Trojan Horse Agent2.ZZG

This Trojan was found on my computer and removed by AVG Anti-Virus Free, and I am wondering what securities it could have breached.
It was found in C:\HP\BIN\ProcessLogger.exe , and I think I may have noticed “Process Logger” once recently on the Task Manager list of processes.
I found that there were no Google results for “Agent2.ZZG”, and so I am guessing that it might be a relatively new Trojan.
Is there a database of the capabilities of known Trojans, and might this one be among the known ones?

Comments 34

  • Mine found it too tonight, after all of my Vista updates ran through, pretty sure it’s just an HP process monitoring program, nothing to worry about.

  • Got one here in Australia tonight, Avg is running
    a scan right now, So far so good, computer is not
    giving me any problems, Thanks Beth, I’m not overly concerned as of right now.

    …….Ian

  • This just appeared on my AVG scan too. It seems to have removed it though. It was in the same location:

    C:\HP\BIN\ProcessLogger.exe

    Windows Vista. Virus DB: 270.14.64.2501.

    AVG has been reporting a numer of trojans recently on files that seem to have been there on the computer all along. I wonder if it’s getting some rather more thorough (or perhaps even over-enthusiastic) signature updates ?

  • Atl – I just woke up to find the same thing.

    Found by AVG 9.0
    Version 9.0.707
    Virus DB 270.14.64/2501

    File: C:\HP\BIN\ProcessLogger.exe
    Infection: Trojan horse Agent2.ZZG

    The Process Name: C:\Prigram Files\CMS Products\BounceBack Express\BBBackup.exe
    Process ID: 6028
    Detected on Open.

    ** I also got a “data execution prevention” error from Windows Vista yesterday.

    Any advice will be greatly appreciated.

  • AVG just picked out the same trojan and removed it. I think that it is a file that we get from HP as an update. I am running Vista.

  • my AVG just picked up this trojan too.Im runnng Vista.

  • AVG picked this up on the overnight scan. Not only did it mark C:\hp\bin\ProcessLogger.exe, it also marked C:\Windows\System32\svchost.exe. We also have Vista. I have already communicated with HP about this.

  • Yep i’v had the same Trojan come up on my AVG V9 Free scan very supprised it wasn’t caught before it managed to get onto system does anyone have anymore updates from HP ???

  • I got it too, same night as everybody else. It’s hiding in the hp ProcessLogger.exe file.

    I also got another trojan in hp\recovery\wizard\SWR_wizard.exe. That one is trojan horse agent2.SIQ

    These might be false positives. I hope so.

  • AVG just found the same on mine. Still running the scan, but I run XP. BUT so far, so good.

  • Yep, AVG got it on mine too. I also run Vista. I’m wondering if it’s a false one, like the iTunes one was several months ago.

  • The same happened to me Nov 13th, AVG found 2 in HP directory:
    HP/BIN/Processlogger.exe = Agent2.zzg
    HP/recovery/wizard/SWR_wizard.exe

    Both were also picked up in one system Recovery restore point.

    It is unclear that these are real or false positives. The program names are legit in the HP directory, but if it wasn’t detected in earlier recovery break points, they may be real. I’m trying to find the original HP versions and see if they get detected.

    My conclusion is that it’s been infected in the last 4 days (I ran a scan on Monday, which was clean) or AVG added a new signature that creates a false positive.

  • I;m running XP. The common thread is AVG and HP. I’m checking against HP’s original files to see if they get picked up…then its’ a false positive. Otherwise )(*&)(*&

  • Same thing here. But XP. AVG and HP and Nov 13/14th scans the common thread. It also showed up one system restore point. I”m checking for the original files from HP and seeing if they trigger the alert. If it does, these are false positives.

  • I got the same Virus on 11-14-09 scan…it was removed and deleted – my system is runngin very very slow since this happened….any more info aout this is greatly appreciated!!

  • I have contacted HP regarding this issue and still waiting for there reply , soon as I hear something will post.

