Home > Am I > Am I Infected? Trojan.win32.Agent.unnc

Am I Infected? Trojan.win32.Agent.unnc

Click here to Register a free account now! Jv.E...`"........;.............GET /css/v1412186757/gates/images/bg-secure.png HTTP/1.1 Accept: */*Referer: hXXp://echo.multinstall.com.br/start/?s1=69645f65783d33373337323739352669645f6c633d313126444c5645523d312e352e312e302641444d494e3d31264f535f56455253494f4e3d57696e646f777320585026535041434b3d2053657276696365205061636b2033264f535f4c414e47554147453d456e676c69736826424954533d3332264d41433d30303a30433a32393a36383a31373a424226564f4c3d4138413637413235Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)Host: echo.multinstall.com.brConnection: Keep-AliveHTTP/1.1 200 OKServer: Trans task %d for obj %s ACTIVE fail robj=%s OBJECT ACK failed. net_user=%s net_password=%s m_setoptlist() failed. Source

Click "Appearance and Personalization" and select "Folder Option". Sample D can be considered the main userland module, a control unit that sets up the communication with the kernel module and has the ability to load plugins dynamically during runtime. Update failed =(( Can`t create file. \\.\IdeDrive1\\Plugins\ Can't create file '%s', error %d =(( Create plugin '%s' OK. Why? look at this site

Plugin dll stop failed. It exists mainly for backward compatibility. The analysis of this kernel module by deresz and tecamac is very detailed. ooopppsss...|\n Task not execute.

m_connect() failed. It detects and deletes all infected files, viruses and Trojans from your PC. In sub_200075C0 another POST in HTTP/1.0 to default.asp?act=%u&id=%u&item=%u&event_id=%u&cln=%u&flt=%u&serv=%s&t=%ld&mode=query&lang=en&date=%s follows. So, for complete removal of this destructive Trojan you should use Effective Anti-spyware software.

And here: http://forum.kaspersky.com/index.php?showtopic=13881 Geoffman 3.11.2012 09:25 QUOTE(devima @ 3.11.2012 13:32) a similar problem!Steam AppOverlay.dll Deleted: Trojan.Win32.Agent.unncSteam vstdlib_s.dll Deleted: Trojan.Win32.Agent.unnnYep exactly the same thing here too. Trans task %d obj %s ACTIVE fail robj %s net_password=%s net_user=%s \\%s\pipe\%s frag.tcp %s:%d W|1|%s|%d| %u|%s|%s|%s|%s|%d|%s|%s \\.\IdeDrive1\\Tasks\task_system.txt %u|%s|%s|%s|%s|%d \\.\IdeDrive1\\Tasks\task.txt %u|%s|%s|%s|%s \\.\IdeDrive1\\Tasks\ W|0|%s|%d| W|-1|%s|%d| start T|e|%d| T|s|%d| task_max task_min I|%d| reconstructing block Then, search for all the registry entries related to the Trojan horse and delete them all. http://steamcommunity.com/discussions/forum/0/882964760866085586/ During the installation process, extensive logging is ensuring good visibility on potential installation problems.

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List m_send() WHO failed. but system is stil infected.sorry for my bad english & tanx.this is my hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 02:56:49 PM, on 2007/07/25Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java

I don't know whether to disinfect or not. Please send full details to the Lab, instructions are located in points 1 and 2 of the third important topic located near the top of the Virus section of this forum. not_started|%d Config update success. Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:26 PM]C:\Documents and Settings\kholusi\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [2004-07-22 14:40:00][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"CompatibleRUPSecurity"=1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] C:\WINDOWS\system32\Novell\XtNotify.dll 09/08/2005 04:14 PM 24576 C:\WINDOWS\system32\novell\xtnotify.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 nwv1_0[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527237240-884357618-725345543-1108\Scripts\Logon\]"Script"=VPLOGON.BAT[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527237240-884357618-725345543-1253\Scripts\Logon\]"Script"=VPLOGON.BAT[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group

first 2 times due to other problem ...Click to view attachmentedit: Instructions: Please send full details to the Lab, instructions are located in points 1 and 2 of the third important this contact form And here: http://forum.kaspersky.com/index.php?showtopic=13881 Guill 3.11.2012 08:43 Kaspersky caught 2 trojans last night, turns out both were Steam DLLs. I've added Steam to the exclusion folder until Kaspersky can get it sorted out :/ Steam/L4D2 works fine after adding to the exclusion list. #10 Crode View Profile View Posts 2 After going through the appropriate procedure that my antivirus prompted me to do i did another full system scan and another trojan (Trojan.win32.Agent.unnn) was detected in my steam folder.

And here: http://forum.kaspersky.com/index.php?showtopic=13881Which OS are you using? When the scan is complete choose to save the results as "Save as Text"8. The purpose of the two functions is not clear, yet. have a peek here Dave1001 4.11.2012 02:26 QUOTE(pacli808 @ 3.11.2012 19:45) Hi sorry but I suck with computers, do i reinstall kaspersky?

Antivirus programs scan for viruses trying to get into your email, operating system, or files. Privacy Policy | Legal | Steam Subscriber Agreement | Refunds STORE Featured Explore Curators Wishlist News Stats COMMUNITY Home Discussions Workshop Greenlight Market Broadcasts ABOUT SUPPORT Install Steam login | language rudger79 3.11.2012 16:04 No, just do a manual update: http://support.kaspersky.com/us/kis2013/st...d=208286589#how WrightWords 3.11.2012 21:26 wow that did the trick.

Several functions may not work.

Classification of this document TLP:WHITE information may be distributed without restriction, subject to copyright controls. A|-1|%u|%s|%d| active_con m_send() TASK failed. Now I can't seem to launch it. In the following example, they decrypt (XOR) the strings used to assemble the locations of where to drop the other components of the malware to.

Transport (Type) CIRCL BAE deresz/tecamac tcp (1) x   x b2m (1) x     np (2) x   x enc (2)     x reliable (2)     x frag Hurracane 3.11.2012 12:14 Wow they are quick, nice!Thanks Kaspersky Dev's! Did that this morning and so far all is well.edit: this is fixed, therefore closed. Check This Out The first two are: get_initialization_parameters_create_GUID_and_check_Packet_Capturing() periodic_free_space_check_and_write_log() These serve the purpose of initializing the environment for the malware and running maintenance and log tasks.

Reinstalling did nothing. m_send() AUTH failed.