agent.exe malicious error

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Norton Antivirus is prompting me with a system halt error that it has
detected a malicious suspect on the file system object agent.exe. I'm current
with virus definitions, run SpyBot and Adaware. Everything is clean. Have not
upgraded to SP2. How can I determine if this is an unknown virus, etc, on my
machine...or if something on the internet is attempting to use agent.exe
virtually?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

agent.exe is not a Windows XP file.

You might start by finding out if the agent.exe you have is part of the
Backdoor.NuAgent

Troj/Agent-DP
http://www.sophos.com/virusinfo/analyses/trojagentdp.html


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:BE0E8E33-6B30-4DEA-8D34-CFA4844E2D72@microsoft.com,
beada <beada@discussions.microsoft.com> hunted and pecked:
> Norton Antivirus is prompting me with a system halt error that it has
> detected a malicious suspect on the file system object agent.exe. I'm
> current with virus definitions, run SpyBot and Adaware. Everything is
> clean. Have not upgraded to SP2. How can I determine if this is an
> unknown virus, etc, on my machine...or if something on the internet is
> attempting to use agent.exe virtually?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "beada" <beada@discussions.microsoft.com>

| Norton Antivirus is prompting me with a system halt error that it has
| detected a malicious suspect on the file system object agent.exe. I'm current
| with virus definitions, run SpyBot and Adaware. Everything is clean. Have not
| upgraded to SP2. How can I determine if this is an unknown virus, etc, on my
| machine...or if something on the internet is attempting to use agent.exe
| virtually?

NAV is anto visrus. Ad-aware and SpyBot S&D specialize on non-viral malware.

You should scan the computer using other anti virus software. The following Multi AV
scanning tool provides "On Demand" scanners for; McAfee, Sophos and Trend Micro.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sat, 3 Sep 2005 16:22:53 -0600, "Wesley Vogel"
<123WVogel955@comcast.net> wrote:

>agent.exe is not a Windows XP file.
>
>You might start by finding out if the agent.exe you have is part of the
>Backdoor.NuAgent
>
>Troj/Agent-DP
>http://www.sophos.com/virusinfo/analyses/trojagentdp.html

I MUST correct such seeming FUD:

There IS an agent.exe which is INDEED a legitimate Windows executable.
It's the executable for Forte's Agent offline newsreaders, Agent and
Free Agent.

I would contact both Forte and your AV's support about the results of
your Antivirus program. They may or may not ask you to send a copy of
the file to them for examination by their labs, to see whether it
truly is the "agent.exe" included as part of the Trojan installation
mentioned on Sopho's site above.

IF, on the otherhand, you DON'T have Forte's Agent newsreader
installed, then the chances are that YOUR "agent.exe" IS a virus or
trojan, since there is no file with that name provided with the OS.

In any case, follow the directions of your AV manufacturer to remove
what it finds as a trojan. You can always reinstall Forte's Agent by
going to their website and downloading a fresh copy of the Agent
installer to your computer AFTER you remove any viruses and trojans.
If your copy of Agent is licensed by Forte, then just enter your
license key when you install it (note that ALL Agent license keys
previous to A2 are superceeded by an Agent 2-or-above key. If your
license for Agent is for a version previous to Agent 2, you will have
to upgrade it to an Agent 2-or-above key.

Donald L McDaniel
Please reply to the original thread.
If you must reply via email, remove the obvious
from my email address before sending.
=======================================================

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I will say it again.

agent.exe is not a Windows XP file.

It does not come with Windows XP or is it any part of Windows XP.

There is no Fear, Uncertainty or Doubt, agent.exe is not a Windows XP file.

