Posted on: 11-08-09 08:03:59
This morning after I checked my yahoo email, I noticed that there a pop up on the screen that said “Infected Trojan.Win32.Agent.azsy. Program is a Trojan. It may steal the password”, etc.
It’s a virus and about 29 items were affected. I don’t know if I have any anti virus software on the PC (it’s from my office). Do I need to change the password for my yahoo mail and how do I get rid off this virus?
KM
If it's a company PC, the best thing is to inform your IT deparment and they will clean up the virus.
Quote:
Originally posted by KumarM
This morning after I checked my yahoo email, I noticed that there a pop up on the screen that said “Infected Trojan.Win32.Agent.azsy. Program is a Trojan. It may steal the password”, etc.
It’s a virus and about 29 items were affected. I don’t know if I have any anti virus software on the PC (it’s from my office). Do I need to change the password for my yahoo mail and how do I get rid off this virus?
KM
This malicious program is a Trojan. It is a Windows PE EXE file.
Once launched, the Trojan copies its body to the current user’s Windows startup directory:
%Documents and Settings%\<user_name>\Main Menu\Programs\Startup\uninstall.exe
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the following system registrykey:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<rnd1>" = "<rnd2>"
3. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
4. Delete the following files:
%Documents and Settings%\<user_name>\Application Data\svchosts.exe
%Documents and Settings%\<user_name>\Application Data\taskmon.exe
%Documents and Settings%\<user_name>\Application Data\rundll.exe
%Documents and Settings%\<user_name>\Application Data\service.exe
%Documents and Settings%\<user_name>\Application Data\sound.exe
%Documents and Settings%\<user_name>\Application Data\upnpsvc.exe
%Documents and Settings%\<user_name>\Application Data\lsas.exe
%Documents and Settings%\<user_name>\Application Data\logon.exe
%Documents and Settings%\<user_name>\Application Data\helper.exe
%Documents and Settings%\<user_name>\Application Data\event.exe
%Documents and Settings%\<user_name>\Application Data\dumpreport.exe
%Documents and Settings%\<user_name>\Application Data\msiexeca.exe
5. Delete all files from %Temporary Internet Files%.
6. Update your antivirus databases and perform a full scan of the computer
or download the tool mentioned at the bottom of this post
http://remove-malware.net/how-to-remove-trojanwin32agentazsy-trojan/
Download AVG free edition and run it.
http://free.avg.com/
In the future, scan everything you download before you 'open' it.
download avast home edition, its free
Nishant, you have shared a good information.
How about trying online scan ... housecall.trendmicro.com??? Though I haven't tried it for a long time...
-----------------------------------------------------------------
ll ਪੰਥ ਕੀ ਜੀਤ ll
"Use Task Manager to terminate the Trojan process"
I am lost. How do I do that?
Quote:
Originally posted by KumarM
"Use Task Manager to terminate the Trojan process"
I am lost. How do I do that?
press CRTL+ALT+DEL together.
I am surprised you haven,t used this in windows before...
But as Freakoutguy suggested, if its company PC, please let the IT dept handle it.
Hiren
Thx Hiren. u r right, I never obsreved the button. click on shut down and that's it.
getting the pc to the office and getting it fixed, a project, takes 2-3 days.
KM
