Backdoor.Agent.PBE

[Vero44]

Hi. I'm getting a persistent Backdoor.Agent.PBE threat on a customer's PC. File locations is c:\Windows\System32\igfxres.dll

Have done a rename on this file but it still comes back. Spyware Doctor reports that it quarantines the agent on startup but this happens every startup and several times later too. The original infection came on the back of a UPS email attachment scam which the customer opened.

I've done a Combofix scan and HJT logs are clean. Ran a couple of rootkit tools that come back clean. This laptop has the Intel hardware associated with the igfx files (igfxtray.exe etc)

Running paid for SpyDoc 6.0.0.385 with AVG 8 free on XP Home SP3.

Malwarebytes antimalware current DB1242 detects nothing.

Is this a known threat or a false positive on Spyware Doctor's side?

[JeanInMontana]

Sounds like something you need to point out to Spyware Doctor. Did you upload a sample to Virus Total or any where to test it?

[Vero44]

Yep, Virus Total comes back clean. PC Tools have not come back to me yet.

Upgrading to Spyware Doctor 6 from version 5.5 flagged it as an infection. I have a test rig with 5.5 on which detects nothing (even with the hard drive mounted). Have tried lots of antivirus tools which don't pull it in as a virus either.

Just wondering if the MBAM team knew of anything.