Hello,
My computer is infected with win32.worm.agent. Ad aware can not remove Malawarebytes and do not recognize. please Tell me What Can i Do To remove it Thank you very much for Helping Me for replies , and also Im Using Windows vista Computer .
Hello,
My computer is infected with win32.worm.agent. Ad aware can not remove Malawarebytes and do not recognize. please Tell me What Can i Do To remove it Thank you very much for Helping Me for replies , and also Im Using Windows vista Computer .
When first run, this malware will drop the library files related to E programming language in %TEMP%\E_4\ folder. Later, these files will be copied in %SYSTEM% folder with hidden attribute set. A copy of this worm will be created in %SYSTEM% folder under the name XP-D41D8CD9.exe along with the following registry key which will make this file to be run at every system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name : XP-D41D8CD9.exe
Value: %SYSTEM%XP-D41D8CD9.exe
A link to this file will be added in the Startup Menu under " iiiiii ".
Next, it will drop og.dll, og.EDT, ul.dll in %SYSTEM% folder. These files are note executable, they contain only some crypted data. At every 30 seconds it will check for removable drives and if found, it will copy itself under Recycled.exe and create the autorun.inf file that will run that copy.
You Can use Bitdefender to Delete this Virus
First back up all data to a CD or DVD then if you feel confident, if you dont 't have another one to try , Use Windows Explorer , not Internet Explorer, to locate the file that you want to delete and write down the path to the file
Then hold down the "windows" key and press R In the box that comes up type cmd and press enterAt the prompt type cd .. ( include the two dots) and press enter you may have to do this ( cd ..)a number of times until you get to C:> then type in the path to the directory above the file ie the complete path up to the \ less the file name This puts you in the directory that that the file is in Now type del filename.PZN or whatever the file name is and again press enter
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the worm process (it may be called "Netsvcs.exe").
- Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following parameters from the system registry ( download a trial version of Kaspersky Anti-Virus).
Step 1 :
- Use Windows File Search Tool to Find Win32.Agent Path
- Go to Start > Search > All Files or Folders.
- In the "All or part of the the file name" section, type in "Win32.Agent" file name(s).
- To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
- When Windows finishes your search, hover over the "In Folder" of "Win32.Agent", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Win32.Agent in the following manual removal steps.
Step 2 :
- Use Windows Task Manager to Remove Win32.Agent Processes
- To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
- Click on the "Image Name" button to search for "Win32.Agent" process by name.
- Select the "Win32.Agent" process and click on the "End Process" button to kill it.
- Remove the "Win32.Agent" processes files:
- ssk.exe
- sskupdater.exe5102.exe
- ssk.exe
- 5102.exe
Step 3 :
- Detect and Delete Other Win32.Agent Files
- To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
- Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
- To change directory, type in "cd name_of_the_folder".
- Once you have the file you're looking for type in "del name_of_the_file".
- To delete a file in folder, type in "del name_of_the_file".
- To delete the entire folder, type in "rmdir /S name_of_the_folder".
- Select the "Win32.Agent" process and click on the "End Process" button to kill it.
- Remove the "Win32.Agent" processes files:
- sskupdater.exe
- ssk.exe
- 5102.exe
Bookmarks