TSPY_AGENT.TQ

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Running the online version of Trend Micro Housecall produced a result
that said I had "TSPY_AGENT.TQ", a keylogger but I cannot find any
useful information on removing it.
Several places give the Win XP register info about it but none of the
keys mentioned are on my machine.

It does not show on a scan with Clamwin.

Can anyone help?

TIA
Slatts

Re: TSPY_AGENT.TQ


| Running the online version of Trend Micro Housecall produced a result
| that said I had "TSPY_AGENT.TQ", a keylogger but I cannot find any
| useful information on removing it.
| Several places give the Win XP register info about it but none of the
| keys mentioned are on my machine.
|
| It does not show on a scan with Clamwin.
|
| Can anyone help?
|
| TIA
| Slatts

Start with the Sophos module in the below tool...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Results Report

David H. Lipman wrote:
Quoted text here. Click to load it

After a scan with Sophos the following was reported:
---------------------------------------------------------------
92652 files swept in 3 hours, 36 minutes and 49 seconds.
318 errors were encountered.
2 viruses were discovered. (and removed)
2 files out of 92652 were infected.
-------------------------------------------------------
The 318 errors were all either Archive files or video files, both VOB
and mp4. I note what Sophos say about "zip bombs".
The two viruses were the ECAIR test file and Virus 'Troj/Clagger-W'
found in file c:\System Volume Information\_restore...

Can I assume a file in "restore" is inactive? (I realise if restored it
would be active.)

I will run Trend next and post the result.

Thanks for your help.
Slatts


More Results


Trend found nothing and KAV found:
-------------------------------------------------

Result for all objects:

          Sector Objects :      0              Known viruses :      4
--------------------------------------------------
But when I looked for what they were I found
they were PSKILL.EXE and PGCEDIT.EXE which were "not-a-virus" but
deleted anyway.

Slatts

Re: More Results


|
| Trend found nothing and KAV found:
| -------------------------------------------------
|
| Result for all objects:
|
|           Sector Objects :      0              Known viruses :      4
| --------------------------------------------------
| But when I looked for what they were I found
| they were PSKILL.EXE and PGCEDIT.EXE which were "not-a-virus" but
| deleted anyway.
|
| Slatts

The files in the System Restore cache are inactive and are NOT to be worried
about unless
you may restore from an infected restore point.

While the ustilites note are NOT malicious themselves, they may be used in a
malicious
fashion and there fore they were removed.

You started this thread indicating... "..Trend Micro Housecall produced a result
that said I
had "TSPY_AGENT.TQ"..."

The Trend Sysclean utility uses the SAME Pattern File (signatures) as the web
based scanner.
I find it interesting it found nothing.

So what is the fully qualified name and path to the file(s) that were found to
be infected
with "TSPY_AGENT.TQ" as noted by Trend's HouseCall ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: More Results

David H. Lipman wrote:
<SNIP>
Quoted text here. Click to load it

I regret I did not note the path :-( (I couldn't find a log file.)

As Sophos removed 'Troj/Clagger-W' and thereafter 'TSPY_AGENT.TQ' was
not found, could this mean that the two vendors use separate names for
the same infection? (It does not Google.)

Just for luck I did a scan with the original on-line version of
Housecall and naturally it reveals no infections either.


Thank you for your help
  Slatts

Re: More Results



| I regret I did not note the path :-( (I couldn't find a log file.)
|
| As Sophos removed 'Troj/Clagger-W' and thereafter 'TSPY_AGENT.TQ' was
| not found, could this mean that the two vendors use separate names for
| the same infection? (It does not Google.)
|
| Just for luck I did a scan with the original on-line version of
| Housecall and naturally it reveals no infections either.
|
| Thank you for your help
|   Slatts

I could find NO cross-referencing information that would indicate the two names
refer back
to the same Trojan.

As to a generalized statement Trojans could have the different names by
different vendors,
this is often the case and rarely do the AV vendors call the same infector the
same name.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline