Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Trojan Horse PSW.Agent.ASOI
Page 1 of 3 123››
February 29, 2012 23:21 Trojan Horse PSW.Agent.ASOI #194166
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
Please tell me why AVG won't remove these Trojan horses!
Help me figure out where I got them, and help me find a way to get rid of them!

Windows version - XP
AVG version - 2012.0.1913
virus db version - 2114/4842
Other antivirus software installed - none
Other protection software installed - none


Additional Info needed for specific problems

Internet connection type - DSL
Who is the provider of your Internet connection - AT&T
Is the email server different from your ISP? - I use both Yahoo and Gmail email services.
Spam filter software installed ?
Firewall software installed ?

Infection file and path -

C:\ProgramFiles\MozillaFirefox\firefox.exe(49917)\memory_04120000
( Trojan horse PSW.Agent.ASOI )

AND

C:\WINDOWS\SYSTEM32|services.exe(952):\memory_01120000[\b]
[b](
Trojan horse PSW.Agent.ARJV )


March 1, 2012 00:00 Re: Trojan Horse PSW.Agent.ASOI #194168
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23811
@ toddpipkin

Memory.. This type of infection can be usually removed by running a scan using updated AVG Rescue CD. Should the infection persist, please provide both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
March 2, 2012 22:08 Re: Trojan Horse PSW.Agent.ASOI #194411
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
Reply..

I downloaded this -- Download Rescue CD (for USB stick) .zip file

Unzipped and tried to install. Got an error message, copied that message to here.

Downloaded Gmer, unzipped it. It ran automatically, before I could change the name of the file as suggested. Took almost two hours!!

I clicked the the "Msinfo output" link, but nothing happened.

Then Firefox crashed, losing the original reply that I was working on, including the text of the error message from WinZip, but I remember it had something to do with WinSystem32.

Took another 2 hours to get my computer to shut down and reboot.

Gmer results attached.

Will try the "Msinfo output" link again, will post results seperately, if results are obtained.
March 2, 2012 22:22 Re: Trojan Horse PSW.Agent.ASOI #194412
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
Reply 2..

Msinfo output results attached.

Password avg
March 2, 2012 22:33 Re: Trojan Horse PSW.Agent.ASOI #194413
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
Reply 3..

AVG full computer scan results, from 3-2-2012, 7:45 AM --

"";"C:\WINDOWS\SYSTEM32\services.exe (952):\memory_01120000";"Trojan horse PSW.Agent.ASOI";"Object is inaccessible."


"";"C:\WINDOWS\SYSTEM32\services.exe (952)";"Trojan horse PSW.Agent.ASOI";""


Started another full scan at 3:49 PM, these results up in 2 minutes. Stopped scan.


"";"C:\WINDOWS\SYSTEM32\services.exe (784):\memory_01160000";"Trojan horse PSW.Agent.ASOI";"Object is inaccessible."


"";"C:\WINDOWS\SYSTEM32\services.exe (784)";"Trojan horse PSW.Agent.ASOI";""

Files also attached, just in case.....

March 4, 2012 03:15 Re: Trojan Horse PSW.Agent.ASOI #194605
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
More info..

Is more information needed to solve my problem?
March 4, 2012 14:05 Re: Trojan Horse PSW.Agent.ASOI #194617
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23811
@ toddpipkin

For your info....

Your posting will no doubt be monitored by the relevant AVG Team. This Announcement post http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=190509 now appears in the 'Information' forum area. Also please bear this in mind.. AVG support.. Weekends / Holidays.. Have a look @ the 1st part of this link http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=159703#post_159703 & the 2nd part of this link http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=188699#post_188699.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
March 5, 2012 15:10 Re: Trojan Horse PSW.Agent.ASOI #194675
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8235
Hello toddpipkin,

this infection seems to be accompanied by a MBR rootkit. Please restore your MBR as described here, using the Recovery console. I've noticed that the system CD may not be available for some of you. In such case, please check whether the Recovery console is not installed on your system by vendor as described in this MS article (How to install the Recovery Console, step 5) and use that avenue. Alternatively, you may be able to install the Recovery console as described here (method 3).

Restoring the MBR using the MBR fix utility as described in the above linked article may not be able to rectify the situation, but it's worth the try in case the recovery console is not available.

Please let us know results (kindly include most recent GMER scan results in case the issue persists after rebuilding your MBR).

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 8, 2012 15:18 Re: Trojan Horse PSW.Agent.ASOI #194934
Reply with Quote | Quick Reply | Top
toddpipkin

Avatar

Novice
Join Date: 29.2.2012
Posts: 14
info..

I followed the instructions given here -- http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=147645

Got to the black screen and typed in MbrFix /drive 0 fixmbr, clicked enter.

Was asked "are you sure". Clicked y then enter.

Nothing happened, other than a new line of print appearing -- C:\temp>

March 8, 2012 16:12 Re: Trojan Horse PSW.Agent.ASOI #194947
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8235
Hello toddpipkin,

In order to find out if MbrFix was successful please provide us with new Gmer outputs.

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
Page 1 of 3 123››