Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me, I don't know what to do


  • Please log in to reply
1 reply to this topic

#1 armand001

armand001

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 02 February 2010 - 06:39 AM

Hi, can please somebody help me?

My AVG antivirus has found a trojan horse

"C:\WINDOWS\system32\drivers\agp440.sys";"Trojan horse Generic15.GIB";"Object is white-listed (critical/system file that should not be removed)"

and it says that it can't be removed because it's critical/system file?

It's size is 92.0 KB (94,208 bytes)

I have Microsoft Windows, service pack 3

What should I do?

Edited by armand001, 02 February 2010 - 06:46 AM.


BC AdBot (Login to Remove)

 


#2 armand001

armand001
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 02 February 2010 - 06:50 AM

I submitted a sample to Virus Total --


Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.17 Virus.Win32.Protector!IK
AhnLab-V3 5.0.0.2 2009.11.17 Win32/Ntfs
AntiVir 7.9.1.70 2009.11.17 RKit/Kobcka.C
Antiy-AVL 2.0.3.7 2009.11.17 Virus/Win32.Protector.gen
Authentium 5.2.0.5 2009.11.17 W32/Protector.C.gen!Eldorado
Avast 4.8.1351.0 2009.11.17 Win32:Cutwail
AVG 8.5.0.425 2009.11.17 Generic15.GIB
BitDefender 7.2 2009.11.17 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.11.17 Trojan.Cutwail.h
ClamAV 0.94.1 2009.11.17 -
Comodo 2970 2009.11.17 TrojWare.Win32.Trojan.RootKit.~GR
DrWeb 5.0.0.12182 2009.11.17 Trojan.DownLoad.47257
eSafe 7.0.17.0 2009.11.17 Win32.RKitKobcka.C
eTrust-Vet 35.1.7125 2009.11.17 Win32/Cutwail.AUX
F-Prot 4.5.1.85 2009.11.17 W32/Protector.C.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.17 Rootkit.Kobcka.Patched.Gen
Fortinet 3.120.0.0 2009.11.17 -
GData 19 2009.11.17 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.74.0 2009.11.17 Virus.Win32.Protector
Jiangmin 11.0.800 2009.11.17 -
K7AntiVirus 7.10.898 2009.11.17 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.11.17 Virus.Win32.Protector.c
McAfee 5805 2009.11.17 Generic.dx!gyv
McAfee+Artemis 5805 2009.11.17 Generic.dx!gyv
McAfee-GW-Edition 6.8.5 2009.11.17 Heuristic.LooksLike.Rootkit.Kobcka.H
Microsoft 1.5202 2009.11.17 Virus:Win32/Cutwail.H
NOD32 4615 2009.11.17 a variant of Win32/Kryptik.ABX
Norman 6.03.02 2009.11.17 W32/Rootkit.AYIG
nProtect 2009.1.8.0 2009.11.17 Trojan/W32.Agent.94112.B
Panda 10.0.2.2 2009.11.17 Suspicious file
PCTools 7.0.3.5 2009.11.17 Trojan.Pandex
Prevx 3.0 2009.11.17 Medium Risk Malware
Rising 22.22.01.08 2009.11.17 RootKit.Win32.Agent.fxj
Sophos 4.47.0 2009.11.17 -
Sunbelt 3.2.1858.2 2009.11.17 Trojan.Win32.Cutwail.drv (v)
Symantec 1.4.4.12 2009.11.17 Trojan.Pandex
TheHacker 6.5.0.2.071 2009.11.16 -
TrendMicro 9.0.0.1003 2009.11.17 TROJ_CUTWAIL.GH
VBA32 3.12.12.0 2009.11.17 -
ViRobot 2009.11.17.2041 2009.11.17 Win32.Protector.C
VirusBuster 5.0.21.0 2009.11.17 Win32.Protector.CV.Gen
Additional information
File size: 94112 bytes
MD5 : 26bb5a3a50b5e77b4763ce16d22e8bf1
SHA1 : 6a4d472767a823506a1d91b90c3aee771b9d76c7
SHA256: 04b3df96233b63a0b0ba8c47c0a241c5c4cb002d7009dc1fa386a683521b9862
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xE97
timedatestamp.....: 0x4ADCDE5A (Mon Oct 19 23:47:06 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x220 0xD8A 0xDA0 6.00 6de916b2b3ac4f70d4e5e3b19d567d57
.data 0xFC0 0x24 0x40 1.90 a1b2e0cf56d0bacc47cfe35fa6506d6e
.reloc 0x1000 0x15FA0 0x15FA0 6.06 25152caa13fd0ca74ad128f7f892034e

( 0 imports )


( 0 exports )

TrID : File type identification
Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 1536:bHyGSVKFCeX2oBKJwniJxfbALiNBryARGOB/BycYDx:QIFCg2owynira6tjB/RYDx
Prevx Info: http://info.prevx.com/aboutprogramtext.asp...DF4D300622BEA76
PEiD : -
RDS : NSRL Reference Data Set
-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users