Dwight Watt - Watt Thoughts #130 8/9/2006

#130 - Trojan Horse BackDoor.Agent.BA virus fix

If you get a Trojan Horse BackDoor.Agent.BA virus message from AVG that it then says it cannot heal or quarantine here is the fix I found works. Even using the latest version of AVG free edition with latest definitions (as of 8/8/2006) still find virus but cannot fix. Norton/Samantec will actually remove the virus but never shows any more problems with the file. AVG continues to see the file as virus.

The message will identify the file including folder. The virus messes up the properties so if you try to delete the file (in normal or safe mode) you will get a permission error.

If you have System Restore enabled, disable it (this is done by right clicking My Computer, choosing Properties and using System Restore tab.

Move the file (typically a .dll file) from the directory where it is (typically SYSTEM32 in WINDOWS) to the root directory on C drive (C:\). Rename the file with a different extension such as OLD

Now shutdown and bring the Windows back up in SAFE mode (pressing F8 at as your machine gets ready to load Windows will give menu with this option). Logon as Administrator or with account that has administrator rights. Go to the C drive. Create a new folder and name a name you will recognize in next step.

Move the file from the root folder to the new folder. Right click the folder and choose Properties. Uncheck all the attribute boxes (HIDDEN, SYSTEM, and READ). Close the property windows using the OK buttons. Now delete the folder. Delete it from the RECYCLE BIN.

If you had System Restore on originally turn it back on.

Restart in normal mode and you are done.



This is a little article I am doing across the Internet. I try to write several times a month on a variety of subjects. It may be religious at times, political at times, and at other times just my reactions on something happening out there. It will often be like an op-ed article. If I do what I intend, you will at times want to shout I agree, other times you will want to say Dwight has really lost it now, but most importantly I want to challenge you to think. Feel free to forward this to others. If you don't want to get this e-mail let me know. Feel free to use what you read from me, but I request you give me credit and send a tear sheet. Thanks.

If you would like to receive it and you are not on my mailing list, you can subscribe at www.yahoogroups.com or send me an e-mail requesting a subscription. You can find past issues on my home page at http://www.dwightwatt.com/articles/articles.html (c) 2006 by Dwight Watt