Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit.Agent can't be found

  • Please log in to reply
2 replies to this topic

#1 wilez


  • Members
  • 5 posts
  • Local time:02:57 AM

Posted 06 November 2008 - 11:08 AM

Malwarebytes keeps saying that I have a rootkit.agent and that it removes it. However, after restart and another scan, it shows that it's still there. It gives the location as C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP747\A0110559.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

When I do a search for that file. it comes up that it does not exist.

I have also used, without success, SuperAntiSpyware, Ad-Aware, Spybot, Rootkit Buster by TrendMicro, CatchMe, Norton Internet Security, Combofix, Fixwareout (the last two in safe mode), and more. None of these have picked up on the Rootkit.Agent ,,, only Malwarebytes.

Is there anything I can do to find and remove this virus aside from doing a complete wipe out and starting over?

Another thing that I noticed and wonder about ,,, I opened my Task Manager and found 7 instances of SCVhost.exe running in the processes ,,, 3 in SYSTEM, 2 in NETWORK SERVICE and 2 in LOCAL SERVICE. Is this right????

I didn't have a problem until I installed a nationwide broadband service, VZAccess. It didn't work in my area so I have since uninstalled it, but I think I got the virus during that time.

Any help is greatly appreciated! Thank you.

Edited by boopme, 06 November 2008 - 10:24 PM.
Cleaned tags ~~boopme

BC AdBot (Login to Remove)


#2 wilez

  • Topic Starter

  • Members
  • 5 posts
  • Local time:02:57 AM

Posted 06 November 2008 - 07:35 PM

Well, I didn't get any advice, so I got brave and took a risk, not really knowing if it was the right thing to do, but the rootkit.agent is gone ,,, at least for now. I decided to go into my System Properties and I turned off the System Restore on all drives. When I did this it purged all of the System Restore files, all the Restore Points and information, and the virus went with it. I turned the System Restore back on, went to make sure that a new Restore Point had automatically been made,,, it was, so I didn't have to make one. I did create another one a couple hours later, and made note of the purge, after I did a FULL scan on Malwraebytes Anti-Malware and for the first time, the Rootkit.Agent did not show up. I didn't worry about losing all of the restore points because I figured I didn't want to go back to any of the virus's I've found and it was a last resort before wiping everything out and reformating anyway. I'm going to run some utilities and spyware, do some updates, and another Malwarebytes scan now and I hope all ends well and I sleep much better than I did last night!

Edited by boopme, 06 November 2008 - 10:26 PM.
cleaned tags``boopme

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,490 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 06 November 2008 - 10:29 PM

Hi I would have asked you to post the log and perhaps seen that the location of the malware was indeed in system restore. If that was its location then you have performed the correct proceedure to remove it.
I would ask if you have since checked for an MBAM update and resanned?
Have you created a New restore point?

Edited by boopme, 06 November 2008 - 10:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users