Trojan.PWS.Agent.SHZ

Factual Questions
1

Guys,

The above trojan is identifed by Bitdefender, Bitdefender deletes it. Next time I run Bitdefender, Bitdefender identifies it, Bitdefender deletes it …ad nauseam.

I’ve tried to delete the actual file but it just reappears seconds later.
Spybot and Malwarebytes doesn’t detect anything.
I’ve tried booting in safe mode and then deleting the file but it still reappears seconds later.

Trojan is embedded in a file called C:\WINDOWS\rgpo.bed.

I’ve tried googling this trojan but can find nothing specific, Bitdefender’s list of trojans doesn’t name this one as above.

I’m running windows XP professional

anyone? Any ideas? Theories? Vague ideas? Any help would be very gratefully received. :slight_smile:

thanks
Yssy

2

Suggest not booting from YOUR copy of Windows.
Use a bartPE or Linux LiveCD… or similar.

3

How would I go about that? any good websites you would recommend that could talk me through that?

thanks

4

I’d also try using other ant-virus solutions in addition to what you are using; perhaps one of them can get it permanently.

I recommend free AVG and Microsoft’s Windows Defender (also free). It’s happened that Windows defender was able to get something AVG failed to remove.

5

Isn’t the standard operating procedure for virus removal is that you boot your computer in safe mode first, then attempt to delete it somehow?

Seriously asking, I’m very much a n00b when it comes to such things.

6

Thanks for starting this thread, I’m having a very similar problem with a trojan that avg and adaware keep identifying but never actually manage to delete/quarantine/whatever.

I’m trying some of the steps in the “computer questions” thread.

Fingers crossed for you and me both!

7

Ive had a lot of success with this Malwarebytes for stubborn removals.

8

As a last resort, you could post a HijackThis log to a board that specializes in malware/virus removal. I’ve only had to do this once; I was very pleased with the results and response time.

9

I, too, have had luck with that, but for one very serious virus I had to start the computer in safe mode and then run malwarebytes. But it got it.

10

Totally off-topic, but I subscribe to threads to track replies…and that is a very scary subject line to have pop up in one’s inbox. :wink:

11

What I do when I clean out a recurring trojan file by hand is create a directory by that file name. The trojan parent executable probably isn’t set up to delete a directory (as opposed to a file) and put it’s own version in it’s place. You still have to “unwind” things and find the ceator of the file, but it helps reduce the viral load.

Of course, you don’t let your AV software delete it after you make sure it’s still just a directory.

12

try cleaning all the temp files with cleanup! or ccleaner then remove restore on your hard drives. Beasties like to hang out in the restore area. Run HiJackthis and post the results to that forum. Get into safe mode and run Bitdefender (very good av by the way) and Malwarebytes. that should get whatever it is. If you are comfortable with registry then check the run area.
good luck

joe

13

Guys
I knew this was the place, thank you all so much and apologies to Jeep Phoenix for the title of the thread!
I tried AVG (thanks Revtim:)) it was a bugger to install but finally in the wee early hours of the morning it found it AND deleted it!

Huzzah!
Yssy

14

Aww, the title wasn’t really a problem! :smiley: Glad your computer is doing better.

15

Glad to hear that it’s gone! You are very welcome.