What do I do? I have the Trojan horse Backdoor.Agent.BA the file is called com.dll This is what I have done and it does not work. First I went through AVG to remove it, but it will not remove the file. So I read up on how to manually remove the file. This is what it told me to do. I went and located the file in System32 then I removed it to the Desktop and tried to delete it, but that didn't work then I when and try to take control of the file so I could delete it, but still I can not delete it. Now I and stumped. I am sending my hijack logfile if it will help please someone help me!!!!!

In the future how can I stop these Trojan viruses form getting on to my computer?

Logfile of HijackThis v1.97.7
Scan saved at 12:32:27 AM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\personal files\Softimage\FLEXLM\bin\LMGRD.EXE
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\SAV\DefWatch.exe
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\cba\pds.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\SAV\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\Grisoft\AVG6\avgw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijacker\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ÌÚѶQQ.lnk = D:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F05EC80-53BB-4B17-8918-53298D8590EA}: NameServer = 202.96.209.6 202.96.209.133

Backdoor.Agent.BA is a toughie. You need help from our specialists in the HiJackThis forum.

In order to help you we need a HiJack log so....
Download : HiJackThis from : /downloads-cat-14.html

Create and Unzip to a folder, not your Desktop or the Temp folder,
Update it, use the "CONFIG" button, then press "MISC TOOLS" followed by " Check for update online
after the update press the "Back" button

Then doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, use "Save Log" button, save the log in a text file,
best to save your text file in the same folder as where you put HiJack,
then post your log here : /f67-Trend_Micro_HijackThis_Logs.html by simply Copy/Paste the info from your text file


DO NOT FIX ANYTHING YOURSELF NOW, JUST WAIT FOR AN EXPERT TO HAVE A LOOK AT YOUR LOG AS THE.
BIGGEST PART OF THE ENTRIES ARE NEEDED , REMOVING THEM CAN CAUSE SERIOUS DAMAGE.

In NOTEPAD write this:

@echo off
SET FILE=sqll

echo y | cacls c:\windows\system32\*FILE*.dll /g Everyone:f
attrib -r -s -h C:\Windows\system32\*FILE*.dll
ren C:\Windows\system32\*FILE*.dll *FILE*.old
del C:\Windows\system32\*FILE*.old

Than change the *FILE* to the filename infected and save this as REMOVE.BAT file. Run it in normal mode and the trojan BackDoor.Agent.BA is OUT.


_______________________________________
NOTE FROM FORUM HOSTS: This thread is now closed. Should you need it reopened, please PM a Host/mod. Everyone else having a similar issue, please launch a new topic for yourselves. Thank you.