    I’m also running Vista but unlike some others have only had the one Trojan 2.ZZG

    It seems rather strange that most of us are using AVG security software and running Vista is this likely to be false Trojans being icked up by AVG V9??

    Look forward to any further comments or information.

  • I have contacted HP regarding this issue and still waiting for there reply , soon as I hear something will post.

    I’m also running Vista but unlike some others have only had the one Trojan 2.ZZG

    It seems rather strange that most of us are using AVG security software and running Vista is this likely to be false Trojans being icked up by AVG V9??

    Look forward to any further comments or information.

  • I had the same trojan show up and it was ‘moved to the virus vault’ My pc seems to be running at about what it was before hopefully this doesn’t cause any problems for me later I can’t afford a new PC.

  • Also as I forgot to note I am on a XP not a Vista.

  • Same thing happened to me this morning with AVG 9. Same two files, same two trojans. The difference is that I’m running Windows XP Home, not Vista. I’m re-running the scan and it’s not showing anything. I suspect false positive.

  • I also got that Trojan, 2.ZZG, show up from the scan last night on a system running XP. Had upgraded to AVG V9 prior to the scan.

  • Got the same trojan horse here too last night. Am running XP home and AVG security pack. My avg removed it to the virus vault and am now running SpyBot S&D with system restore off and will run AVG again.

  • Ich habe mir Agent 2.SIQ und Agent2.ZZG, auch am 14.11.09 eingefangen und durch AVG 9,0 bereinigt benutze Windows XP und es laufen jeden Tag irgentwelche Updates von Windows, die wohl keiner braucht.

  • I also got this virus, but it listed three files in:
    C:\System Volume Information\_restore{00EFF…

    Each one said it was the C:\WINDOWS\system32\svchost.exe process that was running that had the issue.

    Is this something that was lurking until today? Or something else?

  • I have the same issue. my mum was so worried and rang me to come look. We are running XP on a Hp computer. We apprently have it three times. The process name is: C:\\WINDOWS
    system32\cidaemon.exe for all three threats.

    2 of the files are the same and have the torjan horse agant2.SIQ ‘infection’ and the other is the 2.ZZG.

    I’ve moved them to the virus vault so if anyone here’s anthing back from Hp or gets any info that would be great if they share it =]

  • Well this is the email that I received back from HP

    “Thank you for contacting HP Total Care.

    After reviewing your email, I have understood that you are experiencing the issue with virus.

    I regret the inconvenience you have faced in the course. I assure you that I, as a part of HP Total Care, take the ownership of the issue you are experiencing and would try to resolve the issue to the best of my abilities and up to your expectation.

    The reason for this issue is virus.

    In order to remove the virus I would suggest you to use malware bytes to remove the virus first after that if the issue still persists please download Liveone care for scanning the virus.

    Please click on the link given below to download Liveone care:

    http://onecare.live.com/site/en-us/default.htm

    (The above mentioned URL will take you to a non-HP Web site. HP does not control and is not responsible for information outside of the HP Web site.

    )

    Please get back to us with your valuable observation, if any issue persists we would continue from there. We are waiting for your response.

    If you need further assistance, please reply to this message and we will be happy to assist you further.

    It has been a real pleasure assisting you. If you need any further assistance, please feel free to contact us and we will be at your service right away

    For information on keeping your HP and Compaq products up and running, please visit our Web site
    at:
    http://www.hp.com/go/totalcare

    I didn’t think that was too helpful but others might. I was thinking of maybe contacting AVG seeing as it was their product that detected it.

  • This is what I’ve got:
    Trojan horse agent2.siq
    –c:system volume information_restore{D341….
    Trojan horse agent2.siq
    –c:hprecoverywizardswr_wizard.exe

    Trojan horse agent2.zzg
    –c:system volume information_restore{D341….

    Trojan horse agent2.zzg
    –c:hpbinprocesslogger.exe

    PC — HP, windows XP

    AVG version — 8.5

    I noticed most are using ver 9. I’m still at 8.5 with latest update.

