Help needed, Trojan horse agent_rG has removed taskbar!

Dani723 · 6 Sep 2008 at 16:20

Hi, my dad accidentally opened a link in an email that gave us this trojan. I removed it with AVG, but only now realise they can regenerate themselves unless you remove them in safe mode. I believe the trojan is called agent_rG. and I couldn't find anything about it with a google search.

Now the PC will boot up, but without the taskbar or desktop icons, only the wallpaper. The task manager can still be used, and the mouse still works.

How can I run AVG antivirus through the task manager? Would this involve using the run bar that can be opened from the drop down menu, and defaults as ms.config?

I tried a system restore with ms.config in safe mode to before when we had the virus. That didn't help. All the programs are still listed as running in the background, so there must be a way to access AVG, right? I can still use safe mode.

We're running Windows XP home edition, SP2.

Thanks all!

PCDave · 6 Sep 2008 at 16:26

to run avg from task manager use run then you need to know the path so something like c:\program files\avg\avg.exe and avg should load

Dani723 · 6 Sep 2008 at 16:40

Thanks. but when I tried that in safe mode, run prompted we the contents of the file, which was reassuring, AVG is definitely installed in C:\program files\AVG. Then it prompted with me with AVG8, but neither C:\program files\AVG\AVG8.exe or C:\program files\AVG\AVG.exe worked

The same also occured in regular mode. I get the message 'cannot find C:\programs'

eXor · 6 Sep 2008 at 17:16

Dani723 said:
Thanks. but when I tried that in safe mode, run prompted we the contents of the file, which was reassuring, AVG is definitely installed in C:\program files\AVG. Then it prompted with me with AVG8, but neither C:\program files\AVG\AVG8.exe or C:\program files\AVG\AVG.exe worked

The same also occured in regular mode. I get the message 'cannot find C:\programs'

Spaces in file paths can cause problems. Did you try wrapping quotes around it?

Code:

"C:\program files\AVG\AVG.exe"

C64 · 6 Sep 2008 at 17:53

in task manager click file / new task browse to whatever you wish to run, also try this http://www.avast.com/eng/avast-virus-cleaner.html

Dani723 · 6 Sep 2008 at 18:00

Thanks C64, actually I found the browse option about 20 minutes ago. I'm now running an AVG scan that says it's specific to safe mode. I really should have known about all this, but I'm somewhat a novice.

I've set it to delete the files immediately, rather than leave in the virus chest, figuring that they're less likely to regenerate this way. I'll let you know if this fixes the problem.

I usually run virus scans every month. Should I always go to safe mode to carry this out, or only do this if a virus/trojan horse/worm has been detected in normal mode?

Thanks all.

C64 · 6 Sep 2008 at 18:05

Use the link I posted too and scan with that, I found avg couldn't remove the last worm I had but avast virus removal tool could, also run avir classic.

Dani723 · 6 Sep 2008 at 18:30

OK, the AVG safe mode scan was set to auto-remove anything it finds. I was expected a report at the end, but didn't get one. I decided to load in normal mode, and, realising the trojan agent_r.G was still in the virus vault, I've deleted it, and am running the scan again in safe mode.

I can't access the internet right now to ge that other virus program, which I use on the upstairs computer already. I think I'll try another system restore after this scan, if that doesn't change anything.

Dani723 · 8 Sep 2008 at 16:13

The trojan agent r_R just regenerates, after trying first removing it with AVG in normal mode, then restarting and removing it in safe mode. I've tried three system restores, one going back over a month, way before my dad accidentally clicked the email link that let it in. I can't find much information about this trojan through google searches, and it's removed internet access, so I can't download avast or any other anti-virus program.

My dad's going to take it to the specialists. Any other suggestions before he does?

Much obliged.

bledd · 8 Sep 2008 at 16:20

try this..

bledd. said:
disable system restore
remove whatever av you've got now

run..

ccleaner slim
nod32 av trial
spybot s&d
adaware
avg antispyware (remove this after)

put firefox on with adblock plus and Easylist subscription (do this on your pc too)

shotgun blast approach, but usually works!

also, get a gmail account instead and use that, 10x better

Mattus · 8 Sep 2008 at 19:09

Might be time for a reinstall of Windows. Could well be less effort than trying to remove the last vestiges of the virus!

Dani723 · 10 Sep 2008 at 19:56

Yeah, we finally found the CD and tried that before calling support. That didn't work either, so it's in for repair.

Thanks for the tips guys!

bledd · 10 Sep 2008 at 20:09

what cd?

why did you send it 'in' for repair?

Dani723 · 11 Sep 2008 at 17:25

The windows installation CD. The trojan is removed, as is the Norton anti-virus program my dad insisted on using. It's a total resource hog, as many of you will know.

Anyway, all sorted, thanks.