Friendly Trojan!??

[oileruis]

HI,..1 month ago, i detected some spyware activity on my pc, i run some anti-spyware software n antivirus (AVG, Mcafee, A-squared, regseeker, Adware, No-adware,...whatever...those programs found always the same trojan in the same folder (C:windows)
i healed or deleted them....but..the computer makes a slower machine!!!...i restart my pc, and still with my life,...downloading files (with flashget) mainly....i run again the antispyware-antivirus software n find the same trojans...
there are Friendly trojans!? (i dont think so!!!)....
PD(with a right click on my desk the pc becomes slow!! n a blue screen with "bad pool caller" message appears!!)

any sugestion

P4 3.O HT, 512ram, 80gb maxtor, winxp pro sp2, ....

 

[Osiris]

Post a hijack this log and we will see what we can do

 

[Blitze105]

what is the trojan called, and ill help you.

 

[oileruis]

some of the trojans names
(also, all are "trojan horse downloader.agent.11q")


ieup.exe apibz.exe
netkl.exe
appoh32.exe
winca.exe
apiqm.exe

 

[Apokalipse]

maybe the trojan has more files than that, and is taking resources to find the other programs again after they're deleted

press ctrl+alt+del and see what's running and what takes up your resources

 

[Blitze105]

I must give you this, you got a good trojan. Congratulations
To start, get these:
a. http://www.majorgeeks.com/download.php?det=3019
b. cwsserviceremove.reg (see attachment)

Boot in safe mode, then....
Run CWShredder:

* Double-click on CWShredder.exe.
* Click Fix -> and click OK at the prompt.
* CWShredder will scan and clean your system of CWS files.
* Click Next-> and then Exit.


Remove the service:

* Double-click on cwsserviceremove.reg you downloaded earlier.
* When it asks you to merge the information to the registry click Yes.

Delete these files:
C:\WINDOWS\system32\edabr.dll
C:\WINDOWS\system32\winfg.exe
C:\WINDOWS\system32\atlnw.exe
C:\WINDOWS\system32\iepr.exe
C:\WINDOWS\system32\sdknh.exe
C:\WINDOWS\iekb.exe

Keep in mind i am not sure this will work.. hope it does
post ur results