Big Problem. Persistent new Trojan. Have you scanned using Spybot lately?

13 replies
Hi Warriors,

My Spybot detected a certain Trojan called Win32.Agent.bzs

I haven't scanned my computer for a while, but I'm logging in and out of several important websites.

Is there any risk of someone hacking or knowing any of my confidential information? And would anyone know how dangerous this trojan is?

Thanks,
Michael
#pls #problem #solve #trojan
  • Profile picture of the author Bishop81
    Any trojan could be dangerous.

    To get rid of it, I recommend downloading and installing MalwareBytes Anti-Malware tool. It's awesome!
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[313845].message }}
  • Profile picture of the author Anthony Smith
    BUY A MAC. -end story-
    Signature

    Need help finding affiliates?
    Need a joint venture broker?
    www.jv-brokers.com

    {{ DiscussionBoard.errors[313876].message }}
  • Profile picture of the author Neil S
    I would get MalwareBytes along with SuperAntiSpyware. Those two together you should be able to remove just about any malware.
    {{ DiscussionBoard.errors[314327].message }}
  • Profile picture of the author Michael Lee
    Thanks, guys. I have installed Malwarebytes' Anti-Malware.

    Now I get a message that "Spybot has detected an important registry entry that has been changed."

    Category: System Startup global entry
    Change: Value deleted

    Entry: Malwarebytes' Anti Malware

    Shall I "Allow change" or "Deny change"?

    Thanks,
    Michael
    {{ DiscussionBoard.errors[314694].message }}
  • Profile picture of the author Michael Lee
    Ok, another big problem.

    I deleted it using Spybot. Then I checked using Malwarebytes AntiMalware. It found some unrelated adware but was able to remove them.

    I scanned Spybot again. It found Win32.Agent.bzs. I don't get it. It says previously it has already deleted it, but now that I scan using Spybot, there it is again.

    The bizarre thing is that I checked Antispyware, and it didn't detect a thing. Malwarebytes also didn't detect it. (Does that mean using even 2 to 3 anti-spyware programs won't guarantee you're safe?)

    If anyone has spybot, could I ask a little favor? Could you scan your computer and there are no immediate threats found?

    I researched and found that some people have the same experience I have, and it keeps on appearing after being deleted. Antispyware and AVG also didn't detect it. Could this be a false alarm?

    Would very much appreciate any help.

    Thanks,
    Michael
    {{ DiscussionBoard.errors[314838].message }}
    • Profile picture of the author JamesFraze
      What happens is the junk program has a "loader" version of itself. It could possibly have a "monitor" version too.

      Here is how it might work:
      1. computer boots

      2. loader program copies a file from the temp folder\somerandomname.tmp ... and renames it to yourlogin.exe, loader program exits and hides

      3. services or registry entries fire up looking for the yourlogin.exe program. Once it finds it it starts it ad popups, mail sending, or remote control keylogging (whatever it was written to do).

      4. Your virus/spyware scanner scans the computer and for whatever reason does not find the loader program but AHA! it notices yourlogin.exe program and alerts you to the trojan. - it even offers to delete it for you, which you allow.

      5. You reboot and the process starts over again - it never really gets deleted.

      This is why an update of the programs, reboot, and then put into safe mode (hit F8 while it's booting) is important.

      PM me if you still have issues and I'll try and help.
      {{ DiscussionBoard.errors[375324].message }}
  • Profile picture of the author Bishop81
    Make sure that you turn off the spybot agent (teatimer) before you run the other adware programs, so you don't get prompted with each registry fix/change.

    After installing MalwareBytes, did you update it? When you scan, did you select a full scan of all drives?

    Really, that program should detect and remove it. It's quite powerful. Have you tried loading into safe mode and running the programs? I've had a piece of spyware that would run in 2 location before. When I removed it from the registry, it would re-insert itself. When I stopped the process from running, it would restart. They can be quite tricky sometimes...

    Oh, and to answer your question... Using 2 to 3 programs should keep you safe. One program, however, will not necessarily catch everything.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[315521].message }}
  • Profile picture of the author Lloyd Buchinski
    Avast has a really good scan and remove feature. I had a downloader trojan a while ago that was really dangerous. I did a search on the name after I got rid of it and found stories of people whose computers were just trash after this one got on them.

    I downloaded Avast and when you restart the computer to install the program it provides you with the option of doing a scan half way through the restart, when nothing else is moving. It found 2 problems and deleted both of them, and completely took care of everything.
    Signature

    Do something spectacular; be fulfilled. Then you can be your own hero. Prem Rawat

    The KimW WSO

    {{ DiscussionBoard.errors[376777].message }}
    • Profile picture of the author Eric Lorence
      Start and scan your computer in "safe mode", that should do it.
      {{ DiscussionBoard.errors[376808].message }}
  • Profile picture of the author AgileHosting
    If you Google Win32.Agent.bzs, you will find a number of entries about not only how to remove it, but also reports of "false positives" for Win32.Agent.bzs using one of the anti-malware packages discussed above.

    I'm not trying to sound like a jerk saying "Google it" so please don't take it that way!! There's just a number of resources there that I think might answer your questions pretty well, and also might address why you are getting a positive on the second scan. (?maybe?)

    And seriously, Macs are soooo much easier.

    Bailey
    Signature

    Guacamole.

    {{ DiscussionBoard.errors[376816].message }}

Trending Topics