infected
November 10, 2011 4:31 AM Subscribe
My pc is infected with trogan horse agent_r.ARN how do i remove it?
now my first response was to google it but low andbehold it redirects me to adds so if you guys could at least link to a solution maybe that would work if it doesnt outright block that site pr you could just say how to here please
now my first response was to google it but low andbehold it redirects me to adds so if you guys could at least link to a solution maybe that would work if it doesnt outright block that site pr you could just say how to here please
sadly, you do not remove it.
you save all your documents and such.
Then you completely wipe everything off the computer, and then re-load everything. Everything right down to the operating system.
That is the only sure fire way to beat it.
posted by Flood at 4:39 AM on November 10, 2011
you save all your documents and such.
Then you completely wipe everything off the computer, and then re-load everything. Everything right down to the operating system.
That is the only sure fire way to beat it.
posted by Flood at 4:39 AM on November 10, 2011
Try googling "how to remove agent_r.ARN" -- it looked like several options came up.
The first five results are linkspam, as far as I can see. They will come up for pretty much any "how to remove X" search you do. In fact, the first result I see tells users to remove HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe from the registry, which appears to be aimed at removing McAfee antivirus, so may actually be malicious.
Following unfiltered Google search results to remove malware is not good policy.
On preview, the answer I'm quoting has been deleted, but I'm going to leave this up anyway, since the 'undiscriminating Google' approach to malware removal is so common and so counter-productive.
sadly, you do not remove it.
Is that advice particular to this particular malware or general to Windows malware? I'm sympathetic to the 'nuke and reinstall' approach to dealing with malware (even though I prefer to attempt removal), but it would be useful for the OP to know whether it's based on personal experience of this specific variant of this specific Trojan.
posted by Busy Old Fool at 4:58 AM on November 10, 2011 [1 favorite]
The first five results are linkspam, as far as I can see. They will come up for pretty much any "how to remove X" search you do. In fact, the first result I see tells users to remove HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe from the registry, which appears to be aimed at removing McAfee antivirus, so may actually be malicious.
Following unfiltered Google search results to remove malware is not good policy.
On preview, the answer I'm quoting has been deleted, but I'm going to leave this up anyway, since the 'undiscriminating Google' approach to malware removal is so common and so counter-productive.
sadly, you do not remove it.
Is that advice particular to this particular malware or general to Windows malware? I'm sympathetic to the 'nuke and reinstall' approach to dealing with malware (even though I prefer to attempt removal), but it would be useful for the OP to know whether it's based on personal experience of this specific variant of this specific Trojan.
posted by Busy Old Fool at 4:58 AM on November 10, 2011 [1 favorite]
Is that advice particular to this particular malware or general to Windows malware?
I don't specifically know agent_r.ARN, but malware writers have gotten really good and closing all the doors to successful eradication of the problem. Not to say that it can't be done, it just that it is incredibly difficult in terms of time spent. As you go through the process, it is also a constant "2 steps forward and 1 step back" situation and will really test your patience.
So the issue becomes how is your time is better spent.
Also, by re-installing, you know with a far higher degree of certainty that you have gotten rid of the issue. If in the least, you will be in a far better position to deal with future flareups as they show.
posted by lampshade at 5:11 AM on November 10, 2011
I don't specifically know agent_r.ARN, but malware writers have gotten really good and closing all the doors to successful eradication of the problem. Not to say that it can't be done, it just that it is incredibly difficult in terms of time spent. As you go through the process, it is also a constant "2 steps forward and 1 step back" situation and will really test your patience.
So the issue becomes how is your time is better spent.
Also, by re-installing, you know with a far higher degree of certainty that you have gotten rid of the issue. If in the least, you will be in a far better position to deal with future flareups as they show.
posted by lampshade at 5:11 AM on November 10, 2011
This is the time if you do wipe and reinstall to prepare in case it happens again. Repartition your disk to have separate sections for data, programs and an additional clean image of windows ( updated to latest fixes of course ) . Then if this happens again the fix is a copy of the clean windows partition over the infected partition. A fast and simple action that you could actually choose to do at any time.
posted by stuartmm at 5:33 AM on November 10, 2011 [1 favorite]
posted by stuartmm at 5:33 AM on November 10, 2011 [1 favorite]
Reinstalling windows, and all the software you have installed, and backing up and restoring data, and running all the updates, and updating your security software, all takes WAY more than an hour, and is a HUGE hassle for those who are not technically inclined. I know, I actually do this for a living. It can take over four hours of nonstop work to get a Windows machine back to where it was when you started.
I've been doing battle with these viruses, on a daily basis, for literally a decade. Over 95% of the time it is nowhere near necessary to do a full wipe/reinstall to restore the computer to normal function and security to your computer. This popular investiture of viruses with mystical superpowers is unhelpful to end-users.
My advice is, use the Combofix removal tool, and follow up with a scan using Malwarebytes. Let us know if you are able to do these things.
posted by BigLankyBastard at 7:15 AM on November 10, 2011 [3 favorites]
I've been doing battle with these viruses, on a daily basis, for literally a decade. Over 95% of the time it is nowhere near necessary to do a full wipe/reinstall to restore the computer to normal function and security to your computer. This popular investiture of viruses with mystical superpowers is unhelpful to end-users.
My advice is, use the Combofix removal tool, and follow up with a scan using Malwarebytes. Let us know if you are able to do these things.
posted by BigLankyBastard at 7:15 AM on November 10, 2011 [3 favorites]
I've had excellent luck with posting my problem to http://www.spywareinfoforum.com and basically having an expert walk me through the removal process step-by-step. Basically, they tell you to download and run specific anti-virus programs, you post the resulting scan logs, they analyze the logs and tell you what to do next, until the problem is solved. Highly recommended if you want an expert opinion.
posted by danceswithlight at 8:20 AM on November 10, 2011
posted by danceswithlight at 8:20 AM on November 10, 2011
As was mentioned in the first post, go see my profile. To pare it down a little for you, as BigLankyBastard said, use ComboFix and MalwareBytes. Also, add to that two more things from my profile, TDSSKiller and Microsoft Security Scanner. If you want, send me logs via MeFi Mail, and I'll help you analyze them. I'll try to keep an eye on the post, but if I miss any follow ups, please hit my MeFil Mail up the same way.
posted by deezil at 8:36 AM on November 10, 2011
posted by deezil at 8:36 AM on November 10, 2011
and an additional clean image of windows ( updated to latest fixes of course )
Actually, how would one update a copy of windows on its own partition?
posted by exphysicist345 at 12:21 PM on November 10, 2011
Actually, how would one update a copy of windows on its own partition?
posted by exphysicist345 at 12:21 PM on November 10, 2011
This thread is closed to new comments.
posted by Busy Old Fool at 4:38 AM on November 10, 2011