Jump to content

Win32.Trojan.Spy.Agent.kb detected by ZoneAlarm Internet Security

Guest Densha188

By Guest Densha188
in Techno Babble

 Share

Recommended Posts

Guest Densha188

Guest Densha188

Posted
Posted

On one of my computers running WinXP Sp2 with Zone Alarm Internet Security

Suite Ver. 7.0.470.000 and ver. 7.0.473.000

Anti-virus engine version 3, DAT file version 9551551049

Anti-spyware engine version 5.0.189.0, DAT file version 01.200805.3945

AntiSpam version 5.0.6.8903

 

After doing a scan with ZA Anti-spyware, it detected

Win32.Trojan.Spy.Agent.kb as a medium level threat trojan. It detected in the

Windows Registry file.

 

RegistryKey:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005

 

After Quarantine and deleting it and doing another scan just to amke sure,

ZA reports no more trojan. But when I shutdown the computer and turn off the

power supply for a few minutes and then turn it back on. Rebooted the

computer and login in. I did another anti-spyware scan and it found that

trojan again in the registry. It seems to come back when it detects an

interent connection. Since I'm on a LAN and it's always connected to the net

via router.

 

So how do I fully get rid of that trojan. I already tried an older backup

image of WinXP I had made back in Dec.2007, but that didn't help. The only

other way I can think of is re-formate to entire computer.

 

Also do you guys think that my other files on the other drives maybe infected?

  • Replies 6
  • Created
  • Last Reply

Popular Days

Popular Days

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "Densha188" <Densha188@discussions.microsoft.com>

 

| On one of my computers running WinXP Sp2 with Zone Alarm Internet Security

| Suite Ver. 7.0.470.000 and ver. 7.0.473.000

| Anti-virus engine version 3, DAT file version 9551551049

| Anti-spyware engine version 5.0.189.0, DAT file version 01.200805.3945

| AntiSpam version 5.0.6.8903

|

| After doing a scan with ZA Anti-spyware, it detected

| Win32.Trojan.Spy.Agent.kb as a medium level threat trojan. It detected in the

| Windows Registry file.

|

| RegistryKey:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

\0005

|

| After Quarantine and deleting it and doing another scan just to amke sure,

| ZA reports no more trojan. But when I shutdown the computer and turn off the

| power supply for a few minutes and then turn it back on. Rebooted the

| computer and login in. I did another anti-spyware scan and it found that

| trojan again in the registry. It seems to come back when it detects an

| interent connection. Since I'm on a LAN and it's always connected to the net

| via router.

|

| So how do I fully get rid of that trojan. I already tried an older backup

| image of WinXP I had made back in Dec.2007, but that didn't help. The only

| other way I can think of is re-formate to entire computer.

|

| Also do you guys think that my other files on the other drives maybe infected?

 

The below is incomplete..

 

HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005

 

There must be MORE to the malware infection. Either this is a False Positive or the ZA ant

malware utility is failing to detect the rest of this Trojan, Win32.Trojan.Spy.Agent.kb .

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David Williams

Guest David Williams

Posted
Posted

Problem with Win32.trojan.spy.agent.kb

 

I just googled the virus,was led to this page, am having the exact same problem.In CA Yahoo Anti-Spy,the virus is called Konvoy B,with absolutely no practical removal instructions that can be understood.Although it could just be my computer,many anti-malware sites and their forums are inaccessible,as well as Notepad.exe and msnmsgr.exe failing on activation,immediately.AntiSpywareMaster is advertised continuously while surfing FireFox,even when in Safe Mode.

I'll help in any ways I can,but please help me get this infection off of my computer.

Just as well,I am running a Vista with Zone Alarm Security Suite with all of the newest updates.

 

Again,I am posting only what I'm told by ZA.

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: Problem with Win32.trojan.spy.agent.kb

 

From: <David Williams>

 

| I just googled the virus,was led to this page, am having the exact same problem.In CA

| Yahoo Anti-Spy,the virus is called Konvoy B,with absolutely no practical removal

| instructions that can be understood.Although it could just be my computer,many

| anti-malware sites and their forums are inaccessible,as well as Notepad.exe and

| msnmsgr.exe failing on activation,immediately.AntiSpywareMaster is advertised continuously

| while surfing FireFox,even when in Safe Mode. I'll help in any ways I can,but please help

| me get this infection off of my computer. Just as well,I am running a Vista with Zone

| Alarm Security Suite with all of the newest updates.

|

| Again,I am posting only what I'm told by ZA.

