TechSpot

[Active] Rootkit Agent keeps coming back like a zombie

By sonobang
Aug 7, 2010
  1. I was researching this for last couple days..with limited internet cause my internet provider kept banning me.
    I desperately need help!
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot :).

    Combofix should not be run without direction, as it is not meant as an everyday scanner. It is a powerful tool that can render your pc useless :).

    ==

    Please follow the directions given here http://www.techspot.com/vb/topic58138.html and post the requested logs.
     
  3. sonobang

    sonobang TS Rookie Topic Starter

    gah.. I did not know that...
    is ma laptop gonna be alright?..
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    If it is still running now, it will be fine :). I was just letting you know for future reference.
     
  5. sonobang

    sonobang TS Rookie Topic Starter

    phew..thanks..but how about the rootkit.agent?..what is it exactly doing to my laptop and how can I get rid of it?
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    You need to follow the instructions given in my first post :).
     
  7. sonobang

    sonobang TS Rookie Topic Starter

    I did what you told me to do. Hopefully I did everything right.
     

    Attached Files:

  8. sonobang

    sonobang TS Rookie Topic Starter

    oops forgot this
     

    Attached Files:

  9. crunchie

    crunchie Malware Helper Posts: 728

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    C:\pgddypoc.sys
     
  10. sonobang

    sonobang TS Rookie Topic Starter

    scanners found nothing.
     
  11. crunchie

    crunchie Malware Helper Posts: 728

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\pgddypoc.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  12. sonobang

    sonobang TS Rookie Topic Starter

    here you go
     

    Attached Files:

  13. crunchie

    crunchie Malware Helper Posts: 728

    Thats ok. It belongs to Gmer. It creates a random file name when it runs.
    How do things appear now? Are you still having problems?
     
  14. sonobang

    sonobang TS Rookie Topic Starter

    well I was not really experiencing any problem, but according to my internet provider my laptop is continuously spamming through my internet. So they keep banning me whenever I use my internet..
     
  15. sonobang

    sonobang TS Rookie Topic Starter

    ooo I just ran my malwarebytes and the rootkit.agent is finally gone! am I good to go now?
     
  16. crunchie

    crunchie Malware Helper Posts: 728

    Should be if MBA-M came up clean :).

    Let's get rid of Combofix now that we are finished with it.
    • Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

      ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    • [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...