENT.DH. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner. "

    There's also some additional information about the shutting off of System Restore if you need it.

    "For Windows XP

    1. Log on as Administrator.
    2. Right-click the My Computer icon on the desktop and click Properties.
    3. Click the System Restore tab.
    4. Select Turn off System Restore.
    5. Click Apply > Yes > OK.
    6. Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
    7. Re-enable System Restore by clearing Turn off System Restore."
     
  15. reevesy

    reevesy
    Well-known Member

    Joined:
    Feb 20, 2005
    Messages:
    4,939
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +1,131

Share This Page

Loading...