PSW Agent H Trojan found

MikeAngelastro · #16 05-06-2004, 02:25 PM

Hi,

I did wait until the process count decreased by one. The processed stopped for only one quarter of a second or less - not long enough for me to change windows and delete the file. Maybe I haven't played enough computer games to be able to wield my mouse quickly enough. Anyway the process I discovered works immediately and without a contest.

Thanks,

Mike

jackk · #17 05-07-2004, 05:09 PM

Another way of stopping sysupd.exe is to go to "run", type "msconfig", and click on the startup tab. There is a line there with sysupd. Uncheck that box, click apply, and restart the system. AVG should take care of the rest. Don't forget to turn off system restore before starting the scan.

Rev. Bruce · #18 05-09-2004, 09:20 AM

I don't know if this works in XP but in windows 98 I just started in safe mode. Then I deleted "sysupd.exe" then "_UPATE.DAT". Fallowed by a reboot and all is just fine now. By the way I would have never known what to deleted if I had not found you guys, Thanks.

windamyr · #19 05-09-2004, 09:29 AM

Hi all,

New here and thought I'd post how I got rid of this stupid Trojan.

I'll admit, I am a technodummy, and have a hard time doing anything beyond the basics on my computer. I spent a week trying to figure out how to cleanse the machine! My kids go to game sites, and I think that's where I got this one, as well as a couple of other nasty bugs!

Anyway, I managed to get rid of all the viruses except this PSW.Agent. H. I did however finally figure out how to do it simply!

Run the computer in Safe Mode, run your AVG virus scan, and guess what? It heals this last bugger without you having to do a thing!

Ahhhh, life is good when you have a clean computer!!

ORHusky · #20 05-09-2004, 11:34 AM

Thanks all for the great info. Was able to get my wife's computer up and running. Where did this one come from and any ideas on how it spreads???

Rev. Bruce · #21 05-09-2004, 06:37 PM

Nice one windamyr, and I thought my fix was simple. The way you did it you don't even have to know what files to look for. I don't think "technodummy" is the right word for you, how about if we say "tech genius in training" instead.

Azn_tweaker · #22 05-09-2004, 06:39 PM

Cartman · #23 05-13-2004, 12:57 PM

Hey ppl, i need help with removing that Agent.H virus! I've tried everything as written in this thread but nothing works:

i've tried searching that sysupd.exe but the only match my computer found was a single sentence in a wordpath of Doctor Norton anti-virus. Howcome??

i've also tried restarting my commputer in save modus and running the AVG programm...but it won't run in save modus!
Howcome?

Anybody has a suggestion? Pleez let me know,
thanx a lot!

Cartman

MrsBuz · #24 05-13-2004, 03:09 PM

Similar problem here, although it is a different variant.
Here's what AVG error looks like:

AVG Resident Shield

Virus
Trojan Horse PSW.Agent.G

is found in file
C:\System Volume Information\_restore(94A30892-E7C1-40C8-805F-6672E94D88B2)
\RP134\A0258820.exe

To remove this virus, please run AVG for Windows

Could not apply the 'fixes' for the "H" variant, probably due to the location of mine being different. Nothing close listed in running processes window.

Any more help?

losinsusan · #25 05-13-2004, 04:20 PM

You need to turn off restore, run the virus checker again and turn restore back on
Instructions here:-
http://virusall.com/remrestore.html
Hope it helps.
Report

Shai_1 · #26 05-15-2004, 05:09 AM

I've tried everything here, but nothing has worked. My problem is that I can't find the file "sysupd.exe". The only file I found was "sysupd" and "SYSUPD.EXE-3B2AF10B". I don't know if either of those are the right files, so I don't want to delete one of them unless I'm sure. Please help me if you can.

Thanks! :-)

Cartman · #27 05-15-2004, 09:41 AM

Hey guys,

i've tried everything, but maybe i did it wrong?:

1st:
i've tried starting wndows up in safe modus (system restore is off!) and run AVG (6.0 free edition)... but it says it uses my hard disk to run...and cant run in safe modus!

2nd:
I wen't to "Startmenu/run" and typed msconfig (as mentioned in one of the threads).
I went to startup (or whatever you guys call it, cuz im dutch)...and disabled that line saying "sysupd ..etc
But...there are two lines containg this filename...and one of them keeps getting activated! (system restore still turned off) So AVG still can't remove it

any suggestions?
Thanx a lot

cmbaetz · #28 05-17-2004, 08:25 PM

Hi all, I found this, and had to come up with a way to fix this on a remote computer. I could not boot to safe mode. this is what worked for me on a Win XP machine. and thanks for all the posts so far, it allowed me to find the files needed.

I tried using taksmgr to kill sysupd.exe, and as other described was not fast enough.

So...
I created an old fashon BAT file with the following commands to kill off the quickly reoccuring program, and then delete the thing.

using notepad enter the following, changing the location of the file to delete if needed, and save it as c:\fix1.bat
-----------------
taskkill /F /IM sysupd.exe
taskkill /F /IM sysupd.exe
taskkill /F /IM sysupd.exe
taskkill /F /IM sysupd.exe
taskkill /F /IM sysupd.exe
taskkill /F /IM sysupd.exe
del c:\windows\sysupd.exe
----------------
Next open a command window by choosing start > run > cmd

from the command window type fix1 and hit enter.

You may have to run it 2-3 times. Took me 2

good luck!

losinsusan · #29 05-18-2004, 09:09 AM

Cartman..I also had two of them running. I did each one separately. Keep deleting it. It comes back up I know. Line up the windows side by side so you can be ready....when the processes finally drops by one. Then you quickly right click and delete the sys file. Do it again for each one there.

Shai_1 · #30 05-18-2004, 10:45 AM

Never mind about what I said, I finally got the virus off. Thanks so much for your help, Pc Master.