Jump to content


Photo

Operating memory - Win32/Agent.ODG virus - unable to clean


  • Please log in to reply
14 replies to this topic

#1 PiTaN

PiTaN

    New Member

  • Members
  • 9 posts

Posted 07 May 2009 - 04:49 PM

Hi, when i use NOD32 i keep getting this virus Operating memory - Win32/Agent.ODG virus - unable to clean But nod cant delete it, and mbam dont seem to fint it, i have updatet mbam and scanned but it doesent help anything, what should i do??? here is my mbam log, sry some in swedish but i think you will get it... Malwarebytes' Anti-Malware 1.36 Databasversion: 2089 Windows 5.1.2600 Service Pack 1 2009-05-07 23:46:47 mbam-log-2009-05-07 (23-46-43).txt Skanningstyp: Fullständig skanning (C:\|D:\|) Antal skannade objekt: 95932 Förfluten tid: 7 minute(s), 59 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 6 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken. he is not finding the Operating memory - Win32/Agent.ODG virus - unable to clean that is find by my nod32.. PLEEEEEEEEEEEEEASE help me.. or do i need to buy a new computer or memorys or something?? PLEASE PLEASE PLEASE help me i would be so greatful!!!!

#2 Tx Redneck

Tx Redneck

    Tx Redneck- The Spam Hunter

  • Anti-Spyware Brigade
  • 5,289 posts
  • Gender:Male
  • Location:On the straight and narrow,stumbling at best, only by Gods grace.



Posted 07 May 2009 - 06:39 PM

You'll have to check the items found then allow it to remove them.

God will not save you from that which he will perfect you through. Dr Voddie Baucham
If more people would get a divorce from themselves, they might learn how to live happily with someone else.

 


#3 PiTaN

PiTaN

    New Member

  • Members
  • 9 posts

Posted 07 May 2009 - 06:46 PM

How do i allow it to clean it? i have done the scan, then after i pushed results then delete all.... do i have to do anything else to allow it remove? i have the free version does it matter ?

#4 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 08 May 2009 - 03:53 AM

Hello'PiTaN :wp:

Lets try this> Please download and install SUPERAntiSpyware Home Edition (free edition)
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.
Next do the following >>

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • After that click on Security level (1) then choose Customize (2) then click on the tab that says Heuristic Analyzer (3) then choose Enable deep rootkit search (4) and then choose OK.
    Posted Image
  • Then choose OK again to go back to the main screen and click the Scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
If the above still does not remove your Vundo infection, I highly advise to use HJT. To use HJT follow this closely:

Download HJT from Here
You can read what HJT is an does Here


Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on Edit-> Select All then click on "Edit -> Copy" to copy the entire contents of the log.
Next, Go to this forum Here to start a new thread right click and Paste your log there.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

After you post the log an are getting help from our TrustedAdvisors do nothing else to your pc until they have completed the clean up process. Please be patient once you post the log in our HJT forums as they are very busy, they will take your case ASAP. :)


Wademan

Edited by Wademan, 08 May 2009 - 04:53 AM.


#5 PiTaN

PiTaN

    New Member

  • Members
  • 9 posts

Posted 08 May 2009 - 05:01 AM

superantispyware makes my computer reboot in the middle of the program, can i do the same thing but use mbam ???

#6 PiTaN

PiTaN

    New Member

  • Members
  • 9 posts

Posted 08 May 2009 - 05:13 AM

here is my mbam log.. some keywords in swedish (sry 4 that) but ill think u get it Malwarebytes' Anti-Malware 1.36 Databasversion: 2091 Windows 5.1.2600 Service Pack 1 2009-05-08 12:12:23 mbamlog Skanningstyp: Snabb skanning Antal skannade objekt: 77946 Förfluten tid: 3 minute(s), 17 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 9 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04042010-84bb-411a-a366-f411f2c81e65} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{04042010-84bb-411a-a366-f411f2c81e65} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken.

#7 PiTaN

PiTaN

    New Member

  • Members
  • 9 posts

Posted 08 May 2009 - 05:24 AM

everything is done and i posted my logs from mbam, now im going to safe mode and trying Kaspersky Virus Removal Tool

#8 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 08 May 2009 - 05:29 AM

Hello,
Katana is now helping you in our HJT forum, Follow Katana's advice an do nothing else until Katana gives you the "green Light", meaning your 100% clean. This means stop the Kaspersky scan and Follow Katana's advise, and stick to it. :)


Wademan

Edited by Wademan, 08 May 2009 - 05:44 AM.


