Trojan downloader.agent.av

edited August 2004 in Spyware & Virus Removal
I got a trojan downloader.agent.av when installing a downloaded program and the AVG antivirus anounced it. I did all I could but till the moment there are new windows with advertising opening when I am on line. I think I must delete a register key of the Windows XP Professional O.S. Can any friend help me to get rid of this annoying stuf?? I apreciate any answer. All the best.

Comments

  • shwaipshwaip bluffin' with my muffin Icrontian
    edited August 2004
    Check the links at the top of the page, and after updating and running adaware and spybot, download and run hijackthis, available from the first link in my sig, and post a log please.
  • edited August 2004
    shwaip wrote:
    Check the links at the top of the page, and after updating and running adaware and spybot, download and run hijackthis, available from the first link in my sig, and post a log please.

    I did just like you said, but now when I clik a link, it open a new IE window minimized. Maybe a little step more is needed.
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited August 2004
    try this link to get hijackthis:
    http://www.short-media.com/getdownload.php?d=245

    run it, and post a log. to do this, click "save log" and then copy and paste the text as a response to this thread.
  • edited August 2004
    Logfile of HijackThis v1.97.7
    Scan saved at 14:59:39, on 1/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ARQUIV~1\Grisoft\AVG6\avgcc32.exe
    D:\Arquivos de programas\ScannerU\KYESCAN.EXE
    C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    D:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superig.com.br/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/pt-br/srchasst/srchcust.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/pt-br/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
    O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Global Startup: KYESCAN.lnk = D:\Arquivos de programas\ScannerU\KYESCAN.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited August 2004
    boot into safe mode, remove this entry with hijackthis:
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    then delete the file c:\windows\downloaded program files\gbieh.dll

    reboot.
  • edited August 2004
    Did just like you said. It's all right now! Many thanks!

    Paulo
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited August 2004
    glad to hear that. If you have additional problems, please start a new thread.
This discussion has been closed.