Posted by zlatipln on September 25, 2008
It is alerted by popup of your antivirus program: ‘Trojan-Clicker.Win32.Agent.aig’
This means you are infected. This trojan /‘Trojan-Clicker.Win32′/ isn’t very harmful but it is better to get rid over it:
1. Download the latest versions of Zone Alarm
2. Be sure you are with Admin privileges.
3. Disable System Restore:
System Restore
4. Reboot in SAFE MODE /press F8 key during restart./
5. Run Zone Alarm
6. Perform a full Antivirus scan
7. Reboot and start Windows in normal mode.
8. Enable SystemRestore
Posted in AntiSpyCheck, malware, trojan, virus, zone alarm | Tagged: malware remove, safe mode, system restore, trojan, Trojan-Clicker.Win32, virus, zone alarm | Leave a Comment »
Posted by zlatipln on August 19, 2008
I had surfing the net when a red alert in Tray menu started to appear. It read Windows Seciruty has to be updated.
It offered me a site with “XP Antivirus 2008″
As I tought it is Microsoft security center alert, entered the site http://s c a n n e r . a n v i-s c a n n e r . c o m / 3 4 /? a d v i d = 0 0 0 0 0 0 4 6 8 3 & H T T & /Attention – better do not try to open/
When I saw the fake system scanning and $20 price to “clean my system” I quickly left but was too late.
Then Avira Antivir started to alert about viruses detected. The computer became very slow.
I restarted in Safe Mode /F8/ and ran Spyware Doctor – it found more than 20 viruses and 30 infected files. Spyware Doctor cleaned them. I had disabled System Restore in advance. /Important!/
Then ran Avira Antivir again and cleaned 17 trojans.
Open Task manager /alt+ctrl+del/ and stop the following processes:
vav.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
xpa.exe
xpa2008.exe
Then Remove following XP Antivirus 2008 Registry Values:
HKEY_USERS\Software\XP antivirus
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run smrhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c uninstallstring
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c advid
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c automaticallyupdates
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c backgroundscan
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c backgroundscantimeout
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c databaseversion
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c daysinterval
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c domain
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c engineversion
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c guiversion
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c installdir
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c minimizeonstart
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c programversion
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c proxyname
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c proxyport
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c registrationdiscurl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run smrhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c registrationurl
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scandepth
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scanpriority
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scansystemonstartup
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c softid
This way I cleaned my system from that annoying malware.
Posted in Internet, Registry, Software, Windows, XP Antivirus 2008, computer, malware, trojan, virus | Tagged: antivirus, Antivirus 2008, antivirus 2009, safe mode, spyware, trojan, virus, vista antivirus 2008, XP Antivirus 2008 | 2 Comments »
