How can you get rid of Trojan horse psw agent h and Trojan win32 killreg d?

Answer 1

Good news : as of today, AVG can heal Trojan horse psw.agent.h !

I had the same Trojan on my computer, booting the OS in safe mode, and disabling system restore did not work for me. I also tried almost every Anti-Virus, Ad-ware, and Trojan software out there but nothing did it. The way to remove this PSW.Agent.H is simple, the only catch is there is a process running called sysupd.exe running which protects the Trojan source file in Documents and Settings (_UPDATE.DAT ) from being removed. So here is what you do.

Read all the steps below before you start.

1. Run a search on the computer for a file called sysupd.exe .

2. Open My Computer, and browse to the folder that contains the file.

3. Press Ctrl+Alt+Del, and click on Task Manager.

4. Look on the bottom of the Task Manager window to see how many process are running, ex (Process:15)

5. Find sysupd.exe and stop it. most likely it will keep starting it self over.

4. Keep looking for it and stopping it, until the number of process' go down by one. Once you reach this point you only have a few second until it restarts, so be quick.

5. Switch to the window where sysupd.exe is located and quickly remove it.

6. Once sysupd.exe have been removed, then you can remove the main file _UPDATE.DAT which will be found somewhere in Documents and Settings. (If you cannot find it run a search for it)

7. Run AVG antivirus again to make sure the Trojan is gone.

I do not use this web site at all, i only found it while I was searching on Google for what people are saying about this Trojan.

NOTE if you can't find the update.dat file after getting rid of the sysupd, its okay, just run your scan from AVG again. Its seems to be the virus software that finds this Agent H and only one that can heal it when you stop that sysupd process from running!

Edit

I had the same virus on my computer and couldn't get rid of it...finally today may 16th when i ran my avg....it healed it and now its gone. so try running avg again they may have figured it out or something. hope this works.

I had psw.agent.h & here's what I did:

I tried the above method but didn't get Task Manager when I used Ctrl-Alt-Del (I suppose it's because I'm not in Windows XP). Anyway, I couldn't get the sysupd.exe to shut off so I could delete it, because windows was currently using it. I restarted in MS-DOS mode (after looking up some commands online because I'm not too experienced with DOS) I went to the directory for windows & was able to delete sysupd.exe from dos, then restart in windows, delete _update.dat and ran AVG to make sure it was gone. So far it is gone (whoo hoo!) and I'm hoping this can help anyone who had similar trouble to mine. Feel free to email me any questions... :)

I tried the recommended ideas above and nothing worked. I would stop the program in tsk mgr and before i could delete it it would restart itself. but i finally found a way to get the program stopped so that avg could put the virus in the vault. i started my computer in safe mode and went in C:Windows and deleted the sysupd.exe because in safemode the program doesnt start up. then i re run avg in reg mode and it found the virus and removed it to the vault so i could delete it. thanks for your help.

All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and and go into Safe Mode by holding the F8 key down -(kind of at the beginning of bootup). When you're at the DeskTop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT which would have shown up on your Anti-Virus software, you can delete this file from here. Also, make sure to empty your Recycle Bin.

I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file from the Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!

I fought this horse for a long time and here's what I finally did to get rid of it: 1. download the kill.exe utility

2. create the following bat file:

kill sysupd.exe

del /F c:\winnt\sysupd.exe

copy c:\winnt\notepad.exe c:\winnt\sysupd.exe

3. run this script from a command prompt over and over until the file sysupd is switched to notepad

4. now the damn horse is gone and you can successfully remove its data file (_update.dat) located somewhere under 'documents and settings'

Thanks to all for the invaluable information. These forums are my first stop when I need info.

I was also having trouble killing sysupd.exe with Task Manager and then deleting the file before it restarted. What worked for me was to start up a couple of CPU intensive apps, like AVG, Spybot, AdAware (all of which I couldn't do without) which slowed down my machine. This gave me enough time to kill the process, flip over to the file and delete it.

I then rebooted, and was able to delete _update.dat which was the infected file.

thanks to all for your help, Ken.

well, i had the szme problem - i run mcafee antivirus...

mcaffee - for some strange reason recognises this virus as backdoor-ajx, i guess they ain't updated their systems..

see now i managed to delete the _updatedat file by going into safe mode... its easy as chips thatway BUT i continously get my mcafee detecting and automatically deleting this 'backdoor-ajx' virus..

ive looked online for this virus and there are manual removal - but when i try them, i do not have the sysptoms...

has anyone else got this problem?

You can get rid of Trojan horse psw agent h and Trojan win32 killreg d from your computer by following these steps .1 Download and intall the Malwarebytes on your computer .

2 Update your Malwarebytes .

3 Scan your computer for all the malwares in your computer .

4 Remove all the malwares , found while scanning with the malwarebytes .

5 Restart your computer .

You need to run these 3 essential programs to remove all the spyware on your computer.

If you do not have an internet security suit and only an anti virus

1. Run Malwarebytes Anti-Malware

2. Run a complete scan with free curing utility Dr.Web CureIt!

3. Run the anti spyware removal programs spybot or Superantispyware

Browsers

Use Mozilla firefox or the Google chrome browser for browsing unsafe websites

Install ThreatFire

ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.

Run an online virus scan like

Trend Micro HouseCall

Kaspersky free online virus scanner

Windows Live OneCare safety scanner

BitDefender Online Scanner

ESET Online Antivirus Scanner

F-Secure Online Virus Scanner

avast! Online Scanner

update your software by running

Secunia Online Software Inspector

Install a good antivirus in your computer.

Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.

Keep your permanent antivirus protection enabled at all times.