TechSpot

[Active] Rootkit Agent keeps coming back like a zombie

By sonobang
Aug 7, 2010
Topic Status:
Not open for further replies.
  1. I was researching this for last couple days..with limited internet cause my internet provider kept banning me.
    I desperately need help!

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot :).

    Combofix should not be run without direction, as it is not meant as an everyday scanner. It is a powerful tool that can render your pc useless :).

    ==

    Please follow the directions given here http://www.techspot.com/vb/topic58138.html and post the requested logs.
  3. sonobang

    sonobang TS Rookie Topic Starter

    gah.. I did not know that...
    is ma laptop gonna be alright?..
  4. crunchie

    crunchie Malware Helper Posts: 761

    If it is still running now, it will be fine :). I was just letting you know for future reference.
  5. sonobang

    sonobang TS Rookie Topic Starter

    phew..thanks..but how about the rootkit.agent?..what is it exactly doing to my laptop and how can I get rid of it?
  6. crunchie

    crunchie Malware Helper Posts: 761

    You need to follow the instructions given in my first post :).
  7. sonobang

    sonobang TS Rookie Topic Starter

    I did what you told me to do. Hopefully I did everything right.

    Attached Files:

  8. sonobang

    sonobang TS Rookie Topic Starter

    oops forgot this

    Attached Files:

  9. crunchie

    crunchie Malware Helper Posts: 761

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    C:\pgddypoc.sys
  10. sonobang

    sonobang TS Rookie Topic Starter

    scanners found nothing.
  11. crunchie

    crunchie Malware Helper Posts: 761

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\pgddypoc.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  12. sonobang

    sonobang TS Rookie Topic Starter

    here you go

    Attached Files:

  13. crunchie

    crunchie Malware Helper Posts: 761

    Thats ok. It belongs to Gmer. It creates a random file name when it runs.
    How do things appear now? Are you still having problems?
  14. sonobang

    sonobang TS Rookie Topic Starter

    well I was not really experiencing any problem, but according to my internet provider my laptop is continuously spamming through my internet. So they keep banning me whenever I use my internet..
  15. sonobang

    sonobang TS Rookie Topic Starter

    ooo I just ran my malwarebytes and the rootkit.agent is finally gone! am I good to go now?
  16. crunchie

    crunchie Malware Helper Posts: 761

    Should be if MBA-M came up clean :).

    Let's get rid of Combofix now that we are finished with it.
    • Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

      ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    • [​IMG]
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.