Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stuborn rootkit.agent


  • Please log in to reply
No replies to this topic

#1 clspotards

clspotards

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 26 February 2010 - 05:03 PM

:thumbsup: Hello everyone . I have a rootkit listed as eonhf.sys that I can not remove I've scanned my pc with avast , norton , avg , Malwarebytes andnone have able to remove it .
At first I had 23 files infected but no longer have the details for them . curently under avast it says

C:WindowsSystem32driverseonhf.sys
Error: A device attached to the system is not functioning (31)



Malwarebytes says

Malwarebytes' Anti-Malware 1.44
Database version: 3796
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/26/2010 3:44:00 PM
mbam-log-2010-02-26 (15-44-00).txt

Scan type: Quick Scan
Objects scanned: 103961
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:WindowsSystem32driverseonhf.sys (Rootkit.Agent) -> Delete on reboot.


After reboot file remains

I was previously being redirected everytime I click a link but after first run of Malwarebytes that stoped . I was also hearing sounds like Tv commercials in the background when I opened IE that stopped as well...

New with the fourm stuff so bear w/me ,I have no clue where to start or what further actions to take any help will be much apreciated ..

aditional info when I try to manualy delete it says "canot read from source file or disk"

Edited by garmanma, 26 February 2010 - 08:39 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users