Trojan.Win32.Agent.rju

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Ok does anyone know how to get rid of Trojan.Win32.Agent.rju

 

It keeps coming back and creating a new file. It goes in my C:\windows\system and has a number then .exe after it. It has obviously slowed the computer down, I have run a separate virus scan and mid way it closes completely. I also had Ad-Aware running and it closed too.. I have even tried to delete instead of quarantining. It is obviuosly creating it from somewhere else. Any ideas on what to do?

Hi Smokeeater

 

 

Please submit the file to Symantec

Malware Submission

I found a pointer in registry :

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Name: comtf

Type: REG_SZ 

 Data: C:\DOCUME~1\<current user>\LOCALS~1\Temp\orz.exe 

 

And that file did exist in that Temp directory.  Have deleted it and waiting to see what comes of it.  It did NOT show up as an infected file, neither did any of the c:\Windows\system#####.exe files that it had dropped in the last two days show up as infected. 

 

After deletion of that file trojan.win32.agent.rju didn't appear to run on reboot.  Time will tell.

 

Just go to that Run key in the registry and get rid of anything suspicious. 

1 Like

Ok

Please keep us posted

Click on this Web Link: http://www.symantec.com/en/uk/security_response/writeup.jsp?docid=2005-042511-1823-99 .

 

It is advised that you only have one Anti-Virus Software Installed on your computer at any one time and other Programs related to what Anti-Virus Progams do.

Message Edited by Floating_Red on 06-18-2008 09:21 PM