You are here: precisesecurity.com » Trojan » Trojan:Win32/AgentByPass.gen!K

Trojan:Win32/AgentByPass.gen!K

Posted: 8 December 2008 | Under: Trojan

Trojan:Win32/AgentBypass.gen!Kparty software. Commonly affected files are explorer.exe, svchost.exe, lsass.exe, iexplore.exe, outlook.exe, msimn.exe, services.exe, csrss.exe, winlogon.exe, smss.exe, firefox.exe, thunderbird.exe, icq.exe, yahoomessenger.exe, ypager.exe, and msnmsgr.exe . In addition, Trojan:Win32/AgentBypass.gen!K also interfere with your connection to security-related web sites making sure that no updates will be downloaded onto the infected computer.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista/7

Characteristics
When Trojan:Win32/AgentBypass.gen!K is executed, it will connect to specified command and control (C&C) server. When connection is established, the Trojan then downloads a malicious file. This file is hard to identify due to random file name it is utilizing. Trojan:Win32/AgentBypass.gen!K then infects certain system files in order to initiate its command each time you start Windows.

There is also an observation that Trojan:Win32/AgentBypass.gen!K Trojan is utilized to alter settings of victim’s Internet browser. Effects of these changes can be browser redirection, search result hijacking, and unknown home page setting. However, search result hijacking is apparent to most victims. Report shows that after using Google to search the web, user will be redirected to unknown web site after clicking on any of the result. This however leads to an income generating action. The landing page delivers advertisements that when clicked or viewed will earn a profit for the referrer.

Distribution
Trojan:Win32/AgentBypass.gen!K normally spreads on spam email messages. It is attached to an email with deceptive messages prompting recipient to open the file. When executed, Trojan:Win32/AgentBypass.gen!K checks the computer for installed antivirus program and disable it.

Signs and Symptoms of Trojan:Win32/AgentByPass.gen!K Infection:

Trojan:Win32/AgentByPass.gen!K will disable your antivirus program
Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus program. Trojan:Win32/AgentByPass.gen!K carry out this task to ensure that antivirus software will not respond on the attack.

Blocks Internet access to security web site
Trojan:Win32/AgentByPass.gen!K attacks the center of the security system. Aside from disabling antivirus software, this Trojan also blocks your access to security web site to prevent downloading of any removal tools.

Presence of Trojan:Win32/AgentByPass.gen!K reduces PC's performance
Trojans are known to reside in the memory, thus, it can consume resources that can cause computer to slow down. There are cases that infected computer crashes due to insufficient resources.

Other Functions of Trojan:Win32/AgentByPass.gen!K:

  • Trojan:Win32/AgentByPass.gen!K can communicate to a remote server to download more threats
  • It can infect executable files on the local and network drives
  • Trojan:Win32/AgentByPass.gen!K connects to a distant server to update its configuration
  • Some variants of Trojan:Win32/AgentByPass.gen!K can destroy system files making the computer unstable
  • This Trojan can allow a backdoor entry for an attacker to control the infected PC

How to Remove Trojan:Win32/AgentByPass.gen!K

Step 1 - Run a thorough scan using your antivirus program

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Trojan:Win32/AgentByPass.gen!K

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.

SafeMode

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.

Step 2 - Double-check with Online Virus Scanner

Another way to remove Trojan:Win32/AgentByPass.gen!K without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Scan

6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Step 3 - Automatic Removal of Trojan:Win32/AgentByPass.gen!K files and registry entries

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks.

22 Comments »

  • 1 }
    silvia said:

    I have not had success with anything
    S.O.S.
    How can I delete the virus?

  • 2 }
    rodrigo said:

    I used windows live care, microsoft anti virus

  • 3 }
    jtbdjp said:

    I have had this trojan on my Toshiba Laptop since the 10th of January 2009. Running Windows VISTA Home Premium. To date I have found nothing that will get rid of it, McAfee, Spyware Doctor, Spybot Search & Destroy.
    None of my Windows XP Pro machines have been affected and they are on the same network.

  • 4 }
    Jeff said:

    I have the Trojan:Win32/AgentByPass.gen!K that I somehow picked up around January 7th 2009. I can’t seem to get rid of it!!!!!!!!!

    Everytime I start my computer Windows Defender states it found Trojan:Win32/AgentByPass.gen!K and then I select the option to remove it. Defender states it was sucessfully removed, but the next time I start up my computer it is back again…

    I have also ran AVAST, Defender, SuperAntiSpyare, Spybot, and Adaware detail scans. They find nothing.

    Can anyone help me????? Please!!!!!

    Thank You
    Jeff
    jdowney@systemgroupinc.com

  • 5 }
    sonya said:

    avest told us to run a system scan before rebooting and deleted the infected files and it seems to have solved the problem hope this helps

  • 6 }
    webmaster (author) said:

    PreciseSecurity is still waiting for a copy of this virus to be able to establish a removal procedure. In the meantime, someone claimed that a combination of Kaspersky Online Scan and SuperAntiSpyware can remove it.

  • 7 }
    Jeff said:

    I STILL have the Trojan:Win32/AgentByPass.gen!K that I picked up around January 7th 2009. I just can’t get rid of it!!!!!!!!!

    I have also ran Malwarebytes, AVAST, Defender, SuperAntiSpyare, Spybot, and Adaware detail scans. Many times @ approx 6-8 hours per full scan. They find nothing, and everytime I boot up my PC Windows Defender reports that it found this virus again…

    Can anyone help me????? PLEAEE, PLEASE, Please!!!!!

    Thank You
    Jeff
    jdowney@systemgroupinc.com

    PS: I am trying/hoping that I will not have to reformat my computers Several Terabytes of disk…

  • 8 }
    saikrishna pawar said:

    agentbypassgen!k is due to free download manager software…
    if u have the software installed in your system then uninstall it….
    it can solve ur problem…
    cheers,
    sai.

  • 9 }
    Denny said:

    Thank you saikrishna for your advice. I’ve been trying to get rid agentbypass for 6 weeks now.Thanks again.

  • 10 }
    Jason said:

    Thank god I checked out this little hint by saikrishna, as I too have been frustrated by that little prick of a trojan, that nothing on this earth would find (apart from Wondows Defender) let alone remove permanently.
    I did however take saikrishna’s advice and uninstall my free download manager….and hey presto…no more problems!
    A huge thanks!!!

  • 11 }
    Jose said:

    Is it possible to get this virus with firefox, & thunderbird ?

    cheers

  • 12 }
    Keyser Soze said:

    I removed this virus with Windows Defender from MS.

  • 13 }
    David said:

    On my machines it appears to be related to the Free Upload Manager component of Free Download Manager. You can change the settings to disable the free upload manager component & the problem will go away, but still leave the free download manager to do it’s stuff. :-)

    David

  • 14 }
    Mihalis said:

    My PC is also infected with this trojan that only defender seems to find. How do I find and uninstall this Free Download Manager? I looked in the list of programs installed by starting the control panel “add or remove programs” but could not see anything called Free Download Manager or Download Manager. Any help will be appreciated.

    Mihalis

  • 15 }
    Capricorn said:

    The actual culprit appears to be fumoei.exe, which gets installed with Free Download Manager.

  • 16 }
    dude said:

    i too have this pesky trojan…

    and WinDef keeps bugging me that its a threat, can’t seem to get rid of it after a lot of scans and quarantines…

    need help here guys…no free download manager on my program list

  • 17 }
    epic said:

    dude i have the exact same problem as you, windef is the only prog that finds this, and seems unable to remove it. avg doesn’t see any problems at all. no download manager. is this a windef problem or a real infection, anyone?

  • 18 }
    modz04 said:

    that is not a windows defender problem..windef only detects it but cannot remove it..moreover,..this pesky trojan can be removed using Malwarebytes AntiMalware…it works..i experienced it myself..now im agentbypass.gen!k free~..hope this helps..

  • 19 }
    hateromalware said:

    Hey… Y’all…. News flash! WinPC Defender is malware. Some of you need to stop feeding on peoples’ ignorance. The rest of you need to research and not believe the first thing you read.

  • 20 }
    keu calalo said:

    I’ve had the same problem. licensed nod32 removed it.

  • 21 }
    Karin said:

    I’ve removed download manager and everythings seems fine, all of a suden my bitdefender cant update, and if I go to any antivirus program through Firefox it only said “page cannot be desplayed” help please

  • 22 }
    Miquong said:

    “Windows Defender” is not malware. It is a free anti-spyware program from by Microsoft. I don’t think anyone here is talking about “WinPC Defender”.

Leave your response!