#9 noonie

noonie

    New Member

  • Members
  • 8 posts

Posted 14 May 2009 - 07:23 PM

Gday All I too have been afflicted with operating memory win32/rootkit.agent.odg trojan Kapersky could not find it Superantispy did not remove it Malwarebyte run remotely did not remove it Would appreciate further suggestions Thanks

#10 caintry_boy

caintry_boy

    Folding for Mama and Daddy

  • Moderators
  • 21,476 posts
  • Gender:Male
  • Location:Kansas



Posted 15 May 2009 - 07:39 AM

Gday All
I too have been afflicted with
operating memory win32/rootkit.agent.odg
trojan

Kapersky could not find it
Superantispy did not remove it
Malwarebyte run remotely did not remove it

Would appreciate further suggestions

Thanks

Post a HiJackThis log in this forum > http://forums.pcpits...hp?showforum=25

Instructions for running HJT:
Download the program to it's own folder in a safe place. Open it and select to "scan and save a logfile". Do Not Have HJT Fix Anything!!
After the scan it will open the log in Notepad, copy/paste the contents in the above mentioned forum.



:geezer:

Heatware
How To Post A Test
Daniel 5:23 Instead, you have set yourself up against the Lord of heaven. --- You praised the gods of silver and gold, of bronze, iron, wood and stone, which cannot see or hear or understand. But you did not honor the God who holds in his hand your life and all your ways.


#11 noonie

noonie

    New Member

  • Members
  • 8 posts

Posted 21 May 2009 - 09:27 AM

Post a HiJackThis log in this forum > http://forums.pcpits...hp?showforum=25

Instructions for running HJT:
Download the program to it's own folder in a safe place. Open it and select to "scan and save a logfile". Do Not Have HJT Fix Anything!!
After the scan it will open the log in Notepad, copy/paste the contents in the above mentioned forum.
:geezer:

Mr Caintry_boy
Have run HiJack This log, OT List Log and another resit log. Will post all as instructed in forum=25 as instructed.
Your instructions in reply greatly appreciated

Noonie :)

#12 noonie

noonie

    New Member

  • Members
  • 8 posts

Posted 21 May 2009 - 10:10 AM

Mr Caintry_boy
Have run HiJack This log, OT List Log and another resit log. Will post all as instructed in forum=25 as instructed.
Your instructions in reply greatly appreciated

Noonie :)


Hope I have given you all the reports. Not sure if all were copied in their entirety. Please let me know if the logs seem complete . If not tell me which ones are incomplete and I will try again
'
Tks

Noon ie

#13 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 21 May 2009 - 05:17 PM

Hi Noonie,
Katana is now helping you in our HJT forum, stick to Katana's instructions totally, do nothing else until Katana is finished with your case. :) an PiTan your case in HJT is NOT finished, stick to it, also Noonie, in the future please do not take over someone's thread. Make your own. Thank you. :)

Wademan

Edited by Wademan, 21 May 2009 - 05:40 PM.


#14 noonie

noonie

    New Member

  • Members
  • 8 posts

Posted 22 May 2009 - 01:00 AM

Hi Noonie,
Katana is now helping you in our HJT forum, stick to Katana's instructions totally, do nothing else until Katana is finished with your case. :) an PiTan your case in HJT is NOT finished, stick to it, also Noonie, in the future please do not take over someone's thread. Make your own. Thank you. :)

Wademan

Please forgive me I am new to this and as yet do not properly understand the etiquette and rules. Perhaps you can assist
I was having difficulty in having this section of the screen accepting the reports generated by Hijack THis, the other program that ran hijack this and the report begining OT something
Can you help me confirm that Katana has received all the necessary reports to help. I am not attempting any moves to cleanse the trojan until I hear from Katana

#15 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 22 May 2009 - 03:23 AM

Hello Noonie,
katana IS helping you in our HJT forum, Katana will tell you what else needs to be done..stick to it. Ask Katana for everything else until you are full cleaned. :)

Wademan

Edited by Wademan, 25 May 2009 - 06:02 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users