1 Reply Latest reply: Dec 29, 2009 12:31 PM by Grif RSS

    Can't Quarantine or Delete a Trojan

      McAfee virus scan has detected a trojan "Spy-Agent.bw!mem" this cannot be quarantined or deleted. It is listed by McAfee as 

      being in C drive system 32 winlogon.exe

       

      I have had support from McAfee and it still cannot be quarantined or deleted!!

       

      Does anyone know how to either how to delete or what to do to get rid of the trojan??

        • 1. Re: Can't Quarantine or Delete a Trojan

          First, please note that if "winlogon.exe" is truly infected and the tools below remove the infected file, instead of cleaning it, then you'll need to replace the file by using the Recovery Console or running a repair install. The computer will not logon correctly till that file is replaced. Still, the programs below "usually" clean things correctly and fix the issue. It would sure help if you could tell us your operating system and whether you have your operating system disc handy.

           

          That said....Please try this:

           

          Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

           

          First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
          There are 4 different versions. If one of them won't run then try to run the other one.
          Vista and Win7 users need to right click and choose Run as Admin
          You only need to get one of them to run, not all of them.

           

          Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
          Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
          Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
          Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
          _____________________

           

          IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

           

          Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

           

          Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
          http://www.besttechie.net/tools/mbam-setup.exe

           

          Malwarebytes Manual Updater link
          http://www.malwarebytes.org/mbam/database/mbam-rules.exe

           

          Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

           

          SuperAntispyware
          http://www.superantispyware.com/

           

          SuperAntispyware Manual Updater
          http://www.superantispyware.com/definitions.html
          ____________

           

          In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
          _____________________

           

          Hope this helps.

           

          Grif

           

           


           

           

          Message was edited by: Grif on 12/29/09 10:31:08 AM PST