Jump to content

Getting rid of agent, vundo;


Guest bugmenot

Recommended Posts

Guest bugmenot

Sorry for posting this without reading other threads to see what the suggestions already being passed on are. I'm atrociously busy these days, but I wanted to pass on the information I learned in finally managing to rid myself of fakealert, vundo and agent after a 3 day infection. Malwarebytes cleans up most of the files at issue, but was still leaving behind the rootkit.agent, and was--of course--unable to wipe this at boot.

At first I was, mistakenly, focusing on trying to find a way to beat the access protection and delete the file. I made boot disk, tried removal utilities, tried to change it's load priority in the registry--etc.

What worked? It's locked because it's loading on startup as a system driver. It's loading the driver, because agent installed itself as a hardware item. In my device manager I enabled the view of hidden devices, and found it under the same name as the driver, listed under the Non plug-and-play devices section. Disabling the device and rebooting allowed me to remove the device and my malwarebytes' scans are now clean.

I hope this information is useful--I remember noting the large number of recent threads on being unable to install this rootkit when I came here looking for info.

Best luck!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.