Dwight Watt - Watt Thoughts #130 8/9/2006

#130 - Trojan Horse BackDoor.Agent.BA virus fix

If you get a Trojan Horse BackDoor.Agent.BA virus message from AVG that it then says it cannot heal or quarantine here is the fix I found works. Even using the latest version of AVG free edition with latest definitions (as of 8/8/2006) still find virus but cannot fix. Norton/Samantec will actually remove the virus but never shows any more problems with the file. AVG continues to see the file as virus.

The message will identify the file including folder. The virus messes up the properties so if you try to delete the file (in normal or safe mode) you will get a permission error.

If you have System Restore enabled, disable it (this is done by right clicking My Computer, choosing Properties and using System Restore tab.

Move the file (typically a .dll file) from the directory where it is (typically SYSTEM32 in WINDOWS) to the root directory on C drive (C:\). Rename the file with a different extension such as OLD

Now shutdown and bring the Windows back up in SAFE mode (pressing F8 at as your machine gets ready to load Windows will give menu with this option). Logon as Administrator or with account that has administrator rights. Go to the C drive. Create a new folder and name a name you will recognize in next step.

Move the file from the root folder to the new folder. Right click the folder and choose Properties. Uncheck all the attribute boxes (HIDDEN, SYSTEM, and READ). Close the property windows using the OK buttons. Now delete the folder. Delete it from the RECYCLE BIN.

If you had System Restore on originally turn it back on.

Restart in normal mode and you are done.



