Rootkit.agent str.sys

Status
Not open for further replies.
S

Shaolin

Hi,

I am helping with a friends computer. He had managed to get himself infected with various malware, trojan and viruses. One of which according to the log files had switched off his antivirus and windows firewall.
I have installed mbm and removed the majority of them, which enabled me to switch the antivirus (AVG) prorgam back on. I have now installed comodo and run CC, Spybot, Super Anti-spyware, Hijackthis and Combofix.
mbam still says rootkit.agent is present at str.sys
I have tried to delete this using reboot, and fileassasin, but no joy.
Combofix said it fixed it, but a different version of rootkit has appeared and now AVG is saying mbam files are a virus - packed.rolex.

I have included the log files from the scans. I hope someone can help me.
 
Delete AVG and download and install Avast free antivirus. Run Avast, and take care of any malware found. Repost the 3 logs (Hijack, mbam, and SuperAntiSpyware)
 
You should look for & delete skynet*.* and tccp*.* files in the c:\windows\system32\drivers folder as well. Skynet.sys infection often places files in the drivers folder. Mbam & other scans may have removed them, but you should verify that they don't exist just to be safe.

Hope that helps.
Zyldar
 
OK. I have removed AVG and installed Avast. Avast did a preboot virus scan on the reboot. I have included the new logs. More trojans and various other things are being discovered as you can see.
Combofix found and deleted 5 SKYNET files in drivers.
 
As I havent reboot since Avast was installed and did the preboot, is it worth rebooting to scan again and see if the rootkit has reappeared?
 
Try this to remove rootkits. It has worked for me.. What it does is rename the malicious files so that they cannot reload at boot up time
McAfee Rootkit Detective

It is a standalone program and does not install anything. It simply scans and renames
 
I have rebooted twice, and run malware, antispyware, hijack and avast and it now seems to be completely clean. I ran the mcafee rootkit detective too and it said it couldnt find anything. So thanks everyone for your help, but it would seem like we have a clean machine.

So thanks again.
 
Status
Not open for further replies.

Similar threads

Turkeychopio
Solved Unknown process taking up RAM
Replies
8
Views
2K
Broni
Broni
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
midian182
Mystery of LG washing machine using 3.6GB of data daily could have a simple explanation
2
Replies
37
Views
739
ZedRM
ZedRM

Latest posts

Back