Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Agent in registry


  • Please log in to reply
2 replies to this topic

#1 Accidental Techie

Accidental Techie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 18 November 2008 - 11:06 AM

This problem began with a very slow laptop (Dell Inspiron 9400).
I believe a second problem was started by the user clicking on the download NIV09 popup. the computer wouldn't shutdown automatically and then it began doing a chkdsk each time it started, saying the volume was dirty, then it stopped recognizing the usb ports.
I decided to run Malwarebytes and found it has the Rootkit.Agent in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-cde-1523. Mbam quarantined it - I asked it to remove it, which it did, only to reappear as quarantined. I tried unlocking it but that didn't work.
Meanwhile I had uninstalled NIV2008, but when I reinstalled it, I received a msg that McAfee needed to be removed (I never installed the program that came with the machine). Anyway, I downloaded a removal program for that and also for NIV2008 - then I reinstalled NIV2008 but couldn't run LiveUpdate! In addition, I could no longer access the Internet. I fixed the tcp/ip problem by completely removing NIV2008.

This whole thing has been an on and off work issue for over a week - Now I'm wondering if it would be easier and more efficient to just wipe everything clean and reinstall WinXP etc. I have a backup of the system, but am reluctant to use it since the slowness was noticeable when that backup was done...so I'm concerned it may not be a good idea.

Any advice you can give me on this?

BC AdBot (Login to Remove)

 


#2 wolsno

wolsno

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 November 2008 - 11:18 AM

Probably more efficient to wipe and re-install everything at this point.

#3 Accidental Techie

Accidental Techie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 18 November 2008 - 11:26 AM

Hmmm - that's what I thought. I just did another scan and it reports no infected files. I'm thinking about trying to install NAV08 instead of NIV08 - I'm going to see if I can talk to someone at symantec first :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users