DLL Help Database Search

Search: By File Only
Language: English (United States)
File name: agent.exe
No results found
http://support.microsoft.com/dllhelp/?dlltype=file&l=55&alpha=agent.exe&S=1&x=10&y=6


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:us8mh11ml3h8ns2ejg6nijib8os602cilq@4ax.com,
Donald L McDaniel <orthocrossNOSPAM@skycasters.net> hunted and pecked:
> On Sat, 3 Sep 2005 16:22:53 -0600, "Wesley Vogel"
> <123WVogel955@comcast.net> wrote:
>
>> agent.exe is not a Windows XP file.
>>
>> You might start by finding out if the agent.exe you have is part of the
>> Backdoor.NuAgent
>>
>> Troj/Agent-DP
>> http://www.sophos.com/virusinfo/analyses/trojagentdp.html
>
> I MUST correct such seeming FUD:
>
> There IS an agent.exe which is INDEED a legitimate Windows executable.
> It's the executable for Forte's Agent offline newsreaders, Agent and
> Free Agent.
>
> I would contact both Forte and your AV's support about the results of
> your Antivirus program. They may or may not ask you to send a copy of
> the file to them for examination by their labs, to see whether it
> truly is the "agent.exe" included as part of the Trojan installation
> mentioned on Sopho's site above.
>
> IF, on the otherhand, you DON'T have Forte's Agent newsreader
> installed, then the chances are that YOUR "agent.exe" IS a virus or
> trojan, since there is no file with that name provided with the OS.
>
> In any case, follow the directions of your AV manufacturer to remove
> what it finds as a trojan. You can always reinstall Forte's Agent by
> going to their website and downloading a fresh copy of the Agent
> installer to your computer AFTER you remove any viruses and trojans.
> If your copy of Agent is licensed by Forte, then just enter your
> license key when you install it (note that ALL Agent license keys
> previous to A2 are superceeded by an Agent 2-or-above key. If your
> license for Agent is for a version previous to Agent 2, you will have
> to upgrade it to an Agent 2-or-above key.
>
> Donald L McDaniel
> Please reply to the original thread.
> If you must reply via email, remove the obvious
> from my email address before sending.
> =======================================================

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Sun, 4 Sep 2005 14:17:56 -0600, "Wesley Vogel"
<123WVogel955@comcast.net> wrote:

>I will say it again.
>
>agent.exe is not a Windows XP file.
>
>It does not come with Windows XP or is it any part of Windows XP.
>
>There is no Fear, Uncertainty or Doubt, agent.exe is not a Windows XP file.
>
>DLL Help Database Search
>
>Search: By File Only
>Language: English (United States)
>File name: agent.exe
>No results found
>http://support.microsoft.com/dllhelp/?dlltype=file&l=55&alpha=agent.exe&S=1&x=10&y=6

But there IS an "agent.exe" which is NOT the virus-trojan. So
publically giving the APPEARANCE that ALL "agent.exe" executables are
viruses or trojans, IS FUD, by the VERY DEFINITION of "FUD".

Donald L McDaniel
Please reply to the original thread.
If you must reply via email, remove the obvious
from my email address before sending.
=======================================================

 

[Rock]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Donald L McDaniel wrote:

> On Sun, 4 Sep 2005 14:17:56 -0600, "Wesley Vogel"
> <123WVogel955@comcast.net> wrote:
>
>
>>I will say it again.
>>
>>agent.exe is not a Windows XP file.
>>
>>It does not come with Windows XP or is it any part of Windows XP.
>>
>>There is no Fear, Uncertainty or Doubt, agent.exe is not a Windows XP file.
>>
>>DLL Help Database Search
>>
>>Search: By File Only
>>Language: English (United States)
>>File name: agent.exe
>>No results found
>>http://support.microsoft.com/dllhelp/?dlltype=file&l=55&alpha=agent.exe&S=1&x=10&y=6
>
>
> But there IS an "agent.exe" which is NOT the virus-trojan. So
> publically giving the APPEARANCE that ALL "agent.exe" executables are
> viruses or trojans, IS FUD, by the VERY DEFINITION of "FUD".
>
> Donald L McDaniel
> Please reply to the original thread.
> If you must reply via email, remove the obvious
> from my email address before sending.
> =======================================================

Wes' post wasn't FUD. He stated that agent.exe is not a Windows XP file
which is correct. He did not say that every file named agent.exe is
malware or give the appearance that all such files are malware. He gave
an example of one maliciious form of agent.exe. You are certainly over
reacting here.

