Win.32.Agent.pz virus got me down!
October 7, 2008 7:00 AM Subscribe
Nasty, sticky virus that won't go away! The virus scan says it is called 'win.32.Agent.pz' and we've thrown everything we've got at it to get rid of it - Spybot (also in safe mode) and ESET - and it won't go away. Help!
We'd prefer not to buy any other virusware or software to remove it, but if that's the only option I suppose we'll take it (grudgingly). Any workable advice appreciated. I need my computer back! Oh, it's a PC, by the way.
We'd prefer not to buy any other virusware or software to remove it, but if that's the only option I suppose we'll take it (grudgingly). Any workable advice appreciated. I need my computer back! Oh, it's a PC, by the way.
Best answer: Some information here, including a suggestion that you do a system restore to a known good point in time.
posted by jquinby at 7:23 AM on October 7, 2008
posted by jquinby at 7:23 AM on October 7, 2008
Try Malware Bytes
It's the best cleaner I've found these days.
posted by meta87 at 7:25 AM on October 7, 2008 [2 favorites]
It's the best cleaner I've found these days.
posted by meta87 at 7:25 AM on October 7, 2008 [2 favorites]
Best answer: I've said it a hundred times on ask.mefi virus threads... you cannot trust an OS once it's been compromised. Even if all the visible and detectable elements are gone, you cannot be sure that there's no keylogger or rogue email processes going.
Now that you're looking at reinstalling, here's a good idea for planning ahead. First back up everything, of course. Then when installing Windows, have it split your drive into two partitions. Programs and OS go on the first partition (which will be C:), and your files, pics, data, mp3s, videos, etc go on the second partition (which is D:). Put a clean install of the OS on C: with all the drivers and programs the way you like it, and use Acronis TrueImage (about $50) to make a snapshot of C:. Then anytime you have virus problems, just format C: and reinstall that image mirror. Your data will be safe and waiting on D:, but back that up regularly too.
posted by crapmatic at 7:48 AM on October 7, 2008
Now that you're looking at reinstalling, here's a good idea for planning ahead. First back up everything, of course. Then when installing Windows, have it split your drive into two partitions. Programs and OS go on the first partition (which will be C:), and your files, pics, data, mp3s, videos, etc go on the second partition (which is D:). Put a clean install of the OS on C: with all the drivers and programs the way you like it, and use Acronis TrueImage (about $50) to make a snapshot of C:. Then anytime you have virus problems, just format C: and reinstall that image mirror. Your data will be safe and waiting on D:, but back that up regularly too.
posted by crapmatic at 7:48 AM on October 7, 2008
I've said it a hundred times on ask.mefi virus threads... you cannot trust an OS once it's been compromised.
[...]
First back up everything, of course.
No. A hundred times no. The time to backup files is before you get infected. If you get infected, backup some files, reinstall and then restore your files, you're just asking to get infected again.
There are some spyware out there that need specific tools and manual removal to get rid of properly. Nuking the computer from orbit is the only way to be sure that it's really gone.
posted by splice at 8:40 AM on October 7, 2008 [1 favorite]
[...]
First back up everything, of course.
No. A hundred times no. The time to backup files is before you get infected. If you get infected, backup some files, reinstall and then restore your files, you're just asking to get infected again.
There are some spyware out there that need specific tools and manual removal to get rid of properly. Nuking the computer from orbit is the only way to be sure that it's really gone.
posted by splice at 8:40 AM on October 7, 2008 [1 favorite]
2nd-ing Malware Bytes (get it from download.com)
I usually run it once in safe mode(full), then reboot into regular mode and run again(quick).
posted by ijoyner at 8:52 AM on October 7, 2008
I usually run it once in safe mode(full), then reboot into regular mode and run again(quick).
posted by ijoyner at 8:52 AM on October 7, 2008
Response by poster: Okay, we ran Malware Bytes in regular mode and it couldn't get rid of it. We're now running it in safe mode, with crossed fingers (I'm using my husband's work laptop right now).
Splice, what type of bomb would you suggest we use?
posted by cooker girl at 10:14 AM on October 7, 2008
Splice, what type of bomb would you suggest we use?
posted by cooker girl at 10:14 AM on October 7, 2008
Splice, what type of bomb would you suggest we use?
He's talking about a format/reinstall
posted by chrisamiller at 10:17 AM on October 7, 2008
He's talking about a format/reinstall
posted by chrisamiller at 10:17 AM on October 7, 2008
Careful looks like this might spoof paypal and ebay pages. (source: http://www.techsupportforum.com/security-center/hijackthis-log-help/266563-win-32-agent-pz.html)
Might want to check http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/407699/an/0/page/1
I probably wouldn't blindly copy the fixes from that page, but it appears that the volunteers there were able to remove it (only success I could google so far).
posted by syntheticfaith at 12:13 PM on October 7, 2008
Might want to check http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/407699/an/0/page/1
I probably wouldn't blindly copy the fixes from that page, but it appears that the volunteers there were able to remove it (only success I could google so far).
posted by syntheticfaith at 12:13 PM on October 7, 2008
I've used these instructions from deezil, and they seemed to remove everything. (If the systems I was working on had some backups, or I had more time, I probably would have just reinstalled.)
posted by philomathoholic at 12:38 PM on October 7, 2008
posted by philomathoholic at 12:38 PM on October 7, 2008
Not having the benefit of the OS cd-rom, I had a problem recently, and I headed in the direction of Hijack This, which is pretty intensive, and involves a lot of posting to forums and having (very kind) volunteers sifting through the results of your tests. It seemed to work pretty well, at least I hope.
If you have used a credit card on your pc recently, you should call your company and let them know. They'll put a stop on your number and issue you a new card pretty quickly. It's a hassle re-doing all of your accounts online that were set to your old card, but it's better than having someone using your card number.
posted by Ghidorah at 3:53 PM on October 7, 2008
If you have used a credit card on your pc recently, you should call your company and let them know. They'll put a stop on your number and issue you a new card pretty quickly. It's a hassle re-doing all of your accounts online that were set to your old card, but it's better than having someone using your card number.
posted by Ghidorah at 3:53 PM on October 7, 2008
I was going to post the link to my instructions, but I'll be damned if philomathoholic didn't beat me to it.
posted by deezil at 4:48 PM on October 7, 2008
posted by deezil at 4:48 PM on October 7, 2008
« Older This is a good time to buy a car--no? | Assurance of no babies with the least amount of... Newer »
This thread is closed to new comments.
posted by unixrat at 7:19 AM on October 7, 2008