 

 

 

1. Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

2. Disable Notepad's word wrap:

In Notepad.exe; Format --> uncheck; "Word wrap"

 

3. Download/run Deckard's System Scanner:

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

4. Save the scan results (Main.txt and Extra.txt)

 

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below

expert forums...

 

 

{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

 

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner

Logs.

 

NOTE: Registration is REQUIRED in any of the below before posting a log

 

Suggested primary:

http://www.thespykiller.co.uk/index.php?board=3.0

 

Suggested secondary:

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://www.malwarebytes.org/forums/index.php?showforum=7

 

Suggested tertiary:

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.atribune.org/forums/index.php?showforum=9

http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://forum.networktechs.com/forumdisplay.php?f=130

http://forums.maddoktor2.com/index.php?showforum=17

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.spywareinfo.com/index.php?showforum=18

http://forums.techguy.org/f54-s.html

http://forums.tomcoyote.org/index.php?showforum=27

http://forums.subratam.org/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://aumha.net/viewforum.php?f=30

http://makephpbb.com/phpbb/viewforum.php?f=2

http://forums.techguy.org/54-security/

http://forums.security-central.us/forumdisplay.php?f=13

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest smc

Guest smc

Posted
Posted

David Williams;3761921 Wrote: <span style="color:blue">

> I just googled the virus,was led to this page, am having the exact same

> problem.In CA Yahoo Anti-Spy,the virus is called Konvoy B,with

> absolutely no practical removal instructions that can be

> understood.Although it could just be my computer,many anti-malware

> sites and their forums are inaccessible,as well as Notepad.exe and

> msnmsgr.exe failing on activation,immediately.AntiSpywareMaster is

> advertised continuously while surfing FireFox,even when in Safe Mode.

> I'll help in any ways I can,but please help me get this infection off

> of my computer.

> Just as well,I am running a Vista with Zone Alarm Security Suite with

> all of the newest updates.

>

> Again,I am posting only what I'm told by ZA.</span>

 

 

 

 

[sMC - reply]

Win32.Trojan.Spy.Agent.kb has been an issue with my network. First

indications I had a problem was the inability to "send" email. Email

on two of the computers on the network is hosted on Comcast servers,

who finally killed my email port and my ability to send email due to

the massive amounts of email going through my system. It appears that

this virus opened the door for unsolicited email ("spam") to be sent

through one of the network computers. I've since re-directed email to

be sent through another port and email once again is functional.

 

Both computers are updated daily with the latest ZA virus definitions

and email is scanned inbound and outbound. After running a ZA Spyware

scan, Win32.Trojan.Spy.Agent.kb surfaced on one computer only, this

one running Outlook Express.

 

After quarantined in ZA the trojan re-surfaced during the next scan.

So far I've re-quarantined AND deleted both in quarantine. Another

scan after re-boot showed a clean computer, however I realize the

probability of this returning is still relatively high. -smc

 

 

--

smc

------------------------------------------------------------------------

smc's Profile: http://forums.techarena.in/member.php?userid=50407

View this thread: http://forums.techarena.in/showthread.php?t=974108

 

http://forums.techarena.in

Guest Curtisw

Guest Curtisw

Posted
Posted

Re: Win32.Trojan.Spy.Agent.kb detected by ZoneAlarm Internet Secur

 

I also was warned by ZASuite today about win32 spy agent.

 

Looking in the registry, this is "driver YMAX MagicJack USB Device" which is

my MagicJack internet phone. It has been installed since Christmas and works

fine. I don't know why ZASuite picked it up as a virus today. My computer

seems to be functioning normaly. I will watch my outgoing email activity.

 

 

"smc" wrote:

<span style="color:blue">

>

> David Williams;3761921 Wrote: <span style="color:green">

> > I just googled the virus,was led to this page, am having the exact same

> > problem.In CA Yahoo Anti-Spy,the virus is called Konvoy B,with

> > absolutely no practical removal instructions that can be

> > understood.Although it could just be my computer,many anti-malware

> > sites and their forums are inaccessible,as well as Notepad.exe and

> > msnmsgr.exe failing on activation,immediately.AntiSpywareMaster is

> > advertised continuously while surfing FireFox,even when in Safe Mode.

> > I'll help in any ways I can,but please help me get this infection off

> > of my computer.

