Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help Removing RootKit.Agent

  • This topic is locked This topic is locked
2 replies to this topic

#1 Yamile


  • Members
  • 1 posts
  • Local time:07:16 PM

Posted 05 June 2010 - 10:14 PM

Hello everybody!

We have 3 computers (1 desktop, 2 laptops) in the house one of the laptops is a Macbook, the others are running WinXP. On monday I found the desktop was infected with the Protection Center rogue, I did some research online and got rid of it with Malwarebytes, the problem is that when I scan now it shows there are 2 files infected with RootKit.Agent, but when I reboot they just dont go away... It's hard to use the browser because now it got very slow and it takes forever to load a site. The rootkit it's also doing something with my wireless router because when the desktop is wired connected to it the connection gets intermittent in all computers in the network, including my Xbox 360, which is something really annoying! I read the manual so here are the logs, I'd appreaciate any help you can provide me and if there's some info I missed just let me know. I'm not a techie , just a girl trying to fix a problem.

Attached Files

BC AdBot (Login to Remove)


#2 Farbar


    Just Curious

  • Security Developer
  • 21,719 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 AM

Posted 08 June 2010 - 04:07 PM

Hi Yamile,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

You computer is seriously infected. We have some work to do to get it cleaned. I advise you not to use it. Change your passwords, cover sensitive information you have on the computer and take needed action to make sure those information will not be misused.

Tell me if you are residing in Santa Domingo. This just to check if your the TCP setting is not altered.

You seem not to have an antivirus protection. We are going to install one the next round.
  1. Please uninstall Daemon tools as it interferes with our tools and leads to false positive. You may install it when we are done.

  2. Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • If DeFogger ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

  3. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with the tool. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • You will get a warning about the not trusted download sites for ComboFix, click Yes.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#3 Farbar


    Just Curious

  • Security Developer
  • 21,719 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:16 AM

Posted 14 June 2010 - 06:28 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users