Results 1 to 5 of 5

Thread: Win32 trojan not removed in SafeMode

  1. #1
    chrisza Guest

    Default Win32 trojan not removed in SafeMode

    1) ZA spyware scan reports the following: Win32.Trojan.Dropper.Agent.bah
    2) I have attempted to remove it in Safe Mode, but it reappears on every reboot.
    3) Tried ZoneAlarm, SpySweeper, Spybot, TrendMicro HouseCall, and X-Cleaner Micro Edition.
    4) What next?

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Win32 trojan not removed in SafeMode

    The best thing to do to fix this is sign in at Castle Cops and follow the procedure stated to clean the PC. This is done before posting the HJT logs. The HJT logs will give the experts information to be read and analyzed and then they will give the exact and proper instructions to completely remove this trojan.

    http://www.castlecops.com/

    HJT read me before posting:

    http://www.castlecops.com/t102301-Hi...e_Posting.html

    and of course the HJT forum:

    http://www.castlecops.com/f67-Hijack...ans_Oh_My.html

    Oldsod
    Best regards.
    oldsod

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Win32 trojan not removed in SafeMode

    Hi!On top of Oldsod suggestion, it could have helped to know which version of ZA are you running and DAT version of your ZA (right click on ZA tray icon, about, copy to clipboard, paste it here).Is it a detection of the AV module or the AS module (I can't find any info on this in the AV database...)?Where exactly is the trojan detected? It may be a false positive by ZA AS....Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    chrisza Guest

    Default Re: Win32 trojan not removed in SafeMode

    The following is the ZoneAlarm version that is on the computer in question:

    ZoneAlarm Security Suite version:7.0.337.000
    TrueVector version:7.0.337.000
    Driver version:7.0.337.000
    Anti-virus engine version:3
    Anti-spyware engine version:5.0.162.0
    Anti-spyware signature DAT file version:01.200705.1505
    AntiSpam version:4.9.1.8211

    Location:
    Hkey_Local_Machine\software\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\Hotfix\WLogon

    Thanks

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Win32 trojan not removed in SafeMode

    Hi!you are running the latest version of ZASS, AS DAT is updated and what is detected is just a registry key...I have checked my system and I don't have that key... strangeThis is fine: Hkey_Local_Machine\software\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\ but I can't see/find any ....\Hotfix\WLogonIs the registry key the only thing thatis detected?Probably better to follow GURU Olsod suggestion and onlyafter youare sure you are clean of malware, report it to ZL as potential false positive.Here: http://www.zonealarm.com/store/conte...are_report.jspFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •