[Andering REDDSON]

¿What is Downloader.Agent?
I keep getting this virus report of “Downloader.Agent” and the only place it could have come from is here. ¿Anyone know what the Hell it is?

[Lois]

It's a Trojan.  I did a Google search.

I've had good luck with using smitfraudfix for cleaning trojans - it is free.
http://www.precisesecurity.com/tools-resources/adware-tools/smitfraudfix/

Found this download too, but don't know if it's free:
http://www.2-spyware.com/remove-trojan-downloader-agent-dn.html

[RopeFiend]

Drop me a line if you can't get rid of it.  It sounds like you got rid of most of the infection, but the little piece of shit that's trying to bring it all in again is still there.  The 'Downloader.Agent' is the first step in a series of infections, and you need to eradicate it as soon as possible.  I don't THINK it's here anywhere, but I haven't walked across every page on RavishU.

With some of those things they wait a few days before they start to pull stuff down, just so you're less aware of where the initial infection came from.  It could have come from *anywhere*, even a totally innocent Google search result.  Google hasn't been very good at removing malware domains in the last couple of months.

Also, they've gotten creative in how malware is transmitted.  The initial infection is usually an encrypted chunk or series of chunks that most AV programs can't detect.  They're assembled later into the actual downloaders or trojans, and that's when your AV program notices 'em and fires a warning.  HijackThis!  will help to remove any crap, but you *have* to be very careful in what you remove.  I can walk you through the steps if you need.

[Andering REDDSON]

Ok, here’s what I know; It was attached to a download I tried to make from this site (the Ann COULTER interview). My computer caught it, ¿but what the Hell is it? ¿What does it do? For all I know it’s a good thing, but I can’t assume that with out knowing what it is and what it does…

[RopeFiend]

It doesn't SOUND good, especially if your antivirus program caught it.  Lemme check and get back with you.  (searching in the background for 'coulter'...)

If you mean the embedded YouTube video in the 'Democrats ...where is your God NOW?' post, that's YouTube.    I don't think that's it or YouTube would be catching six kinds of hell from White Knights like me.  It's a VIEW link, not a download...  here's the embedded URL

Code: [Select]

http://www.youtube.com/watch?v=HuTqgqhxVMc
the new EMBED VIDEO thingy here uses the SWF player from YouTube to display that video.  It's conceivable that YouTube could be infected, but I'd bet my nuts that they're not or you'd have heard it.  The EMBED VIDEO thing uses the SWF applet from the associated video site, and all of 'em it supports are currently clean.  If I hear of ANY of the sites getting suborned, I can eliminate that web site from the 'allowed' list.

[RopeFiend]

From your description, it was an already-existing infection that triggered when you hit the video, assuming it's not a 'false positive' from your AV program, that is.  There's all sorts of 'download helpers' available, some good, some bad.  I use one with FireFox.  Some are malware or trojans, which may be what you have.

I'm getting WAY too many search hits on 'Downloader.Agent', about 117,000 to be exact.  Which AV program are you running?  or do you know the actual name of the file it's complaining about?  It's bound to be in your IE temp files area, something like this:
C:\Documents and Settings\<your profile>\Local Settings\Temporary Internet Files\Content.IE5\<random crap>\(some probably random filename.exe)
the file name might not help, but it may help to identify the sucker if it's not a random string of garbage.
I'm taking a wild-assed guess that you're running IE and not FireFox.

just clearing the IE cache might get rid of it if you're lucky, but it's probably hanging in there somewhere as a BHO (browser helper object) as well, and we need to break that link first or Windoze won't let you delete it.

Grab a copy of HijackThis! from here: http://www.spywareinfo.com/~merijn/programs.php and then run it with the 'Do a system scan and save a logfile' option.  PM or mail it to me (don't post it in the open here!) and we'll look from there.

BTW, there's a real good self-help WIKI here: http://wiki.castlecops.com/   I've been a (mostly silent) member of CastleCops for 4 or 5 years now, still doin' my part in the background to help keep people safe.

[Andering REDDSON]

I'm taking a wild-assed guess that you're running IE and not FireFox.

Not a lucky guess- It’s the reason I can use fancy fonts (firefox hates charmap).
For all I know, it’s supposed to be there. I’m just curious what it is (it’s gone now).

[RopeFiend]

Maybe you're lucky and the AntiVirus program finally nailed it, or it was a brief 'false positive' that disappeared with a newer update of the detection database.  I'd almost bet on the second one.  Shit happens ALL the time.  Someone may have submitted the chunk of code to your AV vendor, and they thought it looked like a real trojan until they got 10,000,000 complaints all of a sudden.  I'd almost lay money on that one.

Seems like everyone in the world wants to drop some sort of 'download accelerator' on ya.  Adobe tried that shit with one of their Acrobat updates, and I told 'em to fuck off and switched to the Foxit PDF reader.  I *really* hate it when someone wants to 'improve my browsing experience'.  I'm fine, thanks!  I don't need yer stinkin' toolbar, I already have a perfectly good SEARCH (thanks), and whatever it is will just clutter things up even more.