Trojan.Win32.Agent.rju

smokeeater · ‎06-18-2008

Ok does anyone know how to get rid of Trojan.Win32.Agent.rju

It keeps coming back and creating a new file. It goes in my C:\windows\system and has a number then .exe after it. It has obviously slowed the computer down, I have run a separate virus scan and mid way it closes completely. I also had Ad-Aware running and it closed too.. I have even tried to delete instead of quarantining. It is obviuosly creating it from somewhere else. Any ideas on what to do?

Floating_Red · ‎05-30-2008

Click on this Web Link: http://www.symantec.com/en/uk/security_response/writeup.jsp?docid=2005-042511-1823-99 .

It is advised that you only have one Anti-Virus Software Installed on your computer at any one time and other Programs related to what Anti-Virus Progams do.

Message Edited by Floating_Red on 06-18-2008 09:21 PM

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Stu · ‎04-08-2008

Hi Smokeeater

Please submit the file to Symantec

Malware Submission

"All that we are is the result of what we have thought"

pjgeek · ‎06-18-2008

I found a pointer in registry :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name: comtf

Type: REG_SZ

Data: C:\DOCUME~1\<current user>\LOCALS~1\Temp\orz.exe

And that file did exist in that Temp directory. Have deleted it and waiting to see what comes of it. It did NOT show up as an infected file, neither did any of the c:\Windows\system#####.exe files that it had dropped in the last two days show up as infected.

After deletion of that file trojan.win32.agent.rju didn't appear to run on reboot. Time will tell.

Just go to that Run key in the registry and get rid of anything suspicious.