Tuesday, September 7, 2004

Giddy-up

How's my evening going?  Glad you care to know.

Twenty-two adware busts and seven five viruses scrubbed from the coffers of this ill-behaving PC.  

Gone from Ad-Aware 6.0 to Spybot S&D 1.3 to AVG.  Still need a personal firewall from Sygate.  And my brother recommended www.helponthe.net rather than wailing at him through my cellphone about this fine tangle.

But I still can't get a handle on BackDoor.Agent.2.H.  Sneaky trojan horse, that one.  Two instances of it will have to sit stable for now.  Behave!  I teach in the morning, and I'm flat out of time for battling tech villains. Granted, I could have been more careful to see that everything was properly calibrated when the Road Runner folks departed.

Bookmark and Share Posted by at September 7, 2004 10:33 PM to Slouching Toward
Comments

Ya. During my dsl crisis, I spent time scrubbing spyware and crap off the hardrive. Need to pay better attention when I'm runing the PC.

Posted by: jeff at September 8, 2004 9:52 AM

Had a run-in with a variant of the same trojan. I use AVG, Spybot S&D, & AdAware (all three, yes--AVG gets the nasties, and Spybot & AdAware for all the dreck. One will often get stuff the other misses). If you're on a broadband signal & have an external router box, Sygate is probably redundant, though it's a good piece of software, and easy to use.

Posted by: MisterBS at September 8, 2004 11:26 PM

Running a clean MS system is like keeping the kitchen tidy: impossible. Still can't get the damn trojan off the machine. It's running fine; I'm just paranoid.

The Adaware, Spybot, AVG threesome stacks up well, I agree. I need a router (at least a two wire system, although wireless would be nice), so Sygate will serve an immadiate purpose. I've got PC-cillin running right now, but it's been acting up, too. I'm probably kidding myself if I believe this system will ever run smoothly again, eh?

Posted by: Derek at September 9, 2004 11:05 AM

I've gotten to the point where I'm -||- (this) close to chucking the whole damn Windows beast and diving into linux. I could still run Windows on a virtual platform for the must-have applications that need windows, but much of the rest of this horsepucky would be gone. Short of a clean reinstall of Win2k here, I don't think the recent trojan on top of nagging system instability issues makes for a good long-term prognosis.

Posted by: MisterBS at September 9, 2004 7:36 PM

I'm picking up a handful of search hits for BackDoor.Agent.2.H., so I thought I'd post my solution.  Here's what worked:

1.  At the AVG site, download the "New Removal Tool" dated July 19, 2004.  It's the one with BackDoor.Agent in the list of fixes. 2.  Change the filename from vcleaner.exe to something else.  Gogetum.exe or badtrojan.exe or whatever.exe. 3.  Right-click on "My Computer," select Properties, and disable all system restore functions (you'll need to reboot, but make sure you have Sygate Personal Firewall running first).  4. Download and install Sygate Personal Firewall. 5. Reboot in Safe Mode.  Execute the removal tool (formerly vcleaner.exe).  When I ran it, it churned through the directories and iced BackDoor.Agent.2.H. 6. Regular reboot.  Set Sygate to block all (or, at the very least, designate the firewall to deny all unknown connections). 7. Run a full scan with AVG.  The trojan should be removable or healable with this scan. 8.  Repeat to step three, this time activating the system restore.  9.  Reboot.  Worked here.

Why?  My best guess is that BackDoor.Agent.2.H. was running through the always-on sys restore sector *and* running an outgoing data mine (or something), which wasn't being picked up by a firewall setting preoccupied with incoming stuff only. The vcleaner.exe rename was vital, as well. When I ran the cleaner the first time, it didn't do the trick.

Posted by: Derek at September 14, 2004 6:34 AM

I have Windows 98SE. I just received a notification from AVG that I have the trojan horse backdoor.Agent.2.H. Before I follow the instructions in the most recent post, I thought I would look at where I go to disable the system restore functions in My Computer. Maybe it's because I have 98SE instead of XP, but when I right click on properties I don't see anything that says system restore functions. The closest I get is 'system devices' under 'device manager'. What should I do? And what does this trojan horse do to my computer?

