Spy-Agent.bw!mem - Computer Support Forums

Jags1888 · 29-05-2009, 08:35 PM

Hey everyone this is my first post and i'm kinda new to this stuff and ran into a problem this morning..I was running a scan on mcafee and this popped up saying it couldn't be quarantined and that the termination failed.the two file names it is under is Windows\system32\twext.exe and system32\winlogon.exe. any help would be appreciated thanks in advance.

**RandyL** · 29-05-2009, 08:56 PM

Hi Jags;
Type msconfig in the run box. Click the startup tab. If there is a winlogon listed disable it and restart your computer.

Follow the steps below and if need be run SuperAntispyware and Malwarebytes in safe mode.

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

It is in your best interest to note the following:

Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
Perform all the steps in the order listed to avoid any conflicts.
If unsure, please stop and voice your doubts.
You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.

If you stick to the above guidelines, all should go smoothly.

================================================

STEP 1

Download ATF-Cleaner by Atribune.
Save the file to your Desktop.
Double-click on the file to run the program.
On the Main tab, check the Select All button.
Next, click on the Firefox tab (if applicable) and check the Select All button.

Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
Now, click on the Opera tab (if applicable) and check the Select All button.

Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
Click on the Exit button to quit the program.

================================================

STEP 2

Please click here to download Malwarebytes' Anti-Malware.
Save the file to your Desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, make sure a check mark is placed next to:
1. Update Malwarebytes' Anti-Malware
2. Launch Malwarebytes' Anti-Malware
Click Finish.
The program will download and update itself if it finds the necessity to do so. Please allow this.
Once the program has loaded, select Perform full scan, then click Scan.

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.
When the scan is complete, click OK, and then Show Results to view the results.
Make sure that every entry is selected, and click Remove Selected.
Restart your computer.

================================================

STEP 3

Please click here to download SUPERAntiSpyware (Free Version).
Save the file to your Desktop.
Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
Open SUPERAntiSpyware.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following fields checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left, make sure you check mark All the Fixed Drives.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
Make sure every entry has a check mark next to it and click Next.
A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.
Restart your computer.

================================================

STEP 4

Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.

Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
Check mark the YES, I accept the Terms of Use box.
Click the Start button.
Click the Install button on the following screen.
Click Start. This will will initialize and update the scanner engine.
Check mark the box beside Remove found threats.
Click the Scan button. This will start the scan. Please be patient while it is in progress.
Restart your computer.

================================================

STEP 5

Click on Start > Programs > Accessories > System Tools and select System Restore.
Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
Next, click on Start > Run, type Cleanmgr and click on OK.
Click on the More Options tab.
Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.

This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Jags1888 · 29-05-2009, 09:01 PM

alright thank you. i will try it in a little bit. but of course i'm wondering what it will do? will i lose anything on my computer? i do have an external hard drive..

**RandyL** · 29-05-2009, 09:07 PM

From what I read on this one probably not. However anytime I see the winlogon listed anywhere I would make a new Administrator account just to be safe.

But from what I've read on the Mcafee site you shouldn't have any problems.

Of course backing up is always a good idea whether you are infected or not.

Jags1888 · 29-05-2009, 09:12 PM

i have everything backed on my hard drive i'll check before i start. so after all this is done my computer will be set up the exact same and look just like it does now?

**Plastic Nev** · 29-05-2009, 10:24 PM

Hi Jags,
If you follow all the above instructions carefully as Randy states, everything will be just fine and nothing will be lost, except of course the nasty malware that is causing the problem.

Jags1888 · 02-06-2009, 04:36 AM

Alright. so i was about to follow the steps as he suggested. and i decided to scan one more time to make sure nothing had changed. and everything was good? is that a good sign? or is that a bad sign that i just lost it? and thanks to everyone for helping me.

**RandyL** · 02-06-2009, 06:02 AM

I can think of a few reasons why this happened but you really should follow our guide anyway. Once infected it's best to play it safe. Once you do all the scans and are sure you are clean and your system is performing well look at the last step about System Restore. You wouldn't want it to come back.

Jags1888 · 02-06-2009, 03:38 PM

so i can just do step 5 to make sure i don't have it?

Jags1888 · 02-06-2009, 03:46 PM

i will just do alll of this to be sure. do i just disable all of mcafee or can i leave it running? i have the package thing..

29-05-2009, 08:35 PM	#1 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	Spy-Agent.bw!mem Hey everyone this is my first post and i'm kinda new to this stuff and ran into a problem this morning..I was running a scan on mcafee and this popped up saying it couldn't be quarantined and that the termination failed.the two file names it is under is Windows\system32\twext.exe and system32\winlogon.exe. any help would be appreciated thanks in advance.

