Windows 8 and 8.1 Forums


RogueAgent/Gen-Nullo - Trojan

  1. #1


    Posts : 136
    Windows 8.1

    RogueAgent/Gen-Nullo - Trojan


    I realise now that it is this Trojan that has infected my laptop. I cannot remove it with SuperAntiSpyware . I scan my laptop twice a day with SuperAntiSpyware and check for this threat to be removed, but it is not removed as the same threat is detected everytime I do a scan. I have scanned with Malwarebytes and Spybot but cannot remove it.

      My System SpecsSystem Spec

  2. #2


    Try with some of this programs : MG Search - MajorGeeks
      My System SpecsSystem Spec

  3. #3


    Posts : 136
    Windows 8.1


    Quote Originally Posted by CountMike View Post
    Try with some of this programs : MG Search - MajorGeeks
    Thanks for the link but I don't have to licence to start repairing the problems detected for this program. I have got a licence for both SuperAntiSpyware and Malwarebytes and neither of them can remove this Trojan and I don't know if this one can either.
      My System SpecsSystem Spec

  4. #4
      My System SpecsSystem Spec

  5. #5


    Posts : 136
    Windows 8.1


    Quote Originally Posted by CountMike View Post
    Thanks for the link but I am not sure about this one. Thanks anyway.
      My System SpecsSystem Spec

  6. #6


    The infection is actively running in the background when you try to delete it, so it is not fully uninstalled.

    Rogue.Agent/Gen-Nullo Dll is often related to browser hijackers that are affiliated with Z0g7yail.com, a site that redirects search engine results to deliver affiliate-funding traffic to itself. Some Z0g7yail.com infections may also include Trojans such as Trojan.Agent/Gen-Alureon
    D/L & run RKill to terminate the process & then run Malwarebytes.

    RKill Download

    As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
    Another alternative is to boot into safe mode & run Malwarebytes.

    D/L & Run Norton Power Eraser. In the R Hand corner, click on "Settings", make sure "Include Rootkit Scan" is unchecked (NPE has caused occasional problems in this area with Win 8/8.1)

    https://security.symantec.com/nbrt/npe.aspx

    Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
    Next, D/L & run TDSSKiller, click on "change parameters" & make sure the "Detect TDLFS file system" is checked. If any threat is found, delete it. In most instances you will have to reboot.

    Your other option would be to restore back to a point before the infection. Since most malware nowadays embeds itself in the 1st restore point, restoring to the 2nd or 3rd point prior to the infection is recommended.
      My System SpecsSystem Spec

  7. #7


    Posts : 136
    Windows 8.1


    D/L & run RKill to terminate the process & then run Malwarebytes.
    I have already d/l and run Rkill when I could not open Malwarebytes (I started a separate thread on that). I realise now that it was this RogueAgent/Gen-Nullo that had infected my laptop and was stopping Malwarebytes starting.


    Another alternative is to boot into safe mode & run Malwarebytes.
    I have run Malwarebytes but it is not removing this threat and SuperAntiSpyware is detecting the threat but is not removing it.


    I have searched for this threat and found it in my C: drive but cannot remove it. I thought I would try and remove it before doing a system restore. Thanks for the links I will try Norton and DSS Killer.

    Have d/l Norton and it found that I had an old version of Java but did not find this trojan and I downloaded the DSS Killer but that found no threats. I will remove the old version of Java and I think I will probably have to do a system restore to an earlier point. Thanks for your help.
      My System SpecsSystem Spec

  8. #8


    When you are attacked by Rogue.Agent/Gen-Nullo Dll, it will steal your confidential or sensitive data. Failure to remove malware associated with the Rogue.Agent/Gen-Nullo Dll file from your computer system may result in the possible disclosure of your personal data, as well as increasing the risk for identity theft and other kinds of online fraud.
    In otherwords, keep an eye on your online accounts. You should probably change the passwords on those once you get rid of this PIA.

    I did a search for manual removal. I found these instructions, although a bit generic, you might want to give them a try. Make a backup of your system/restore point just in case. If you can't delete them in standard mode, try running in safe mode.

    Before you give the manual method a go, try running these & see if they weed it out. Might be a good idea to run RKill before you run these tools. That should give them a better chance of success. At this point, you should run RKill before running any of the tools to give them a chance of removing it. Did you run RKill before you ran MBam & SuperAntiSpyware?

    Malicious Software Removal Tool

    Download Malicious Software Removal Tool from Official Microsoft Download Center

    RogueKiller

    RogueKiller Download

    AdwCleaner

    AdwCleaner Download

    And here is the manual removal info I found....so far...

    Open task bar by pressing CTRL + DEL + ALT and terminate all the process related to Rogue.Agent/Gen-Nullo Dll threat.
    Open Registry Window by typing “regedit” in Run window.
    Once it opens search the registry files related to Rogue.Agent/Gen-Nullo Dll and delete all of them.
    Search all the Rogue.Agent/Gen-Nullo Dll related files manually in your system and delete them.
    Delete Rogue.Agent/Gen-Nullo Dll files and folders:

    * %Program Files%\Rogue.Agent/Gen-Nullo Dll\Rogue.Agent/Gen-Nullo Dll.exe
    * %UserProfile%\Desktop\Rogue.Agent/Gen-Nullo Dll.lnk
    * %UserProfile%\Start Menu\Rogue.Agent/Gen-Nullo Dll\Rogue.Agent/Gen-Nullo Dll.lnk
    * %UserProfile%\Start Menu\Rogue.Agent/Gen-Nullo Dll\Help.lnk
    * %UserProfile%\Start Menu\Rogue.Agent/Gen-Nullo Dll\Registration.lnk
    * %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Rogue.Agent/Gen-Nullo Dll.lnk
    Note: Found this site with a more definitive list of items/reg keys (Starting 1/2 way down the page). It's an older post but my prove useful.

    Remove Rogue.Agent/Gen-Nullo (Removal Guide), How To Remove Rogue.Agent/Gen-Nullo | Cleanpcguide.com
    Last edited by Borg 386; 09 May 2014 at 15:07.
      My System SpecsSystem Spec

  9. #9


    And another one to try (free) - the download is about half way down the page
    Free Virus Removal Tool | Sophos Antivirus and Malware Removal Tool

    Takes a long time to do its thing but it has detected malware on my machine that others missed. A very good on-demand scanner.
      My System SpecsSystem Spec

  10. #10

    please go to bleepingcomputers


    Hi All,
    the best site i know for all malware removal and follow up advise is bleepingComputers, please then read the
    am i infected sub-section and follow the instructions. they are really good

    Roy
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
RogueAgent/Gen-Nullo - Trojan
Related Threads
My colleague has just received an email from someone with a "WhatsApp" video attached - of course it was not a video, and unfortunately it seems to have auto disabled Windows Defender and loaded PC Optimizer Pro and some form of "Norton" and it is reporting that it is infected with Trojan.Gen.2 We...
Solved Zeus Trojan Virus in System Security
I had trouble getting my new Outlook settings correct to communicate with my ISP. A quick search lead me to a bogus phone number for Verizon help - 1-866-666-5542. They connected to my new computer (HP 110-210 64 bit Win 8.1) and through a few command prompts produced a "tree" in the dos window ...
Trojan program hijacks World of Warcraft accounts despite two-factor authentication Trojan program hijacks World of Warcraft accounts despite two-factor authentication | PCWorld
Eight Forums Android App Eight Forums IOS App Follow us on Facebook