I have previous posted about the Windows threat ‘Trojan.downloader.uj’ and that I have build a removal help tool for it.
I think it would be best for all if I post here some removal steps for this special threat which is really tricky, since it is a trojan but uses userland rootkit techniques.
Here are the steps:
Or you can try Grisoft AVG Anti-Rootkit Beta 1.0.0.13, but be careful it is a beta!
Thats’s all the threat should be removed now.
Aliases for this threat are:
| Antivirus | Alias |
| AntiVir | TR/Dldr.Agent.uj.1 |
| Authentium | W32/Downloader.LTB |
| Avast | Win32:Agent-IU |
| AVG | Downloader.Agent.BAH |
| BitDefender | Trojan.Downloader.FFZ |
| CAT-QuickHeal | TrojanDownloader.Agent.uj |
| ClamAV | Trojan.Downloader.Agent-262 |
| DrWeb | Trojan.DownLoader.4316 |
| eTrust-InoculateIT | Win32/SillyDL.51200!Trojan |
| eTrust-Vet | Win32/Alureon.Y |
| Ewido | Downloader.Agent.uj |
| Fortinet | RuinDl.G!tr |
| F-Prot | security risk named W32/Downloader.LTB |
| F-Prot4 | W32/Downloader.LTB |
| Ikarus | Trojan-Downloader.Win32.Agent.uj |
| Kaspersky | Trojan-Downloader.Win32.Agent.uj |
| McAfee | Downloader-ASI |
| Microsoft | TrojanDownloader:Win32/Agent.RR |
| NOD32v2 | a variant of Win32/Small.FB |
| Norman | W32/DLoader.NNL |
| Panda | Trj/Ruins.MB |
| Sophos | Troj/RuinDl-G |
| Symantec | Downloader |
| TheHacker | Trojan/Downloader.Agent.uj |
| UNA | TrojanDownloader.Win32.Agent.68D6 |
| VBA32 | Trojan.DownLoader.4316 |
I hope this is helpful.
Regards,
Vinzenz Feenstra