Guru3D.com Forums

Go Back   Guru3D.com Forums > General > General Software and Applications
General Software and Applications Trouble with software/DirectX or other programs like Detonator Destroyer.


Reply
 
Thread Tools Display Modes
Problem with removeal of Trojen
Old
  (#1)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default Problem with removeal of Trojen - 07-25-2013, 11:46 | posts: 3,696 | Location: UK

Just ran Malware Bytes and it cant remove this:
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run|29920 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com -> No action taken.

How could I manually remove this safely?
   
Reply With Quote
 
Old
  (#2)
mbk1969
Maha Guru
 
Videocard: GeForce 780 GTX
Processor: I7-4930
Mainboard: Asus p9x79
Memory: G Skill RipjawZ, 16GB
Soundcard: Onboard + FiiO E17
PSU: 1000 W
Default 07-25-2013, 11:57 | posts: 1,604 | Location: Moscow, Russia

Boot from recovery CD, launch command line and remove file. Also you can open registry hive and remove that "29920".

Edit: You can also burn Kaspesrky (or any other antivirus) emergency CD, boot from it and let it clean the rig...
   
Reply With Quote
Old
  (#3)
Veteran
Ancient Guru
 
Veteran's Avatar
 
Videocard: 690@1372-Vmod on H20-24/7
Processor: 4930k@4.2ghz-1.05v-H20
Mainboard: R4BE@Monoblock-H20
Memory: 16Gb Mushkin Redline2133
Soundcard: SupremeFX-Sennheiser 350
PSU: Corsair AX 1200i
Default 07-25-2013, 14:32 | posts: 10,925 | Location: United kingdom

Quote:
Originally Posted by HonoredShadow View Post
Just ran Malware Bytes and it cant remove this:
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run|29920 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com -> No action taken.

How could I manually remove this safely?
Go into safemode and run malwarebytes and you shouldnt have a problem removing. If that fails run hijack this, paste the log into Hijack analyzer, find that regkey and delete manually.
   
Reply With Quote
Old
  (#4)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-25-2013, 15:49 | posts: 3,696 | Location: UK

 Click to show spoiler




Then I ran HijackThis! Log auto analyzer V2:

 Click to show spoiler



Still none the wiser! In safemode Malwarebytes could not remove it. I am unsure of how to find this reg.

Last edited by HonoredShadow; 07-25-2013 at 16:17.
   
Reply With Quote
 
Old
  (#5)
mbk1969
Maha Guru
 
Videocard: GeForce 780 GTX
Processor: I7-4930
Mainboard: Asus p9x79
Memory: G Skill RipjawZ, 16GB
Soundcard: Onboard + FiiO E17
PSU: 1000 W
Default 07-25-2013, 16:15 | posts: 1,604 | Location: Moscow, Russia

Code:
(spoiler) ... (/spoiler) only use square brackets instead round ones
Don`t use safe mode. Use boot from CD/DVD/USB.
   
Reply With Quote
Old
  (#6)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-25-2013, 16:52 | posts: 3,696 | Location: UK

But even if I do that I still don't know how to remove it. Hell I can't even find it in Windows let alone DOS command in Windows install!

I was not that into PC's when I was younger.
   
Reply With Quote
Old
  (#7)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-25-2013, 18:45 | posts: 3,696 | Location: UK

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run|29920 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com -> No action taken.

I just went to this in regedit and it won't let me delete it. Does any one know how I can delete this booting from DVD?

Will try to Google it.

Thanks all.

EDIT: I managed to remove it! Hope it does not come back after computer restart.

I went into regedit, found it then clicked on it then went into the menu and clicked edit, permissions. I clicked full control and it was gone. I am assuming the other entry (Default) is a windows one in the 'run' part of the registry location above.

Cheers for all the help guys. Will write back if it comes back after restart. Just running Malware bytes again.

Last edited by HonoredShadow; 07-25-2013 at 19:29.
   
