Jump to content

Can't solve Rootkit.Agent problem. Help :)


Recommended Posts

Hello,

My cable company has informed me I have spam being genereated from my IP address. I have XP Home Basic edition. I ran Malwarebytes and it finds a Rootkit.Agent. So I set it to delete and reboot. When it reboots, I get the message that Windows has blocked programs starting up. I choose "run blocked program" but when I run it again, it still finds Rootkit.Agent.

Also, I followed directions found on this forum to solve the "blocked after reboot" problem. I ran startup_fix.reg and that didn't work. I also followed every step to fully remove and reinstall MalwareBytes and make sure my AVG anti-virus had all the correct MalwareBytes exception paths in the Resident Shield. But MalwareBytes is still being blocked after reboot.

I've also run RootRepeal twice following directions from a similar post and it ran for over 20 hours both times. Any other suggestions? Thnx so much in advance. I've pasted the Malwarebytes and DDS.txt logs and I am attaching DDS/GMER log files:

MalwareBytes:

Malwarebytes' Anti-Malware 1.44

Database version: 3888

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/20/2010 10:33:03 AM

mbam-log-2010-03-20 (10-33-03).txt

Scan type: Quick Scan

Objects scanned: 27184

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\system32\Drivers\kqslup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mark at 10:40:55.36 on Sat 03/20/2010

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_15

Microsoft

Attach.zip

Link to post
Share on other sites

Hello Markus

Welcome to Malwarebytes.

=====================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.