Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

w32.agot...


  • Please log in to reply
9 replies to this topic

#1 Krutselno

Krutselno

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 06:19 AM

Hi!

I am new to this so sorry if this is the wrong place to post.
But I REALLY need help with a problem of mine..

The first thing that happens when I turn on my computer is that I get this msg:
"Windows cannot find `servicetask.exe`"
I also got this spywares in my register:

Posted Image

I've tried to use WinTasks5 in safety mode to delete them, and to delete them in the registy from safe mode, and a program from sysinternals... still every time I boot in normal mode my ad-watch from lavasoft says that I got some registy changes from "usbdrv" servicetask.exe and when I check my register again it looks like the image I posted above, again... :thumbsup:

Edit: I also forgot to metion that I've run Ad-aware professional edition 1.06 scans many times, and Webroot spysweeper 4.0 beta many times... I find the spyware every time... remove it, but when I reboot it's back :flowers:

Edited by Krutselno, 09 June 2005 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 computingelite

computingelite

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 07:25 AM

can't see the image :/

#3 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 09 June 2005 - 09:28 AM

Hi

Scan the file defragfatz here

Info on Defragfatz.exe

Symantec on W32.Linkbot.H

Sophos 1

Sophos 2

Edited by stidyup, 09 June 2005 - 09:30 AM.


#4 Krutselno

Krutselno
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 10:02 AM

Thanks for help, but what I don't understand is that I cannot find the defragfatz file in system32 even though the register shows that system32 is the correct location for it.. so I cannot find the file to scan it... I've even search the whole drive...but I cannot find it... weird...

#5 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:09:32 AM

Posted 09 June 2005 - 10:57 AM

Have you also searched for hidden files? In your search box, click on "more advanced options" and make sure that "system folders" and "search hidden files and folders" is checked.

The link that was posted to Symantec's site also included removal instructions, but it involves editing the registry. Make sure you back up the registry to a place where you can find the backup easily, such as your "My Documents" folder or your desktop. Also, the instructions recommend that you turn off System Restore. Personally, I would do the repairs first, make sure the system works, then turn off System Restore and re-enable it again. Turning it off and then on will wipe all the information in System Restore, and an infected System Restore is better than none in the event something goes terribly wrong. When you're sure it's running OK, you can flush the restore points.

#6 Krutselno

Krutselno
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 11:07 AM

hmmm...but when I use ad-aware in both safe mode and normal mode it find Win32.Worm.Agobot.E and not the one posted in the symantec link...
I've removed it lots of lots times, but when I boot up it's back again..

#7 screwy_looie

screwy_looie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 04:42 PM

if u hav spyware this shud get rid of it
ewido u can get it free

do u hav a file sharing program coz i got a worm of 1

#8 Krutselno

Krutselno
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 09 June 2005 - 04:57 PM

Ewido didn't help me.. it didn't find anything on my comp. But thanks for trying :thumbsup:

Hmmm... I've tried to remove the spyware manually, I've booted in safe mode and deleted everything from the registry, msconfig and all the boot things I could find with wintask5 and sysinternals program....

But still, when i reboot in normal mode my ad-watch register some changes in my register.... everything from the picture in my first post is back in the register again.... :flowers:

#9 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 10 June 2005 - 06:05 AM

Download Hijackthis Download HijackThis

And post the log created here for analysis

#10 Krutselno

Krutselno
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 10 June 2005 - 06:57 AM

Okey, posting it now. Thanks for all help...so far ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users