Either W32/Agent or Backdoor.Agent.b....Trojan

Discussion in 'Security Software' started by Mike-Thought wife/hacking-Trojan, Oct 28, 2004.

  1. I am having a similar issue as the w32/agent. But, do not know if it is the
    w32/agent or the backdoor.agent.b trojan. Whatever it is it is driving me
    CRAZY. I have tried scanning through F-Prot, Trendmicro websites and have yet
    to find the name of it.
    I can tell that it has st up a alternative network connection I.E. workgroup
    and seems to be using something like netmeeting or ???, it seems to be
    e-sent(ing) items out of my computer, IE, (think) user names and passwords.
    It has set up Telephony through its own connection.
    It appears, like a a RPC, or terminal server. It appears to have an event
    log and a background inteligent transfer setup, it it usig webclient, .
    It has set up a 2nd C-Drive. I am frustrated and clueless. Any help out there?
    Tasks used in Task Manager; that dont appear to be normal,
    svchost.exe
    iexplorer.exe
    crss.exe

    about 5 different
    svcchost.exe
    winlogon.exe
    wpabaln.exe
    lsass.exe
    smss.exe


    Mp->
    I have reloaded XP-3 times and it has saved one of the old user names and
    will not allow me to delete.
     
    Mike-Thought wife/hacking-Trojan, Oct 28, 2004
    #1
    1. Advertisements

  2. I'm confused, how do you know all this? I think you may be mistaken about
    the RPC or terminal server, telephony, event log and BITS background
    transfer, unless you can provide more details. These details do not sound
    like most viruses.
    All those file names sound normal to me, although some viruses use normal
    file names, and determining malware just by file name is not totally
    conclusive. I assume svcchost.exe is really svchost.exe and iexplorer.exe is
    really iexplore.exe You should double-check the spelling very carefully
    before posting, it makes all the difference in what answer you get. The
    former file names I gave are suspicious, the latter file names I gave are
    not. If your spelling was wrong, then I don't see any evidence so far that
    you're infected with anything.

    If you still think you're infected with something, see here:

    http://securityadmin.info/faq.asp#hacked
    Delete what?
     
    Karl Levinson [x y], mvp, Oct 28, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.