Computer Hope

Software => Computer viruses and spyware => Topic started by: altaprice on June 02, 2009, 08:02:07 PM

Title: Trojan horse agent 2.JCS discovered today
Post by: altaprice on June 02, 2009, 08:02:07 PM

I was so grateful to find this site, and have followed all the steps and created the logs, which I will try to attach. Any help you can give me would be very much appreciated.

I have Windows XP and run AVG 3 times a week. The scan on 5/31/09 was fine, but today (6/2/09) I found three files infected with Trojan Horse Agent 2.JCS. AVG would not remove them because "the moved object is bigger than the archive size limit". All three infected files are in old computer files from my previous computer (copied to this one's hard drive) and are in My Pictures/Sample Pictures. I am sure I don't need those files, so could I just delete them? Would that solve the problem? I wasn't sure, so I didn't do anything.

Following your steps, I removed Viewpoint Manager (remove only) and Viewpoint Media Player. I ran the CCleaner, the superantispyware, and mbam. I had a very old Java, which I updated.

I had not been updating Windows, and the day before I found the infection I went through the process of getting SP3 and also downloaded 2 or 3 optional updates. I wondered if that had anything to do with getting the Trojan Horse.

I am going to attach the mbam log and hijink log.

Superantispyware is at

http://www.filedropper.com/superantispywarescanlog-06-02-2009-19-03-08

Thanks so much! I have to go to bed, but I will check back in the morning.

Alta Price
Bettendorf, Iowa




[attachment deleted by admin]

Title: Re: Trojan horse agent 2.JCS discovered today
Post by: altaprice on June 03, 2009, 06:15:01 AM

Interesting! Concerned that the Trojan might be spreading (I don't even know if they spread), I scanned my computer this morning and it didn't find any infection.

Does that mean the steps I followed yesterday took care of it?

Maybe I am done?

Thanks!

Alta

Title: Re: Trojan horse agent 2.JCS discovered today
Post by: altaprice on June 03, 2009, 06:23:43 AM

Hi again.

I read on the other thread that this trojan is a false positive.

I did try to do the hijack this self help thing last night, and there were 2 things that came up it said I should correct. However, I have no idea how to correct those things, so if you wouldn't mind looking at that for me I would really appreciate it!

No hurry, though. I am not sure if I have "bumped" my thread by posting replies. I didn't understand that part of your directions, and apologize if I am not following them. Even if it puts me to the end of the line, I suspect my problems aren't as severe as others anyway.

Thanks again.

Alta

Title: Re: Trojan horse agent 2.JCS discovered today
Post by: Valeegurl on June 04, 2009, 09:54:27 AM

Re: trojan hoarse agent2.jcs
Posted by: sevcikp - AVG Team (IP Logged)
Date: June 1, 2009 09:53PM

Hello,

no need to sent the file to AVG Tech. We can confirm, that this detection really is false alarm. Update fixing this false is currently being prepared and should be released soon.

Title: Re: Trojan horse agent 2.JCS discovered today
Post by: evilfantasy on June 04, 2009, 11:49:38 AM

Everything looks OK.

You can have HijackThis fix this:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.