Reply With Quote
Old
  (#8)
anticupidon
Maha Guru
 
anticupidon's Avatar
 
Videocard: Sapphire HD5850 Extreme
Processor: i7 860 3.6 Ghz
Mainboard: ASUS P7PP5D
Memory: 2x4 GB Kingston HyperX
Soundcard: Via on-board
PSU: Corsair HX 750
Default 07-25-2013, 19:29 | posts: 2,211 | Location: far,far from home

Make a bootable usb thumbdrive with bitdefender live with the help of Yumi usb,boot from it and solve this issue.
   
Reply With Quote
Old
  (#9)
Veteran
Ancient Guru
 
Veteran's Avatar
 
Videocard: 690@1372-Vmod on H20-24/7
Processor: 4930k@4.2ghz-1.05v-H20
Mainboard: R4BE@Monoblock-H20
Memory: 16Gb Mushkin Redline2133
Soundcard: SupremeFX-Sennheiser 350
PSU: Corsair AX 1200i
Default 07-26-2013, 15:14 | posts: 10,925 | Location: United kingdom

As i said in another thread if malwarebytes fails then run Bitdefender. If that fails you may need to boot into a live environment by using a CD like anticupidon said.

If it still fails i would just backup and reinstall. The best protection is prevention ie: Having security software inplace to stop any malware getting into the registry or anywhere else.
   
Reply With Quote
Old
  (#10)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-26-2013, 15:36 | posts: 3,696 | Location: UK

I use MSE (enough said mabe) and it found nothing. I ran ESTonline scan via the little program (as it's not compatible with FF, PM) and it found one thing but wiped it. 2 trojan horses were picked up by Malware bytes but could not delete one.

Have not had any problems for years until now!
   
Reply With Quote
 
Old
  (#11)
Phragmeister
Maha Guru
 
Phragmeister's Avatar
 
Videocard: MSI 560-Ti
Processor: i7 920 @ 3.8GHz
Mainboard: Asus P6TD V2
Memory: Corsair Dom 12GB
Soundcard: X-Fi Fatal1ty
PSU: Corsair HX850
Default 07-26-2013, 17:56 | posts: 1,341 | Location: UK

Try this m8 - http://www.simplysup.com/tremover/download.html
   
Reply With Quote
Old
  (#12)
Pill Monster
Ancient Guru
 
Pill Monster's Avatar
 
Videocard: 7950 Vapor-X 1175/1550
Processor: AMD FX-8320 @4.8
Mainboard: ASUS Sabertooth 990FX R2
Memory: 8GB HyperX Beast 2400
Soundcard: X-Fi Fatal1ty, Wharfedale
PSU: AcBel M8 750
Default 07-26-2013, 18:23 | posts: 24,499 | Location: NZ

Quote:
Originally Posted by HonoredShadow View Post
I use MSE (enough said mabe) and it found nothing. I ran ESTonline scan via the little program (as it's not compatible with FF, PM) and it found one thing but wiped it. 2 trojan horses were picked up by Malware bytes but could not delete one.

Have not had any problems for years until now!
Looks like the file has already been deleted.

Run CCleaner and it should remove the reg entry.....
   
Reply With Quote
Old
  (#13)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-26-2013, 18:27 | posts: 3,696 | Location: UK

I ran that program. No problems! Thanks for the link. I noticed in that program there are options under utilities. Not sure if I should use any of those. Reason why I ask is because I used a program called Toolwiz Care that was recommended on this site. Some of the options allow you to 'optimise' your broadband settings in Windows. I feel that maybe, just maybe they have actaully slowed things down.

Take a look at this pic and see what you think of these 'tweaks' and if they need reversing.

