Trojan Horse Agent AMYU

My AVG antivirus free keeps on displaying a box telling me that I have a trojan horse AMYU. I click the button to remove it, then a few hours later it pops up again. I’ve run numerous anti virus scans, but it keeps coming back, at least once a day. Is there any way to remove it altogether?

Try scanning with malwarebytes

Okay, I’ve tried malwarebytes twice, and both times it crashed my computer.

Any other ideas?

Bump

Any answers?

Most the time, when a malware process keeps reappearing it’s because whatever spawned it has registered itself as a service. Run HijackThis and post the log. One of us who knows how to read it should be able to spot the problematic entries.

AV resident programs have only given me trouble so I no longer run any. Every once in a while I run a web-based AV and the only detections I’ve had in all these years were all false positives. Cookies, Hosts file entries, etc were flagged as infections when in reality they were not infections at all and were, in fact, things I wanted there. Those programs sell by scaring you into thinking they are protecting you from the terrorists.

I am now running ZoneAlarm Pro V6 which includes an antispyware program and which recently detected a Trojan in the latest Flash 10 player which it disabled. It also turned out to be a false positive which, contrary to what the Zonelabs site says, has not been corrected.

So I take all reports with a grain of salt and, after searching for signs of the infection I always find out it was a false positive. YMMV.

Several possibilities. If Malwarebytes crashes, it’s a sign that the malware is wise to it and is trying to stop it.

Try these:

  1. Make sure you computer is properly patched and updated: Go to http://windowsupdate.microsoft.com and install all suggested updates. If you can’t install them, the problem is serious.

  2. Try Super Antispyware. It often works when Malwarebytes is blocked.

  3. Another good cleaner is the Norman Virus Removal Tool. Malware that is aware of other cleaners tend to forget this one.

  4. Try scanning in Safe Mode. You may be able to get Malwarebytes to work that way.

  5. While Hijackthis is a great tool, be aware that malware today knows how to hide from it.

  6. Combofix is another highly regarded tool. I have little experience with it; the warnings make it seem a little tricky.

  7. If none of these run. you probably have a rootkit. That can be a bear to remove (I use Rootkit Revealer to find files hidden from the operating system, then boot the computer on a CD using Bart PE or Windows PE to delete the files. This is tricky without help, though).

Accidental post. My bad.

It seems what Kaspersky reports as AMYU is more widely known as VUNDO
http://en.wikipedia.org/wiki/Vundo
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
http://www.google.com/search?hl=en&safe=off&num=30&q=vundo+trojan