--
Rock
MS MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "Donald L McDaniel" <invalid@invalid.com>

|
| But there IS an "agent.exe" which is NOT the virus-trojan. So
| publically giving the APPEARANCE that ALL "agent.exe" executables are
| viruses or trojans, IS FUD, by the VERY DEFINITION of "FUD".
|
| Donald L McDaniel
| Please reply to the original thread.
| If you must reply via email, remove the obvious
| from my email address before sending.
| =======================================================

But he didn't. He did state that this is NOT a MS Windows distributed file and there is a
probablity of it being malware.

The following is just one example from me...
Polyposter.A -- http://vil.nai.com/vil/content/v_98002.htm

Wesley did state...
"You might start by finding out if the agent.exe you have is part of the
Backdoor.NuAgent
Troj/Agent-DP
http://www.sophos.com/virusinfo/analyses/trojagentdp.html "

This was good advice and was NOT FUD.

Even with files sucsn as; LSASS.EXE, SVCHOST.EXE and CSRSS.EXE one must be careful. These
are the names of legitimate OS files. However, they are also the names of *many* viral and
non-viral malware. One must look not just to the file name but its fully-qualified path as
this could be indicative it is not the OS version of said file.

I applaud Wesley's wording and terminology used and his approach to dealing what could be
AGENT.EXE as being malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Mon, 5 Sep 2005 13:44:01 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Donald L McDaniel" <invalid@invalid.com>
>
>|
>| But there IS an "agent.exe" which is NOT the virus-trojan. So
>| publically giving the APPEARANCE that ALL "agent.exe" executables are
>| viruses or trojans, IS FUD, by the VERY DEFINITION of "FUD".
>|
>| Donald L McDaniel
>| Please reply to the original thread.
>| If you must reply via email, remove the obvious
>| from my email address before sending.
>| =======================================================
>
>But he didn't. He did state that this is NOT a MS Windows distributed file and there is a
>probablity of it being malware.
>
>The following is just one example from me...
>Polyposter.A -- http://vil.nai.com/vil/content/v_98002.htm
>
>Wesley did state...
>"You might start by finding out if the agent.exe you have is part of the
>Backdoor.NuAgent
>Troj/Agent-DP
>http://www.sophos.com/virusinfo/analyses/trojagentdp.html "
>
>This was good advice and was NOT FUD.
>
>Even with files sucsn as; LSASS.EXE, SVCHOST.EXE and CSRSS.EXE one must be careful. These
>are the names of legitimate OS files. However, they are also the names of *many* viral and
>non-viral malware. One must look not just to the file name but its fully-qualified path as
>this could be indicative it is not the OS version of said file.
>
>I applaud Wesley's wording and terminology used and his approach to dealing what could be
>AGENT.EXE as being malware.

He ALSO gave the impression that ALL "agent.exe" files are viral. As
I have shown, this is just not the case.

In otherwords, he is spreading "FUD" (Fear Uncertainty Doubt).

Donald L McDaniel
Please reply to the original thread.
If you must reply via email, remove the obvious
from my email address before sending.
=======================================================

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "Donald L McDaniel" <invalid@invalid.com>


|
| He ALSO gave the impression that ALL "agent.exe" files are viral. As
| I have shown, this is just not the case.
|
| In otherwords, he is spreading "FUD" (Fear Uncertainty Doubt).
|
| Donald L McDaniel
| Please reply to the original thread.
| If you must reply via email, remove the obvious
| from my email address before sending.
| =======================================================

It is an obvious mis-interpretation on your part. ;-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm