locked
Help with Windows Defender NOT deleting Trojan:Win32/AgentBypass.gen!K RRS feed

  • General discussion

  • Is there anyone out there who can help me.  I have Windows Vista and every time I startup my computer, Windows Defender comes up with Severe and I should delete Trojan:Win32/AgentBypass.gen!K.  I do the removal, but it doesn't remove it and it keeps coming up when I startup my computer again.  How can I get rid of it please!
    Also, when I do a "cleanup" on my computer it won't delete/get rid of JET9980.tmp.  It says that the program is in use and won't let me send it to the rubbish bin.   Any ideas on how I can get rid of these items?

    zirean
    Wednesday, January 14, 2009 10:51 AM

All replies

  • I am having the same problem with Defender. So I signed up for Live Onecare and it said that it quarantined it, but when I look at the quarantine page, it is not there. Everytime that I go online, there it is again. And once more it says that it has quarantined it. It has not. I am using Windows XP service pack 2.
    Wednesday, January 14, 2009 10:20 PM
  • Zirean, you are off topic for this forum, since you are referring to Defender. However, part of my response to KatFace is also applicable to you.

    As for the .tmp file, it can't be deleted because the file is in use - that is, it is being held open by another program. You can boot to Safe Mode and delete it, probably, but I would simply leave it be.

     

    KatFace:

    Since you are using Windows Live OneCare and you have been infected, but OneCare cannot permanently remove the malware, please contact support to report this and for help with removal.
    Note that Defender and OneCare are built on the same engine and the signatures come from the same place within Microsoft, so it doesn't surprise me that OneCare can't deal with it is Defender can't - unfortunately.

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Thursday, January 15, 2009 3:07 PM
    Moderator
  • This is a support forum - referring to phone support is not very helpful here, I think, sorry for the criticism, Stephen. Many people with the same problem find this very thread in their search engines, and hope for a solution.
    That said, my research on the Internet shows that both Windows Live OneCare and Defender find this Trojan:Win32/AgentBypass.gen!K, say they stopped the process and quarantined the Trojan. Interestingly, many of these reports are on systems that have Free Download Manager installed. (So do I )
    However I haven't found out whether that means that WLOC / Defender have a false positive in one of their latest definition updates, or that in fact Free Download Manager is infected. I'v had FDM for years and only just recently WLOC started reporting this Trojan.
    Oh by the way, I am very unhappy that WLOC gives me neither a filename or Process ID or any detailed information at all. Supposedly Defender shows a PID, at least, but WLOC replaces Defender...
    Wednesday, February 4, 2009 12:07 AM
  • habnix said:

    This is a support forum - referring to phone support is not very helpful here, I think, sorry for the criticism, Stephen. Many people with the same problem find this very thread in their search engines, and hope for a solution.
    That said, my research on the Internet shows that both Windows Live OneCare and Defender find this Trojan:Win32/AgentBypass.gen!K, say they stopped the process and quarantined the Trojan. Interestingly, many of these reports are on systems that have Free Download Manager installed. (So do I )
    However I haven't found out whether that means that WLOC / Defender have a false positive in one of their latest definition updates, or that in fact Free Download Manager is infected. I'v had FDM for years and only just recently WLOC started reporting this Trojan.
    Oh by the way, I am very unhappy that WLOC gives me neither a filename or Process ID or any detailed information at all. Supposedly Defender shows a PID, at least, but WLOC replaces Defender...



    This is a peer to peer support forum for WIndows Live OneCare. It is not a support forum for help in removing malware. If someone is using OneCare and is infected, yes, you can manually address the problem on your own. However, contacting support gets the problem resolved *and* makes Microsoft aware of the fact that the infection was missed or not cleaned properly - which allows this information to be passed to the antimalware team to be addressed.
    The same is true for a false positive. If you believe OneCare is flagging something in error - the appropriate path is to report this to Microsoft: 

    http://social.microsoft.com/Forums/en-US/onecareanti-virus/thread/6a1361cb-ae28-4d0b-94df-ae2ae890de29

    -steve

    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Wednesday, February 4, 2009 4:25 PM
    Moderator