> > Just as well,I am running a Vista with Zone Alarm Security Suite with

> > all of the newest updates.

> >

> > Again,I am posting only what I'm told by ZA.</span>

>

>

>

>

> [sMC - reply]

> Win32.Trojan.Spy.Agent.kb has been an issue with my network. First

> indications I had a problem was the inability to "send" email. Email

> on two of the computers on the network is hosted on Comcast servers,

> who finally killed my email port and my ability to send email due to

> the massive amounts of email going through my system. It appears that

> this virus opened the door for unsolicited email ("spam") to be sent

> through one of the network computers. I've since re-directed email to

> be sent through another port and email once again is functional.

>

> Both computers are updated daily with the latest ZA virus definitions

> and email is scanned inbound and outbound. After running a ZA Spyware

> scan, Win32.Trojan.Spy.Agent.kb surfaced on one computer only, this

> one running Outlook Express.

>

> After quarantined in ZA the trojan re-surfaced during the next scan.

> So far I've re-quarantined AND deleted both in quarantine. Another

> scan after re-boot showed a clean computer, however I realize the

> probability of this returning is still relatively high. -smc

>

>

> --

> smc

> ------------------------------------------------------------------------

> smc's Profile: http://forums.techarena.in/member.php?userid=50407

> View this thread: http://forums.techarena.in/showthread.php?t=974108

>

> http://forums.techarena.in

>

> </span>

Guest John Doe

Guest John Doe

Posted
Posted

Re: Win32.Trojan.Spy.Agent.kb detected by ZoneAlarm Internet Secur

 

get rid of ZA, it's clearly useless.

 

"Curtisw" <Curtisw@discussions.microsoft.com> wrote in message

news:F8E398E0-3D8B-49B5-A5F7-E6F770AD84B7@microsoft.com...<span style="color:blue">

>I also was warned by ZASuite today about win32 spy agent.

>

> Looking in the registry, this is "driver YMAX MagicJack USB Device" which

> is

> my MagicJack internet phone. It has been installed since Christmas and

> works

> fine. I don't know why ZASuite picked it up as a virus today. My computer

> seems to be functioning normaly. I will watch my outgoing email activity.

>

>

> "smc" wrote:

><span style="color:green">

>>

>> David Williams;3761921 Wrote:<span style="color:darkred">

>> > I just googled the virus,was led to this page, am having the exact same

>> > problem.In CA Yahoo Anti-Spy,the virus is called Konvoy B,with

>> > absolutely no practical removal instructions that can be

>> > understood.Although it could just be my computer,many anti-malware

>> > sites and their forums are inaccessible,as well as Notepad.exe and

>> > msnmsgr.exe failing on activation,immediately.AntiSpywareMaster is

>> > advertised continuously while surfing FireFox,even when in Safe Mode.

>> > I'll help in any ways I can,but please help me get this infection off

>> > of my computer.

>> > Just as well,I am running a Vista with Zone Alarm Security Suite with

>> > all of the newest updates.

>> >

>> > Again,I am posting only what I'm told by ZA.</span>

>>

>>

>>

>>

>> [sMC - reply]

>> Win32.Trojan.Spy.Agent.kb has been an issue with my network. First

>> indications I had a problem was the inability to "send" email. Email

>> on two of the computers on the network is hosted on Comcast servers,

>> who finally killed my email port and my ability to send email due to

>> the massive amounts of email going through my system. It appears that

>> this virus opened the door for unsolicited email ("spam") to be sent

>> through one of the network computers. I've since re-directed email to

>> be sent through another port and email once again is functional.

>>

>> Both computers are updated daily with the latest ZA virus definitions

>> and email is scanned inbound and outbound. After running a ZA Spyware

>> scan, Win32.Trojan.Spy.Agent.kb surfaced on one computer only, this

>> one running Outlook Express.

>>

>> After quarantined in ZA the trojan re-surfaced during the next scan.

>> So far I've re-quarantined AND deleted both in quarantine. Another

>> scan after re-boot showed a clean computer, however I realize the

>> probability of this returning is still relatively high. -smc

>>

>>

>> --

>> smc

>> ------------------------------------------------------------------------

>> smc's Profile: http://forums.techarena.in/member.php?userid=50407

>> View this thread: http://forums.techarena.in/showthread.php?t=974108

>>

>> http://forums.techarena.in

>>

>> </span></span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...