Computer Infected

[Drhunter2k]

Broni, my AVG antivirus just finished the daily scan of my computer and found these 3 files.

"C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP141\A0013272.dll";"Trojan horse Agent2.AYEO";"Moved to Virus Vault"
"C:\Program Files\Windows Defender\MsMpEng.exe (2212):\memory_07520000";"May be infected by unknown virus Win32/DH.CAFF82037F";"Object is inaccessible."
"C:\Program Files\Windows Defender\MsMpEng.exe (2212)";"May be infected by unknown virus Win32/DH.CAFF82037F";""

[Broni]

Good

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

[Broni]

I didn't see your last post.
The first file is located in system restore, but you'll reset system restore, when you follow my last steps, so no worries there.

Two other findings are rather hilarious, since the file is a part of Windows Defender.
In any case, upload C:\Program Files\Windows Defender\MsMpEng.exe file to http://www.virustotal.com/ for security check.

[Drhunter2k]

Thank you very much for all of your help in getting rid of these infections. My computer is running perfect again thanks to your help. My hat's off to you again.

[Broni]

Yes!!
Good luck and stay safe