29-05-2009, 08:56 PM	#2 (permalink)
RandyL Status: Administrator Join Date: Jan 2006 Location: USA, Nebraska Posts: 3,171 Operating System: Vista-Home Premium SP2-Windows 7 PC Experience: Very Experienced	Hi Jags; Type msconfig in the run box. Click the startup tab. If there is a winlogon listed disable it and restart your computer. Follow the steps below and if need be run SuperAntispyware and Malwarebytes in safe mode. Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. It is in your best interest to note the following: Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process. Perform all the steps in the order listed to avoid any conflicts. If unsure, please stop and voice your doubts. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference. If you stick to the above guidelines, all should go smoothly. ================================================ STEP 1 Download ATF-Cleaner by Atribune. Save the file to your Desktop. Double-click on the file to run the program. On the Main tab, check the Select All button. Next, click on the Firefox tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt. Now, click on the Opera tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt. Press the Empty Selected button and click OK to acknowledge the corresponding prompt. Click on the Exit button to quit the program. ================================================ STEP 2 Please click here to download Malwarebytes' Anti-Malware. Save the file to your Desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, make sure a check mark is placed next to: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Click Finish. The program will download and update itself if it finds the necessity to do so. Please allow this. Once the program has loaded, select Perform full scan, then click Scan. Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process. When the scan is complete, click OK, and then Show Results to view the results. Make sure that every entry is selected, and click Remove Selected. Restart your computer. ================================================ STEP 3 Please click here to download SUPERAntiSpyware (Free Version). Save the file to your Desktop. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program. Open SUPERAntiSpyware. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following fields checked: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left, make sure you check mark All the Fixed Drives. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK. Make sure every entry has a check mark next to it and click Next. A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu. Restart your computer. ================================================ STEP 4 Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan. Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu. Check mark the YES, I accept the Terms of Use box. Click the Start button. Click the Install button on the following screen. Click Start. This will will initialize and update the scanner engine. Check mark the box beside Remove found threats. Click the Scan button. This will start the scan. Please be patient while it is in progress. Restart your computer. ================================================ STEP 5 Click on Start > Programs > Accessories > System Tools and select System Restore. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore. Next, click on Start > Run, type Cleanmgr and click on OK. Click on the More Options tab. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one. This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files. Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong. Re-enable all your security applications and please return here and tell us how the computer seems to be operating. __________________ We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here

29-05-2009, 09:07 PM	#4 (permalink)
RandyL Status: Administrator Join Date: Jan 2006 Location: USA, Nebraska Posts: 3,171 Operating System: Vista-Home Premium SP2-Windows 7 PC Experience: Very Experienced	From what I read on this one probably not. However anytime I see the winlogon listed anywhere I would make a new Administrator account just to be safe. But from what I've read on the Mcafee site you shouldn't have any problems. Of course backing up is always a good idea whether you are infected or not. __________________ We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here

29-05-2009, 10:24 PM	#6 (permalink)
Plastic Nev Status: Super Moderator Join Date: Oct 2008 Location: Lancashire Posts: 1,718 Operating System: Windows XP plus Windows 7 Pro PC Experience: Sounds and music man	Hi Jags, If you follow all the above instructions carefully as Randy states, everything will be just fine and nothing will be lost, except of course the nasty malware that is causing the problem. __________________ Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. ---------------------------------------------------------------------- God gave us the bad bits to test us. Then gave us beer to help. I installed Windows!! Should I install curtains as well? Why the fuss over Windows 7? I have three at the front and four at the back of my house all the time.

02-06-2009, 06:02 AM	#8 (permalink)
RandyL Status: Administrator Join Date: Jan 2006 Location: USA, Nebraska Posts: 3,171 Operating System: Vista-Home Premium SP2-Windows 7 PC Experience: Very Experienced	I can think of a few reasons why this happened but you really should follow our guide anyway. Once infected it's best to play it safe. Once you do all the scans and are sure you are clean and your system is performing well look at the last step about System Restore. You wouldn't want it to come back. __________________ We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here

29-05-2009, 09:01 PM	#3 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	alright thank you. i will try it in a little bit. but of course i'm wondering what it will do? will i lose anything on my computer? i do have an external hard drive..

29-05-2009, 09:12 PM	#5 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	i have everything backed on my hard drive i'll check before i start. so after all this is done my computer will be set up the exact same and look just like it does now?

02-06-2009, 04:36 AM	#7 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	Alright. so i was about to follow the steps as he suggested. and i decided to scan one more time to make sure nothing had changed. and everything was good? is that a good sign? or is that a bad sign that i just lost it? and thanks to everyone for helping me.

02-06-2009, 03:38 PM	#9 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	so i can just do step 5 to make sure i don't have it?

02-06-2009, 03:46 PM	#10 (permalink)
Jags1888 Status: Free PC Help New Member Join Date: May 2009 Posts: 10 Operating System: Windows XP - Media Center Edition PC Experience: Beginner	i will just do alll of this to be sure. do i just disable all of mcafee or can i leave it running? i have the package thing..

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search