Posted by: blue at September 14, 2004 7:24 PM

I should have mentioned that I was on XP. Here's a brief discussion about the absence of a sys restore (de)activation in your OS, but I don't know much more about it than that. Depending on the trojan's resident directory, the removal tool and the cleanup--in succession--might be enough to do the trick. Certainly's no harm in trying it that way, as far as I know. I tried to remove the trojan several times before I was successful and it didn't seem to have any harmful effect.

As for the specific work of BackDoor.Agent.2.H., I have no idea. As I understand them, trojans can mine user-end data (passwords, etc.), enable app hijacking, and function as viral time-bombs set timed intereferences. But I shouldn't even say that much, since I really have very little knowledge about trojans, viruses and whatnot.

Posted by: Derek at September 14, 2004 8:20 PM

hey i have that trojan backdoor agent thing, and i followed your directions but when i was running the renamed vlceaner thing, it scanned thru all of my files and then it just closed. that was weird. and also, it says my virus is in C:/System Volume Information/(somthingsomething). now where the heck is that cuz i dont see it when i look on the c drive.

Posted by: ruz at October 14, 2004 5:44 PM

Hmm. Beyond the instructions I posted here--ones that worked for me--I'm not too sure what to suggest. You might not be able to see the folder if Windows is set to conceal system folders. That's basically a user protection, though, and so it shouldn't impact the AVG scan. I know it's tedious, but I'd suggest rebooting and attempting the scan another time. Also, if I remember right, AVG self-closed when the system restore was on and also when I ran the process in normal mode rather than safe mode.

Posted by: Derek at October 14, 2004 6:00 PM

ooo ok thanx. i see where i might have messed up. one more silly question: um, how do you reboot in safe mode?

Posted by: ruz at October 16, 2004 3:36 PM

Throughout the restart, mash F8 three or four times or until the system presents you with the option of booting in safe mode or usual mode. You don't have to hit the F8 key quickly or repeatedly, but I usually press it three or four times to be sure the system picks up on my wish.

Posted by: Derek at October 16, 2004 3:55 PM

wow really? ok thanx

Posted by: ruz at October 16, 2004 4:09 PM

Ya........... I have had scary bad experiences with Sygate, and I refuse to use it.

My stupid sister did something to my machine, the only computer Running Window$ in the house (I got 2 Linux boxes and a Mac)

AVG told me i had that virus and another, but i deleted internet caches and ran AVG and it only found backdoor. So thankfully the other one was deleted along with my net cache. I would really like to know: By now, anyone noticed any problems with the "trojan" on there system?

I have had instances where i had some .dll virus codes on my drive, and nothing had happend within a month, but i have no clue about this one.

Posted by: Henry at October 30, 2004 12:52 AM

Sygate seems to act up from time to time. But it's probably my own fault. I haven't taken the time to calibrate the settings; instead, I click through all the pop-up permissions requests each time I'm online. I've set a few of the regular ones, but many others ask each time.

According to AVG, all's been well (read virus-free) for two+ months, and the sys has been running as well as it ever did.

Posted by: Derek at October 30, 2004 8:05 AM

hi guys backdoor agent.2.h is troubling me any permannet solution please tell me.


qawi

Posted by: qawi at December 4, 2004 1:03 AM

Everything I know about the virus is posted here, and as far as I can tell, the solution has been permanent. Of course, on a PC it's never easy to tell whether a virus is dormant or I'm just running crappy software; the OS goes awry like clockwork.

Posted by: Derek at December 4, 2004 9:03 AM

recording from a cassette ,tv ,or any other source,does it require a separate sound-video card?do the programmes(all sound recorder,mid audio recorder) available in the net wrok for this purpose?

Posted by: qawi at December 5, 2004 3:39 AM

Dunno, qawi. Depending on the card you have, a separate card might or might not be necessary--all depends on what you have and what you want to do. As for the software, I've read mostly favorable reviews of Audacity. I haven't tried it out yet.

Posted by: dmueller at December 6, 2004 12:38 PM