Jump to content

Can't solve Rootkit.Agent problem. Help :)

Recommended Posts


My cable company has informed me I have spam being genereated from my IP address. I have XP Home Basic edition. I ran Malwarebytes and it finds a Rootkit.Agent. So I set it to delete and reboot. When it reboots, I get the message that Windows has blocked programs starting up. I choose "run blocked program" but when I run it again, it still finds Rootkit.Agent.

Also, I followed directions found on this forum to solve the "blocked after reboot" problem. I ran startup_fix.reg and that didn't work. I also followed every step to fully remove and reinstall MalwareBytes and make sure my AVG anti-virus had all the correct MalwareBytes exception paths in the Resident Shield. But MalwareBytes is still being blocked after reboot.

I've also run RootRepeal twice following directions from a similar post and it ran for over 20 hours both times. Any other suggestions? Thnx so much in advance. I've pasted the Malwarebytes and DDS.txt logs and I am attaching DDS/GMER log files:


Malwarebytes' Anti-Malware 1.44

Database version: 3888

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/20/2010 10:33:03 AM

mbam-log-2010-03-20 (10-33-03).txt

Scan type: Quick Scan

Objects scanned: 27184

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\system32\Drivers\kqslup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


DDS (Ver_10-03-17.01) - NTFSx86

Run by Mark at 10:40:55.36 on Sat 03/20/2010

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_15



Link to post
Share on other sites

Hello Markus

Welcome to Malwarebytes.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.