Results 1 to 3 of 3

Thread: Trojan.Win32.Agent2.lkf

  1. #1
    mistress Guest

    Default Trojan.Win32.Agent2.lkf

    For the 1st time, I think I have a problem!
    I downloaded a file, and before I even opened it, I scanned it as usual.
    Then all of a sudden I am getting these messages:
    BLOCKED
    264393.exe is not allowed to use 264393.exe to connect to 10.0.0.1NS

    I am seeing this trojan: Trojan.Win32.Agent2.lkf
    and do not find it anywhere on the net!!!

    I have had hundreds, maybe thousands of these.
    Then I looked in the ZAlog and found this. This is just a small portions:

    AV/treatment,2010/04/14,10:14:14 -4:00 GMT,Trojan.Win32.Agent2.lkf,C:\Users\Mistress\AppD ata\Local\Temp\333103.exe,File Repair Failed,Auto
    AV/treatment,2010/04/14,10:14:14 -4:00 GMT,Trojan.Win32.Agent2.lkf,C:\Users\Mistress\AppD ata\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\247BS5G6\wp[1].exe,File Repair Failed,Auto
    PE,2010/04/14,10:14:16 -4:00 GMT,264393.exe,C:\Users\Mistress\AppData\Local\Tem p\264393.exe,10.0.0.1:53,N/A
    ACCESS,2010/04/14,10:14:26 -4:00 GMT,264393.exe not allowed to use 264393.exe to connect to (10.0.0.1NS).,N/A,N/A


    ACCESS,2010/04/14,10:14:40 -4:00 GMT,264393.exe not allowed to use 264393.exe to connect to (10.0.0.1NS).,N/A,N/A
    ACCESS,2010/04/14,10:14:46 -4:00 GMT,264393.exe not allowed to use 264393.exe to connect to (10.0.0.1NS).,N/A,N/A

    Then, in the other text log files I see this, this is also just a small part:
    OSFW,2010/04/13,09:47:52 -4:00 GMT,UNKNOWN(0),NVIDIA Driver Helper Service, Version 196.21,C:\Windows\System32\nvvsvc.exe,PROCESS,SPAW NPROCESS,SRC,C:\Windows\System32\rundll32.exe,8000 00aa
    OSFW,2010/04/13,09:47:54 -4:00 GMT,BLOCKED,QuickTime Task,C:\Program Files\QuickTime\QTTask.exe,REGISTRY,SETVALUE,SRC,H KLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, QuickTime Task


    Lots of spawnprocess:

    OSFW,2010/04/13,11:59:06 -4:00 GMT,UNKNOWN(0),Setup.exe,C:\Users\Mistress\AppData \Local\Temp\setD931.tmp,PROCESS,SPAWNPROCESS,SRC,C :\Program Files\Creative\ALchemy\ALchemy.exe,8000072c


    I have run all the different scans that ZAISS offers since this started, and now running the deepest scan.

    I will be monitoring the forum to see if anyone has an answer.
    Thanks!

    I am on:
    Windows7 32 bit

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Trojan.Win32.Agent2.lkf

    As usual the first thing to do is to follow the guidance:
    Malware Clean-up Guidance

    Follow all steps...

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    mistress Guest

    Default Re: Trojan.Win32.Agent2.lkf

    Well hello Fax!
    Long time no speak!!!
    Hope all is well with you!

    Anywho ... I ran all of my scans in safemode, and everything came up clean.
    I think by running ZAISS in max mode, then deleting the bad file by hand and
    running CCleaner with max removal scans did the trick.
    I also did remove the restore point and started anew.

    I also looked in many places for this 'trojan' and could not find it anywhere.
    The whole situation was very very strange and frightening, as this
    was my very 1st "real" problem.
    I have had what I thought were virus or trojans but none triggered the ZAISS "BLOCK" like this file did.

    C:\Users\Mistress\AppData\Local\Temp\264393.exe
    264393.exe not allowed to use 264393.exe to connect to (10.0.0.1NS)

    VERY STRANGE!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trojan-GameThief.Win32.OnlineGames.ywg / Worm.Win32.AutoRun.dgt
    By lateralus in forum Malware Discussion
    Replies: 4
    Last Post: October 20th, 2008, 11:03 AM
  2. trojan-downloader.win32.fraudload.vadn & trojan-downloader.win32.agent.vur
    By kspartsman in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: July 10th, 2008, 06:21 PM
  3. Replies: 0
    Last Post: April 26th, 2008, 12:33 AM
  4. Trojan keeps coming back - Trojan-PSW.Win32
    By ecotom in forum Malware Discussion
    Replies: 3
    Last Post: March 18th, 2008, 05:58 AM
  5. ZASS found trojan.win32.pakes.aws and trojan.win32.pakes.awt
    By michaeljb in forum Malware Discussion
    Replies: 1
    Last Post: November 17th, 2007, 12:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •