hope you can help with this one!

I've got a home network with a number of PC's and Mac's on it and one of the PC's started having trouble with the wireless after each reboot, in addition to this I noticed (after much looking) that the machine was trying unsuccessully to log on via http to my router.

The machine is 'protected' by Onecare and I ran I full scan from that, then removed onecare and did a full kaspersky scan, both came up negative with nothing found.

In the end I reinstalled Windows (sadly I coudnt do a format and clean install, but did install over the top of the old version), this sorted the wireless issue, however I've noticed that the log on attempts continue.

In addition to this another PC on the network (also runnning onecare for protection) is trying to log on to the router numerous times.

The router is a Speedtouch, both macines are running XP.

I have followed all requested instructions and have run ATF cleaner, windows removal tool, malwares (found nothing), ran EST online scanner (found Win32/Agent.OBH - report attached), I have tried to run DSS however it crashes at Examining Event Logs.

I would greatly appreciate if someone can have a look and let me know their thoughts on what this could be.

Many thanks


# version=4
# OnlineScanner.ocx=
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3353 (20080813)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=661d8fc7d2ce8e4fb963c2a105c6c49f
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-13 10:34:57
# local_time=2008-08-13 11:34:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=193819
# found=1
# scan_time=3155
C:\STOREDSTORED\rosetta stone\Rosetta.Stone.V3.Patch\Rosetta.Stone.V3.Patch.exe	Win32/Agent.OBH trojan	AFECB9656847144133E1D779CFBDA73D
Malwarebytes' Anti-Malware 1.24
Database version: 1050
Windows 5.1.2600 Service Pack 3

22:39:30 13/08/2008
mbam-log-8-13-2008 (22-39-30).txt

Scan type: Quick Scan
Objects scanned: 45142
Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Conexant HDA D110 MDC V.92 Modem
ESET Online Scanner
HijackThis 1.99.1
Hotfix for Windows XP (KB952287)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Protection Service
Microsoft Windows Live OneCare Resources v2.5.2900.03
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.03
Microsoft Windows OneCare Live v2.5.2900.03 Idcrl Install
PX Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SigmaTel Audio
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006
Windows Internet Explorer 7
Windows Live OneCare
Windows XP Service Pack 3
10 Years
Discussion Span
Last Post by notcoolzeus

Its the infected PC on the home LAN that is trying to access the router. Incidentally I also have another computer with the same behaviour so I'm guessing this something on both of them.



I can delete the folder no probs, however wasnt sure if this was best to do first as it seems very strage that neither onecare nor caspersky can spot the virus. I wasnt sure if you guys on here like looking at new strains?

I'll delete in a mo and reboot if thats ok?


Yup i got the same problem, my computer tries to login to the router via http using various user/passwords such as admin, motorola, badcred. It does this exactly every minute. Anti-virus finds nothing. Shrugs, FYI. Gonna wipe the hard drive and reinstall windows.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.