    Cheers…

  • J found Agentt2.ZZG 15/11 with MalwareBytes. It was hidden HP\BIN\ProcessLogger.exe. I run Vista and scan with AVG every day, but AVG didnĀ“t find it.

  • Hi all I received this e.mail directly from HP UK it details how to remove the files this Trojan is hiding on.

    HP Customer Care http://welcome.hp.com/country/uk/en/support.html

    Dear Jonathan,

    Thank you for contacting HP Customer Care.

    This email is a follow up to your recent email interaction with us regarding the issue with process logger.exe file.

    Jonathan, I am personally following up with you to check if the information provided has helped you or not. Please reply to this email with the outcome of the suggested steps.

    We will be waiting for your reply. If you need further assistance, please reply to this message and we will be happy to assist you.

    For information on keeping your HP and Compaq products up and running, please visit our web site at: http://www.hp.co.uk/diagnostics

    Sincerely,

    Susan
    HP Customer Care

    HP Customer Care http://welcome.hp.com/country/uk/en/support.html

    Dear Jonathan,

    Thank you for contacting HP Customer Care.

    I understand that the AVG anti-virus software installed in your HP Pavilion dv6625em notebook has detected the C:\HP\BIN\PROCESSLOGGER.EXE file as a trojan. You would like to know if you need to delete it or not

    Jonathan, I realize the importance of the issue and will make sure that I give youappropriate information.

    Process Logger is a hidden service utility that logs what applications have been used on your home or office PC, when they are started and finished.

    Remove Process Logger Manually:

    To remove all Process Logger files, you must kill all Process Logger processes that are running in your computer’s memory. To kill Process Logger processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the “Processes” tab, search for Process Logger, then right-click it and select “End Process” key.

    You willl also need to remove Process Logger registry keys. To remove Process Logger registry keys, click on the Windows “Start” button and select “Run” to open Windows Registry Editor. A window will popup. Type “regedit” into the box, and click “OK”. Search for the registry key “HKEY_LOCAL_MACHINE\Software\Process Logger.” Right-click it and select “Delete.”

    Finally, you will need to manually delete other files to clean your PC of Process Logger. These Process Logger can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Process Logger might create a file like
    %PROGRAM_FILES%\Process Logger\Process Logger.exe. Locate and remove these files.

    I hope this information is helpful for you. If you need further assistance, please reply to this message and we will be happy to assist you.

    For information on keeping your HP and Compaq products up and running, please visit our web site at: http://www.hp.co.uk/diagnostics

    Sincerely,

    Susan
    HP Customer Care

  • So Agent2.ZZG is not exclusive to AVG 9, or even to AVG, but it still looks like it might be exclusive to HP.

    Sven, do you keep up to date with the AVG virus database? It is surprising that what AVG found for everyone else it did not find for you.

  • Hi all
    I have been folowing this with interest as I also had AVG 9 find the Trojan Horse Agent2.ZZG in the same location as others.
    It was found on two laptops on the same day. Both laptops are HP Pavillions running Vista SP2.
    However AVG appears to have removed the trojan without any problems. It’s been over a week now with no re-appearance (re-store area etc.).
    So I wasn’t concerned…. that was until I read JBs posting of the procedeure HP says should be followed to remove it.
    I update AVG once or twice a day and use the additional scan facility every night to run a scan and automatically shut the laptops down each night…. so there has been at least 7 trojan free scans completed since the original detection and removal from the virus vault.
    Is it safe to to continue using my laptops without following the rather complex procedure?
    Thanks, DB

  • have a trogan horse agent2ukk in C:\windows\system32\nevb.exe is nfected please help what can i do

  • I checked my vault this morning and the same virus was in there. It also showed up on November 14th like everyone else reported. I deleted it from my vault. I also had a packet hidden from Nov 2nd. I’m going to check to see what that is. I run AVG and I also have my Norton – I just don’t know how these things can still sneak by.

Leave a Reply

Your email address will not be published. Required fields are marked *