Trojan Horse Agent 2JCS cannot be removed--please help!

[Drd]

Hello: Last night I received a warning from my AVG Anti-Virus Free security that the computer was being attacked. I did a scan and found that there were two infections:
Both were Trojan Horse Agent 2JCS. One was lodged here:
C:\\Windows\System32\dllcache\logagent.exe  That was "removed and healed"
Another was lodged here:
C:\\Windows\system32\logagent.exe  This is listed in the AVG as "not healed" . When I click on the "infections" tab in the scan report, it says, "Object is white listed critical system file that should not be removed.

 So what happens next?  How do I get rid of the infection? Is it safe to keep using the computer when the infection hasn't been dealt with?

 I'm using XP professional, version 5, service pack 3. I usually use a Firefox browser, although I also have IE on the system.

Thanks for your help.
In peace
Dr. D.

[Karnac]

How do I get rid of the infection?

You need to go here....http://www.computerhope.com/forum/index.php/topic,46313.0.html

Follow the guidelines, post the logs and a specialist will assist you in turn......

[Drd]

Do I have to go through all of this, even though I know what the Trojan horse is and where it is?

Thanks
Dr. D.

[Drd]

Anyway, I started. In the added programs, the only suspicious thing is a "file manager" program that I don't remember installing. It may belong to my son, though, who  has some of his mobile files here.  Should I delete it or not? How can I find out where it is in my computer and look at the files in it to be sure?

Thanks

Dr. D'Elia

[Karnac]

You may have far more malware infections than you are aware of.......Delete nothing, post your logs and evilfantasy will assist you in turn.

[Drd]

Thanks: I already did the CC cleanup and deleted some cookies. no harm done I think. I'm onto the superspyware next. 
I'll proceed and keep in touch at every stage.

 Cute monkey!

Thanks a lot.

In peace
Dr. D.

[dgreene99]

I received the same warning in the last few minutes from AVG...  no fix suggested and it was found in the windows svchost.exe file...

[Drd]

I just did the superspyware check and they didn't find anything. Yet, I got the popup from AVG again saying that I had that trojan that I mentioned and that it was in a "white file" and shouldn't be removed.

  Is this some new virus that superspyware check couldn't find?  {I did the update before running it?} Or something going on with AVG, or....?

Thanks

Dr. D'Elia

[Drd]

 FYI: Here is the log from super antispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2009 at 09:20 PM

Application Version : 4.25.1012

Core Rules Database Version : 3917
Trace Rules Database Version: 1861

Scan type       : Complete Scan
Total Scan Time : 00:40:57

Memory items scanned      : 594
Memory threats detected   : 0
Registry items scanned    : 7160
Registry threats detected : 0
File items scanned        : 116464
File threats detected     : 0


thanks again. Should I continue?

In peace

Dr. D'Elia

[Karnac]

Should I continue?

Yes , continue until evilfantasy steps in to assist you.

[Drd]

Malwarebytes' Anti-Malware 1.37
Database version: 2208
Windows 5.1.2600 Service Pack 3

6/1/2009 10:11:14 PM
mbam-log-2009-06-01 (22-11-14).txt

Scan type: Quick Scan
Objects scanned: 82835
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Drd]

I went to the next step, which is the Java update and got the message "export denied". I don't know what to do next. Thanks. I hope Mr. Evil Fantasy comes here soon!

In peace

Dr. D'Elia

[evilfantasy]

At what point did "export denied" happen?

[Drd]

You're here!!!!!!!!!!!!!!

First it checked for my version, then said that I need a new version, then I check on upload now, and then the whole thing goes white and in the corner is written "export denied".

Thanks

Dr. D

[evilfantasy]

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.