Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Re-infected W/ Rootkit.win32.agent.byr

  • This topic is locked This topic is locked
1 reply to this topic

#1 S Faxon

S Faxon

  • Members
  • 2 posts
  • Local time:05:07 PM

Posted 22 August 2008 - 03:52 PM

Hello and thanks in advance for any assistance with this thing.

For the past couple of days I have attempted to get rid of this thing and it keeps rearing it's ugliness. The system shows clear presently with Malware bytes, Sophos, Kaspersky, Stinger and Windows onecare. However by the end of the day it will be found trying to initiate, so it's hiding pretty well. Additionally I am no longer able to run HijackThis as I get an Error #5 Invalid procedure. Seems to me this has something to do with the Win.ini file possibly being corrupt or missing.
Any help would be greatly apprecisted as I need sleep!

OS: XP pro.
Updates are current.

EDIT; My bad, if the mod wants to move this to HJT and malware removal that may be more appropriate.

Edited by S Faxon, 22 August 2008 - 04:29 PM.

BC AdBot (Login to Remove)


#2 TMacK


  • Members
  • 4,672 posts
  • Gender:Male
  • Location:B.C. Canada
  • Local time:03:07 PM

Posted 22 August 2008 - 09:23 PM

Welcome to Bleeping Computer S Faxon,

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.

You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If you have any questions, don't hesitate to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users