Win.32.Agent.pz virus got me down!
October 7, 2008 7:00 AM

Nasty, sticky virus that won't go away! The virus scan says it is called 'win.32.Agent.pz' and we've thrown everything we've got at it to get rid of it - Spybot (also in safe mode) and ESET - and it won't go away. Help!

We'd prefer not to buy any other virusware or software to remove it, but if that's the only option I suppose we'll take it (grudgingly). Any workable advice appreciated. I need my computer back! Oh, it's a PC, by the way.
posted by cooker girl to Computers & Internet (12 answers total) 1 user marked this as a favorite
Reinstall. It's the only way to be sure.
posted by unixrat at 7:19 AM on October 7, 2008


Some information here, including a suggestion that you do a system restore to a known good point in time.
posted by jquinby at 7:23 AM on October 7, 2008


Try Malware Bytes

It's the best cleaner I've found these days.
posted by meta87 at 7:25 AM on October 7, 2008


I've said it a hundred times on ask.mefi virus threads... you cannot trust an OS once it's been compromised. Even if all the visible and detectable elements are gone, you cannot be sure that there's no keylogger or rogue email processes going.

Now that you're looking at reinstalling, here's a good idea for planning ahead. First back up everything, of course. Then when installing Windows, have it split your drive into two partitions. Programs and OS go on the first partition (which will be C:), and your files, pics, data, mp3s, videos, etc go on the second partition (which is D:). Put a clean install of the OS on C: with all the drivers and programs the way you like it, and use Acronis TrueImage (about $50) to make a snapshot of C:. Then anytime you have virus problems, just format C: and reinstall that image mirror. Your data will be safe and waiting on D:, but back that up regularly too.
posted by crapmatic at 7:48 AM on October 7, 2008


I've said it a hundred times on ask.mefi virus threads... you cannot trust an OS once it's been compromised.

[...]

First back up everything, of course.

No. A hundred times no. The time to backup files is before you get infected. If you get infected, backup some files, reinstall and then restore your files, you're just asking to get infected again.

There are some spyware out there that need specific tools and manual removal to get rid of properly. Nuking the computer from orbit is the only way to be sure that it's really gone.
posted by splice at 8:40 AM on October 7, 2008


2nd-ing Malware Bytes (get it from download.com)
I usually run it once in safe mode(full), then reboot into regular mode and run again(quick).
posted by ijoyner at 8:52 AM on October 7, 2008


Okay, we ran Malware Bytes in regular mode and it couldn't get rid of it. We're now running it in safe mode, with crossed fingers (I'm using my husband's work laptop right now).

Splice, what type of bomb would you suggest we use?
posted by cooker girl at 10:14 AM on October 7, 2008


Splice, what type of bomb would you suggest we use?

He's talking about a format/reinstall
posted by chrisamiller at 10:17 AM on October 7, 2008


Careful looks like this might spoof paypal and ebay pages. (source: http://www.techsupportforum.com/security-center/hijackthis-log-help/266563-win-32-agent-pz.html)

Might want to check http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/407699/an/0/page/1

I probably wouldn't blindly copy the fixes from that page, but it appears that the volunteers there were able to remove it (only success I could google so far).
posted by syntheticfaith at 12:13 PM on October 7, 2008


I've used these instructions from deezil, and they seemed to remove everything. (If the systems I was working on had some backups, or I had more time, I probably would have just reinstalled.)
posted by philomathoholic at 12:38 PM on October 7, 2008


Not having the benefit of the OS cd-rom, I had a problem recently, and I headed in the direction of Hijack This, which is pretty intensive, and involves a lot of posting to forums and having (very kind) volunteers sifting through the results of your tests. It seemed to work pretty well, at least I hope.

If you have used a credit card on your pc recently, you should call your company and let them know. They'll put a stop on your number and issue you a new card pretty quickly. It's a hassle re-doing all of your accounts online that were set to your old card, but it's better than having someone using your card number.
posted by Ghidorah at 3:53 PM on October 7, 2008


I was going to post the link to my instructions, but I'll be damned if philomathoholic didn't beat me to it.
posted by deezil at 4:48 PM on October 7, 2008


« Older This is a good time to buy a car--no?   |   Assurance of no babies with the least amount of... Newer »
This thread is closed to new comments.