Re: Removing Trojan-Spy.Win32.Agent.beaf

[ronusa_com]

I receive the following message from ZA whenever my screen saver comes on. ZA automatically quarantines this virus. How is the best way to remove it.

Thanks!
Ron

Trojan-Spy.Win32.Agent.beaf was found in C:\System Volume Information\_restore{CABC4128-DB31-4141-8BF1-8874E0DA6F79}\RP630\A0131673.exe on 3/10/2010 15:24:46

ZoneAlarm Security Suite version:9.1.008.000
TrueVector version:9.1.008.000
Driver version:9.1.008.000
Anti-virus engine version:8.0.2.42
Anti-virus signature DAT file version:1013602816
AntiSpam version:6.0.0.2383

[GeorgeV]

Quote:

Originally Posted by ronusa_com

I receive the following message from ZA whenever my screen saver comes on. ZA automatically quarantines this virus. How is the best way to remove it.

Thanks!
Ron

Trojan-Spy.Win32.Agent.beaf was found in C:\System Volume Information\_restore{CABC4128-DB31-4141-8BF1-8874E0DA6F79}\RP630\A0131673.exe on 3/10/2010 15:24:46

ZoneAlarm Security Suite version:9.1.008.000
TrueVector version:9.1.008.000
Driver version:9.1.008.000
Anti-virus engine version:8.0.2.42
Anti-virus signature DAT file version:1013602816
AntiSpam version:6.0.0.2383

Malware Clean-up Guidance
NOTE: the steps below works only if you are on the latest versions of ZA (version 9). If you are not, please update.
Try to perform a full Antivirus/Antispyware scan but in SAFE MODE WITH NETWORKING.

1. Set ZA Antivirus/antispyware to "Ultra Deep Scan" under the advanced options of the ZA antivirus/antispyware tab (scan modes);
2. Reboot in SAFE MODE WITH NETWORKING;
3. Manual run ZA (ZA firewall will be OFF but Antivirus/Antispyware will be functional);
4. Run a full ZA AV/AS scan;
5. Reboot in Normal Mode
6. Set ZA Antivirus/Antispyware back to Normal

How to start in SAFE MODE WITH NETWORKING

If the above fails try to clean your system with:

A. Download update and scan with MBAM
WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running
B. Use the superantispyware online cleaning tool --> Here or download, update and scan with superantispyware FREE
WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running
C. Download update and scan with A2 free

Still Problems? Try the bootable CD fromDrWeb

For a final check that your PC is clean run Hitman Pro cloud scanning (the scanner is free not the cleaning)

if ALL the above fails please post your Hijackthis log to BleepingComputer or SpywareHammer

Once you have cleaned the system please remember to purge the windows system restore points. You may be reinfected otherwise.
- Disable system restore (How to disable windows SYSTEM RESTORE);
- Reboot the PC
- Re-ensable system restore

[jorgie]

When virus scanning last night my ZoneAlarm Security Suite came up with 8 of these Trojans and one ending with bdzz.

All seemed to come from a program or programs starting with hp\recoverr\wizard.......

Could that be from Hewlett Packard?

jorgie

[findley]

Quote:

Originally Posted by jorgie

When virus scanning last night my ZoneAlarm Security Suite came up with 8 of these Trojans and one ending with bdzz.

All seemed to come from a program or programs starting with hp\recoverr\wizard.......

Could that be from Hewlett Packard?

jorgie

jorgie,

Suggest that you get expert malware help at bleepingcomputer.com The malware expert will work with you one-on-one providing step-by-step detailed instructions to remove all malware from your computer. Please see Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Findley