Malware win32/agent.bck

[fimasava]

Dear Sirs
My NOD32 scan is indicating win32/agent.bck in my notebook.
Please tell me the information I have to post you for helping me eliminating the problem.
Thanks.

[jholland1964]

Do all the steps here, READ ME Before Posting A Request For Assistance! and then post back with the requested logs from the link.

[fimasava]

My friends

After a hard work (about 24 hours), my trial "sophos" is indicating a virus message (please see attached file, valera.jpg)

Also my system32 directory is showing the following suspicious files:
slhybiul.dll / ikhcore.log / pcisys.ntk / imon1.dat / ksalihbl.dll / fntcache.dat all then created after finishing the initial cleaning (see attached "files on system32 after cleaning" file)

Are suspicious also the following files on my system32 directory:
awvtt.dll and hggeccy.dll, both created at 24/09/2007 (dd/mm/yyyy)

I asked virus total checking some files and they are infected (please see 3 virus total "jpg" files attached)

I have tried to manually delete these suspicious files, but it was not possible (message indicating "file is being used by another person or application")

I noted that awvtt is showed as a complement tool in my explorer browser (see attached "awvtt as explorer complement.jpg"). I decided manually disable the complement, but each time I re-start my PC, the complement is actived

Please help me eliminating the infected files.

Note:
Step "6": pass OK
Step "7": kaspersky.txt attached
Step "8" A: OK
Step "8" B: Was not able to save report. Please find attached "avg anti spyware screen.jpg"
Step "8" C: pass OK. Please find attached "microsoft windows defender results.jpg"

Thanks

[jholland1964]

You cannot remove virus's with a trial of something. UNINSTALL the Sophos Trial First. THEN Download one of the FREE anti-virus programs noted here Some good FREE alternatives are:

I don't care which one, choice is yours. But in order to continue and insure removal you MUST download, install, update and scan and remove anything found with one of those programs. Manual removal is not going to do it...some yes, but not all.

Empty your Eudora Trash. Some files there are infected. Empty your Recycle Bin.
You have a Vundo infection for sure.
Please do the following;
Download VundoFix to the desktop.

* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

It is the VundoFix log we need this time.
Look here;
C:\vundofix
See if you can then find C:\vundofix.txt
Post it here.

You also need to tell that AVG Anti-spy program to FIX/Quarantine anything found.
Please do those steps again and then run another Kaspersky scan and another HJT scan.
Post the Vundo Fix log, AVG log, Kaspersky log and HJT log.

[fimasava]

My Friends

Thank you a lot. It is solved. It was a Vundo malware and this is removed. After cleaning I have checked with my NOD32 and also AVG and no virus found.

Regards and thanks once more.