trojan horse backdoor.agent.ba virus

[darrenf]

trojan horse backdoor.agent.ba

My AVG anti virus software has detected a virus "trojan horse backdoor.agent.ba" and has located the offending file on my hard drive. However, The AVG software is unable to delete this, neither am I able to delete the file manually.

Have done a search on windows update to see if there is a patch to fix this virus but to no avail.

I am not sure what this virus does exactly but I have noticed my PC running slower recently.

Does anyone know what this is and how I can go about getting rid of it?

Cheers

 

[oatman]

I presume it's quarantined it. Did you run the scan with System Restore disabled?

I found this http://www.computing.net/security/wwwboard/forum/12291.html response 8
Suggest you clean up first with Ad-aware and Spybot .
I'm still looking
here's a good cleaner for your temps/junk files http://users3.ev1.net/~stevengould/cleanup/download.html
also empties your Recycle Bin by default.

 

[darrenf]

Hi

Not sure what you mean by quarantined, but it (AVG) did ask if i would like to place it in the virus vault. I said yes, but AVG was unable to move the file.

When I try to delete it manually, I get the message:-

"Cannot delete reseef: access is denied.

Make sure the disk is not full or write protected and that the file is not currently in use"

(filename is reseef.dll if that means anything to anyone)

In properties, it says that the file is read only. I am able to delete other files with no problem but not this blighter!

Also, not sure what "system restore disabled" option is on AVG. Can't find it on mine (free version)?

 

[Trader333]

System Restore is a Windows option and not AVG. What it does is backs up your entire hard drive to a place that cannot be deleted. So if you have a virus it can be backed up in System Restore and not able to be deleted.

Also it sounds like the file is in use when you are trying to delete it. So the first thing to do is go to
Start select Settings and Select Control Panel
Now select "System" and you will see a tab that says "System Restore" Click on "Turn Off System Restore" you will get a few "Are you sure" boxes but just go ahead and do it.

Re-boot your pc and try running AVG again and if you still are not able to delete this file then find where it is in Windows and reboot to safe mode the locate it and delete it.

One other thing if you do a search for the file using file manager you can often look at the properties and change a "read only" file to not being read only which may also help.


Paul

 

[oatman]

System restore is in XP and ME. I don't know what OS you're running.
I've been searching for this troj and indeed it is a b*gger. The best bet at the moment is that link I posted, Response 8. I don't think any of the scans will do it.

 

[oatman]

I've just discovered this site. Looks interesting.
http://www.mwti.net/antivirus/free_utilities.asp

 

[darrenf]

Thanks for all your suggestions. I am still working through them and it may take me some time.
Will let you know how I get on.

Just one more quick question for the time being (from an IT illiterate), how do I reboot to safe mode?

Many thanks again.

Darren

PS. Am running XP and have found system restore. Switched off/ rebooted/ re ran AVG but still not able to shift it! On to the next suggestion on my list!

 

[oatman]

Safe Mode. Tap F8 while rebooting

 

[darrenf]

Safe Mode. Tap F8 while rebooting

Cheers

Easy when you know how

 

[darrenf]

Grrrrr. This is a pesky little critter.

Have rebooted in to safe mode but when I try to locate the file, it's no longer there.

I know exactly where it is, and in normal mode, it's sat right there.

However, in safe mode, it has just disappeared! Even a file search throws a blank!!

Have tried following instructions in the link provided by oatman (response 8), but the fact that I have no security options and the fact that the file seems to have disappeared are hindering me somewhat!

If any one has any other bright ideas or comes across a downloadable patch to rid me of this, it would be very much appreciated.

To rub salt in to the wounds, I keep getting an AVG pop up window now telling me I have the virus. As if I need reminding!! Doh!

 

[Trader333]

Darren,

You could try uninstalling AVG and downloading and installing Antivir (which in my view is better), and run a full test. Sometimes it will be able to clear it. The link is:

http://www.free-av.com/


Paul

 

[dav10]

use restore from reg on me ,go to start,run type,scanregw /restore, Dont forget to put space after w

 

[dav10]

go to the date before you got the virus

 

[TheBramble]

You could try uninstalling AVG and downloading and installing Antivir (which in my view is better), and run a full test. Sometimes it will be able to clear it. The link is:

http://www.free-av.com/

Seconded. AntiVir is way better than AVG.

 

[dav10]

is this AGV a file or a program ??

 

[oatman]

Antivirus programme http://www.grisoft.com/us/us_dwnl_free.php

 

[dav10]

sorry ,is agent ba A file or a program if it,s a program it should not be a problem to stop it running

 

[dav10]

Thanks oatman

 

[oatman]

Do you know the name of the file?
It seems the file may be "invented" by AVG or only infects AVG.
See No.20 http://www.computing.net/security/wwwboard/forum/12255.html
Uninstall AVG. Put AntiVir on http://www.free-av.com/
Don't go online without protection!

 

[dav10]

sounds good to me