Continually Reoccuring Trojan:Win32/Agent Warning Appears only During ActivSync

Stu-be · 08-01-09, 12:25 PM

I have not been using my Axim X51v that often, lately, but I have started using it again. In the interim, I put Windows Live OneCare on my home Laptop. (A great all-around utility program, I can't say enough positive things about it.) However, every time I now Sync my Axim to the laptop, I get the same OneCare warning message, "Windows Live OneCare has found potentially unwanted software . We recommend you remove such software that you do not recognize."

Software ------------------ Catagory
Trojan:Win32/Agent ----- Trojan

I click "Clear" on Live OneCare and Windows Live OneCare removes it for the time being. However, the same message returns persistently. Clearly, whatever this is, is on my Axim and is trying to unload itself onto my computer every time I sync.

Any idea what this is and more important, how the heck would find locate it and get rid of it once and for all? (it is persitent, it just reappeared for a second time while I was typing this message.) I am far from a pro, so I would appreciate it if anybody who knows what to do would walk me through this with the specific steps necessary to remove it. My sincere thanks for your assistance.

johnhu_2005 · 08-01-09, 12:47 PM

Where is the location of the malware?

Stu-be · 08-01-09, 01:11 PM

What steps would I take to determine that?

johnhu_2005 · 08-01-09, 01:29 PM

Stumped me, never used Onecare before. I only trust Avira and NOD32...

Here is a picture on an Onecare detection. You should the location by "File Location".

Trojan:Win32/Agent could possibly be a false positive. Since Onecare pops up every time something synced, could there be malware on the Axim? But then again, there aren't many Pocket PC malware in the wild...

So location is what we need to determine if it is a false positive or not.

Jogga · 08-01-09, 03:34 PM

Microsoft OncCare lists this agent as a backdoor trojan.

Make sure that you are up to date with MS patches and spyware removal applications.

To check if OneCare has quarantined click Change Settings (Quick Links) on your OneCare control panel (if you get a warning, click OK) and then the Viruses and Spyware tab. Click on the Quarantine option and that will give you details of where the spyware is located.

Stu-be · 08-02-09, 02:09 PM

When I follow this proceedure through to the quarantine button, there are no items quarantined. (Remember, this is REMOVED every time I run the proceedure.) Should I try to manually add this to the quarentine list?
I appear to be up to date on all MS patches.

johnhu_2005 · 08-02-09, 03:33 PM

Does it automatically remove it? If so, try to get a manual prompt. Then find the location of the file(s)

Jogga · 08-03-09, 01:18 PM

Originally Posted by Stu-be

When I follow this proceedure through to the quarantine button, there are no items quarantined. (Remember, this is REMOVED every time I run the proceedure.) Should I try to manually add this to the quarentine list?
I appear to be up to date on all MS patches.

Yes, my vote would be to quarantine this file (if it OneCare gives you the option). If you can't quarantine the file, you'll need to remove the file by running OneCare in Safe mode.

Relavant OneCare Forum Thread

Instructions for running OneCare in safe mode.

You could also try removing the infection with Spybot S&D :approve:

Stu-be · 08-04-09, 01:32 PM

Thanks Jogga,
Your recommendation was exactly correct. I appreciate the link to the "Relavant OneCare Forum Thread." This was precisely the issue. I got with Window's OneCare as recommended at this site, and they were most helpful in assisting in the Trojan's removal. Once again both laptop and Axim are functioning without the problem.

Jogga · 08-04-09, 04:06 PM

Groovy! :approve: I'm glad that I could be of assistance.