Anti-Rootkit keeps picking up instances of these Trojan.Agent files in every user profile. After clean and reboot, they show up again. Regular Malware Bytes, Trend Micro, Stinger, Super Anti Spyware, Roguekiller, McAfee Rootkitremover, and McAfee GetSusp do not find these either before or after running Anti-Rootkit. The files cannot be found when searching, but then show up on a scan. I'm at a loss... is this a glitch in Anti-Rootkit or is this an actual Trojan that keeps repopulating? Folders Detected: 2 c:\updata (Worm.AutoRun) -> Delete on reboot. c:\google.com (Trojan.Agent) -> Delete on reboot. Files Detected: 156 c:\documents and settings\all users\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\default user\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\localservice\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\networkservice\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\pp\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\passwords.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\all users\porn.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\default user\porn.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\localservice\porn.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\networkservice\porn.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\pp\porn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\porn.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\all users\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\default user\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\localservice\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\networkservice\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\pp\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\sexy.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\microsoft\msn.exe (Trojan.Backdoor) -> Delete on reboot. c:\passwords.exe (Worm.AutoRun.Gen) -> Delete on reboot. c:\porn.exe (Worm.AutoRun.Gen) -> Delete on reboot. c:\sexy.exe (Worm.AutoRun.Gen) -> Delete on reboot. c:\windows\install\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\sys64\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\messeng\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\program files\winst\msn.exe (Trojan.VBKrypt) -> Delete on reboot. c:\windows\system23\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\all users\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\documents and settings\default user\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\documents and settings\localservice\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\documents and settings\networkservice\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\documents and settings\pp\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\msn.exe (Backdoor.Bifrose.Gen) -> Delete on reboot. c:\updata\autorun.inf (Worm.AutoRun) -> Delete on reboot. c:\windows\system32\mms\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\documents and settings\all users\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\default user\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\localservice\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\networkservice\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\pp\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\all users\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\default user\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\localservice\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\networkservice\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\pp\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\messanger\msn.exe (Backdoor.IRCBot) -> Delete on reboot. c:\program files\adobs\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\program files\dll\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\program files\hotmail\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\program files\internet explorer\msn.exe (Trojan.Agent) -> Delete on reboot. c:\program files\massenger\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\program files\msn\msn.exe (Trojan.Agent) -> Delete on reboot. c:\program files\msns\msn.exe (Backdoor.PoisonIvy) -> Delete on reboot. c:\bin\msn.exe (Trojan.Agent) -> Delete on reboot. c:\msn.exe (Worm.AutoRun) -> Delete on reboot. c:\documents and settings\all users\start menu\programs\startup\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\default user\start menu\programs\startup\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\pp\start menu\programs\startup\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\config\systemprofile\start menu\programs\startup\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\documents and settings\all users\start menu\programs\startup\sexy.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\default user\start menu\programs\startup\sexy.exe (Backdoor.IRCBot) -> Delete on reboot. c:\documents and settings\pp\start menu\programs\startup\sexy.exe (Backdoor.IRCBot) -> Delete on reboot. c:\windows\system32\config\systemprofile\start menu\programs\startup\sexy.exe (Backdoor.IRCBot) -> Delete on reboot. c:\windows\system32\1122\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\computer\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\mesenger\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\messanger\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\msn\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\msnn\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\mstwain32\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\smn\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\system32\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\systeme\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\update\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\windows\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\exblorer\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\help\msn.exe (Trojan.Banker) -> Delete on reboot. c:\windows\mssn\msn.exe (Backdoor.Bot) -> Delete on reboot. c:\windows\res\msn.exe (Password.Stealer) -> Delete on reboot. c:\windows\system\msn.exe (Trojan.Banker) -> Delete on reboot. c:\documents and settings\all users\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\default user\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\localservice\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\networkservice\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\pp\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\program files\outlook express\autorun.inf (Malware.Trace) -> Delete on reboot. c:\wins\msn.exe (Trojan.Agent) -> Delete on reboot. c:\program files\msn.exe\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\installdir\msn.exe (Backdoor.XTRat) -> Delete on reboot. c:\program files\yahoo\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\system32\explorer\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\program files\nenatube\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system32\biff\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\documents and settings\all users\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\documents and settings\default user\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\documents and settings\localservice\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\documents and settings\networkservice\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\documents and settings\pp\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\windows\system32\config\systemprofile\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\windows\system32\msn.exe\msn.exe (Trojan.Agent) -> Delete on reboot. c:\winz\msn.exe (Trojan.Banker) -> Delete on reboot. c:\windows\iexplorer\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\all users\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\default user\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\localservice\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\pp\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\windows\system32\config\systemprofile\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\program files\javasuppot\msn.exe (Trojan.Agent) -> Delete on reboot. c:\windows\system\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\publicos windows\msn.exe (Trojan.Banker) -> Delete on reboot. c:\documents and settings\all users\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\default user\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\localservice\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\networkservice\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\pp\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\installdir\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\system 32\msn.exe (Backdoor.Bifrose) -> Delete on reboot. c:\windows\installdir\msn.exe (Trojan.Agent) -> Delete on reboot. c:\program files\firewall\msn.exe (Trojan.Banker) -> Delete on reboot. c:\system\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\msgservice\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\windows\system32\wind0ws\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\all users\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\default user\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\localservice\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\networkservice\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\pp\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\program files\systeme32\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\install\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\frecel\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\documents and settings\all users\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\default user\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\localservice\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\networkservice\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\documents and settings\pp\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\live\msn.exe (Backdoor.Agent.DC) -> Delete on reboot. c:\windows\installdir\sexy.exe (Backdoor.Agent) -> Delete on reboot. c:\windows\system32\microsoft2\msn.exe (Backdoor.Agent) -> Delete on reboot. c:\passion\msn.exe (Trojan.Banker) -> Delete on reboot. c:\documents and settings\default user\local settings\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\documents and settings\localservice\local settings\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\documents and settings\networkservice\local settings\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\documents and settings\pp\local settings\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\windows\system32\config\systemprofile\local settings\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\windows\temp\porn.exe (Backdoor.Agent.TRJ) -> Delete on reboot. c:\documents and settings\all users\application data\autorun.inf (Worm.Agent) -> Delete on reboot. c:\documents and settings\default user\application data\autorun.inf (Worm.Agent) -> Delete on reboot. c:\documents and settings\localservice\application data\autorun.inf (Worm.Agent) -> Delete on reboot. c:\documents and settings\networkservice\application data\autorun.inf (Worm.Agent) -> Delete on reboot. c:\documents and settings\pp\application data\autorun.inf (Worm.Agent) -> Delete on reboot. c:\windows\system32\config\systemprofile\application data\autorun.inf (Worm.Agent) -> Delete on reboot.
