Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan rootkit.win32.agent.i


  • Please log in to reply
1 reply to this topic

#1 KingOfCheezWiz

KingOfCheezWiz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 28 September 2005 - 03:00 PM

Ok, so when I wasn't home yesterday, someone clicked a .exe link on AIM, and by the time I got home, my system was going haywire. I tried to do a system recovery from when I did my back up two days ago, but when I tried restoring, it gave me an error message and said the problem was rootkit.win32.agent.i. I looked around, and found f-secure blacklight that supposedly finds the hidden rootkits and renames them so they are no longer a problem, but it didn't find this rootkit. What can I do?

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 29 September 2005 - 02:39 AM

Sysinternals Rootkit revealer

RootKitty needs UBCD4Win so that you can compare results.

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

Scan suspect files at jotti and Virus Total which use multiple AV scan engines.

A comprehensive list of who to mail a sample too is here.

Edited by stidyup, 29 September 2005 - 02:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users