I've just been an idiot, help needed!!!!!

Hi

As the title suggests, i've just been a complete idiot, fool, whatever you want to call me!!

Basically I thought i'd give my anti-virus a little test. I just got the AVG internet security suite full through trialpay, so havn't paid for it. Anyhow, i got this email with an attachment on it, victims.zip. This is the idiotic part, knowing it was an infected file i opened it and ran the victims.exe thinking AVG would pick it up. Guess what, it didn't!!!!!!! I'm just doing a system scan now but i'm not hopefull.

This is the trojan i'm now infected with:

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthqe.html

I've just looked on another page and it says only something like 7 out of 36 av's pick this up.

This is a quote from an article i've found aswell:

"In fact, clicking on the attachment will not open any pictures of the supposed explosion but will instead run a Trojan horse detected by Sophos at Troj/Agent-HQE, which will drop itself as oembios.exe in the System directory on your Windows PC. Once installed, the hackers can use the malware to spy on the victim’s computer and steal information for financial gain."

What is oembios.exe, is it a system file already there or will it be one created by victims.exe.

Whats the best way to rid this.

Anyway, please don't flame me, i was just testing my software!!!!!!!

 

If Sophos has identified this piece of software as a virus, then they likely have implemented a definition of it in their database; their antivirus should be able to clean this up. Download the trial version of their program and run a full system scan while running in Safe Mode (press F8 as Windows boots). Be sure to uninstall AVG before you install Sophos.

 

Try going to Trendmicro.com and running the online scan (Housecall). I believe this should pick it up and remove it for you. It is a free service.

~paul

 

yah, feel sorry for you, one more thing you can try is system restore. I got a virus once looking for a crack for a game I OWN (hey, I hate disks what can I say?) any way I got a little virus that every time I opened a web page tried to route me to another website... AVG didn't get it, but system restore worked perfectly. simple go to a time well before the email was recieved and give it a try.

Good luck man.

 

cheers guys. I'm just downloading sophos now.

I've done a scan and avg hasn't picked anything up, but when i opened up Firefox, it detected a threat which it has done something to!!!!!

Anyhow, sophos has just downloaded so i'll give that a shot.

 

Do not even bother trying to clean it. you will never be certain it is all gone. Format and reinstall immediately.

 

I'm sort of thinking along the lines of re-installing, the reason being is i'm running a scan using sophos and it's picking up files with suspicious behaviour. Now the problem is, in the quarantine section under perform action all it's letting me do is authorize the file!!!! Now why the hell would i want to do that!!!!!

If i did a system restore, would this rid me of the problem, or would it still be lingering on the system, hiding somehwere???

When i've had a virus issue before, no matter what software i used the virus was still there, i had to go into the registry and fiddle about there, and do loads of other stuff. Took me hours to sort out. This time, whenever i try and find out what trojan or issue i've got different places are giving me different trojans etc, so i'm pretty stuffed trying to manually remove it as i don't know exactly what it is!!!!

This will certainly teach me to test anti-virus software!!!!

So, system resore or re-install?????

 

Eaiest thing to do is clean install.

 

Not much help right now, but for future reference, when trying out new systems software (e.g.: OS, FireWall, AV/AS, ...) take a full backup beforehand as a restore is the easiest way out.

 

Well, the scan finished with no success. The file i ran has dropped an a file oembios.exe onto my computer which sophos is having issues with, keeps coming up with access errors when trying to scan it.

I've done a little more research on this file and i think i'll have a nightmare trying to remove it manually, i think it will be quicker just to re-install and start again. I'm not really up for going through the registry and fishing out the bits i need to. Will take me ages to find out where i need to look and what i need to do.

Anyhow, cheers for the advice guys. Big lesson learn't here, don't try and test your anti-virus lol!!!!!

Nightmare!!!!

 

Try using some of the other recommended antivirus programs in Safe mode. If that doesn't work, a System Restore is the next best thing (as posted above). If all else fails, you will have to reformat to get rid of the virus.

 

I've tried a couple of the programs but no success. Issues with accessing the files in question.

My only issue with the system restore, is will these files be left lingering or will the be gone. I know any registry entries made will be gone, but it's the other files it's dropped onto the system.

 

The thing with SR is that it'll replace common system files, namely in the system32 directory. Whether it deletes files that don't belong there is another matter that I am unsure of; then again, the trojan may have infected one of the system files. The only way to see is to try it!

 

Try this - should fix the problem w/o having to reinstall the OS:

http://www.superantispyware.com/

It's free -

 

I've just done the system restore and it seems to have got rid of the oembios.exe file that couldn't be deleted. I am now having other issues, avg (which was on my machine before all this happened) won't show up, vista see's it but it won't load any user interfaces or tray icons. And it says it's out of date.

Also, theres an issue with firefox saying it something about a chrome registration??? I have no idea what this is and it wasn't happening earlier.

 

I would not trust any program to totally clean it. Stop wasting your time and just reinstall. Dont restore, or try and fix it. Just wipe and start over again and take it as a lesson learned.

 

Make a good backup of your important files and reinstall. Some PCs have manufacturer system reinstall that should clear the Windows and Program Files folder and keep your documents (like my old HP).

 

Just gonna re-install as to much stuff is going wrong, don't really like the look of it.

Cheers for all your help.

 

Once you do try Avira or Avast as your AV and SAS or Malwarebytes as your AS along with CFP with D+

 

dude, Try SMITFRAUDFIX ..
it is the last wall of defense on computer security before u give and go for formatting the HDD.

It cleans up the registry also.

Do read the article on how it works... u need to boot in safe mode & execute it.

all these AVG AV's are n00bs when it comes to real defense... NOD32 is slightly better btw.. NOD32 has highest detection rate.

 

According to whom?