   
Reply With Quote
Old
  (#14)
Phragmeister
Maha Guru
 
Phragmeister's Avatar
 
Videocard: MSI 560-Ti
Processor: i7 920 @ 3.8GHz
Mainboard: Asus P6TD V2
Memory: Corsair Dom 12GB
Soundcard: X-Fi Fatal1ty
PSU: Corsair HX850
Default 07-29-2013, 04:53 | posts: 1,341 | Location: UK

I've always found the best software to tweak network settings is this - TCP Optimizer
   
Reply With Quote
Old
  (#15)
Pill Monster
Ancient Guru
 
Pill Monster's Avatar
 
Videocard: 7950 Vapor-X 1175/1550
Processor: AMD FX-8320 @4.8
Mainboard: ASUS Sabertooth 990FX R2
Memory: 8GB HyperX Beast 2400
Soundcard: X-Fi Fatal1ty, Wharfedale
PSU: AcBel M8 750
Default 07-29-2013, 08:54 | posts: 24,499 | Location: NZ

Quote:
Originally Posted by Phragmeister View Post
I've always found the best software to tweak network settings is this - TCP Optimizer
^Me too....
   
Reply With Quote
Old
  (#16)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-29-2013, 09:13 | posts: 3,696 | Location: UK

Does it really make a difference?

I have tried it in the past but sometimes things seemed slower. Do you just click the optimise settings and be done? Surely Windows 7 does not need such tweaks?

Maybe I used it wrong.

EDIT: I know this is a noob question to ask but with my connection I can download up to 1.8 per second. What is that megabytes or bits? Speedtest shows 14.66. I never did find out dohh. Basically I'm asking because of the slider on above program.

Last edited by HonoredShadow; 07-29-2013 at 09:27.
   
Reply With Quote
Old
  (#17)
PhazeDelta1
Moderator
 
PhazeDelta1's Avatar
 
Videocard: MSI 980 Gaming
Processor: Intel i7 4790k
Mainboard: Asus Z97 Pro
Memory: 16GB Corsair 2133MHz
Soundcard: Asus Xonar Phoebus
PSU: EVGA SuperNOVA 850 G2
Default 07-29-2013, 09:52 | posts: 13,900 | Location: USA

Quote:
Originally Posted by Pill Monster View Post
^Me too....
Me 3
   
Reply With Quote
Old
  (#18)
Pill Monster
Ancient Guru
 
Pill Monster's Avatar
 
Videocard: 7950 Vapor-X 1175/1550
Processor: AMD FX-8320 @4.8
Mainboard: ASUS Sabertooth 990FX R2
Memory: 8GB HyperX Beast 2400
Soundcard: X-Fi Fatal1ty, Wharfedale
PSU: AcBel M8 750
Default 07-29-2013, 10:02 | posts: 24,499 | Location: NZ

Quote:
Originally Posted by HonoredShadow View Post
Does it really make a difference?

I have tried it in the past but sometimes things seemed slower. Do you just click the optimise settings and be done? Surely Windows 7 does not need such tweaks?

Maybe I used it wrong.

EDIT: I know this is a noob question to ask but with my connection I can download up to 1.8 per second. What is that megabytes or bits? Speedtest shows 14.66. I never did find out dohh. Basically I'm asking because of the slider on above program.
14.7 Mbps (Megabits)
1.8 MB/s (Megabytes)
   
Reply With Quote
Old
  (#19)
HonoredShadow
Ancient Guru
 
HonoredShadow's Avatar
 
Videocard: MSI 970 SLI OC+ASUS Swift
Processor: 2700k@4.8 Noctua NH-U12P
Mainboard: AsRock Z77 Extreme4
Memory: 16GB Corsair 1866mhz
Soundcard: ASUS Xonar DX PCI-E
PSU: 1300W EVGA SuperNOVA
Default 07-29-2013, 10:31 | posts: 3,696 | Location: UK

Thanks for that. I used the slider and moved it to 14 then hit optimise. Will this have a good effect on games online?

Does it affect the browser too? I'm guessing so.
   
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.