IE7 closes itself while loading website(s)/win32.Agent.pz detected

[danszczerba]

Hi. My problem is IE7 closes(shuts down) by itself when loading certain webpages. I tried deleting the host file located in windows\system32\drivers\etc folder, but this has not solved my problem. During my Spybott scan, win32.Agent.pz was found to be in the system 32 folder. I looked, but could not find it and Spybott could not fix it. Included are log reports from Spybott, Antivir, and HJT. My system is: Windows XP Pro/Sp2 and IE7-PLEASE HELP?!?!?! Thanks!

[jholland1964]

Download SDFix and save it to your Desktop.

• Run the SDFix.exe by double clicking on it.
• Allos it to install into the default location which is c:\SDFix
• Now please reboot your computer into Safe Mode (see this if you don't know how: Starting your computer in Safe mode )
• When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Attach the Report.txt file to your next message.

[danszczerba]

First of all, thanks for the help. Ok, i think i got rid of win32.Agent.pz, but i still get pop-ups when i visit certain sites. Can you decipher my HJT log? Anything I can delete there? Thanks!!!
p.s.-i live in Germany now, but I from Carmel, Indiana-go hoosiers!!!

[jholland1964]

You ran the SmitfraudFix. I requested the SDFix and linked to it. They are not the same program

[danszczerba]

ooops...sorry, i posted the wrong file. Here is the log you requested with an updated HJT log.

[jholland1964]

To be safe I would like you to go here
Follow the instructions there WITH THE EXCEPTION of the Kaspersky scan portion...the online scanner there does not seem to be available. Do the Panda Scan and if it finds anything allow it to fix whatever is found. Also do one more of the online scans and also the AVG Anti-spy instructions and allow it to fix what it finds.
When you have completed those things then run another HJT scan and post back with the new HJT log and also the results of the Panda scan...don't know if it will give you a log or not, if not please record any items it finds and removes. Also post back with the AVG Anti-spy log
Judy

[danszczerba]

Sorry, but i did all those things BEFORE i posted this thread-is there anything else you can tell me about my HJT log? I believe my win32.Agent.pz is taken care of, but there might be some other stuff to delete. Thanks.

[jholland1964]

We have no way of knowing unless the poster tells us in advance what was run and not run AND posts all the logs requested. Since you feel the trojan is gone then really there isn't more I can or should say. I would guess it was removed by Spybot when you rebooted.
Your Java is way out of date current version is 6. update 3. You should download the latest version from here
I recommend downloading the offline install version. Save to the desktop. Then go offline. Go to Add/Remove and uninstall all previous versions showing there. Once all are uninstalled then install the new version. Once it is installed then go here to verify installation.
Since I have no more info. Only thing that might cause Ie to shut down would be the security settings but even that is doubtful so I really can't give anymore advice since I never saw other logs.
The partypoker program is considered a very questionable program and can bring in some nasty items but other than that I see nothing else.

Have to say...Go Boilers....Go Cardinals since my girls graduated from Purdue and Ball State but we do root for the Hoosiers too...and of course the Irish. Butler Bulldogs are super this year look for them in the NCAA's

[danszczerba]

Thanks alot for you're help. I updated Java and deleted PartyPoker. Can you tell me anything about a trojan called SPR/Tool.Hardoff.A-Antivir tells me this is in my system volume information folder. If I'm not mistaken, that is my system restore-anyway to purge or clean that?

[jholland1964]

It is a part of System Restore. You can reset system restore and then rescan and see if that does the trick. I find this odd that this just turned up and didn't show anywhere in the earlier Antivir scan unless is has to do with the original infection win32.Agent.pz which you said was removed. You never did say HOW it was removed by the way.

I am sorry here but I don't feel I have gotten the whole story in any of this. If this is some sort of game I would like to know. You post here saying that you cannot remove win32.Agent.pz which was found by Spybot. I ask you to run SDFix but you post back with a SmitfraudFix log, which I didn't ask you to run.Then you say thiswin32.Agent.pz is gone but don't say how.Then I ask, to be safe that you run the steps in PhilliePhan's sticky. You reply you ran those steps before posting the HJT log but you never posted any of those logs. Now you post back with the message that Antivir has found this other infection in your System Restore but it wasn't there or found on the machine before and it is not the same one found by Spybot and it wasn't found before by Antivir.
Sorry but I find this all odd and very frustrating.
Go ahead and reset System Restore.