TechSpot

Rootkit.agent str.sys

By Shaolin
Sep 7, 2009
  1. Hi,

    I am helping with a friends computer. He had managed to get himself infected with various malware, trojan and viruses. One of which according to the log files had switched off his antivirus and windows firewall.
    I have installed mbm and removed the majority of them, which enabled me to switch the antivirus (AVG) prorgam back on. I have now installed comodo and run CC, Spybot, Super Anti-spyware, Hijackthis and Combofix.
    mbam still says rootkit.agent is present at str.sys
    I have tried to delete this using reboot, and fileassasin, but no joy.
    Combofix said it fixed it, but a different version of rootkit has appeared and now AVG is saying mbam files are a virus - packed.rolex.

    I have included the log files from the scans. I hope someone can help me.
     
  2. Shaolin

    Shaolin TS Rookie Topic Starter

    The rest of the log files....
     
  3. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Delete AVG and download and install Avast free antivirus. Run Avast, and take care of any malware found. Repost the 3 logs (Hijack, mbam, and SuperAntiSpyware)
     
  4. Zyldar

    Zyldar TS Rookie Posts: 34

    You should look for & delete skynet*.* and tccp*.* files in the c:\windows\system32\drivers folder as well. Skynet.sys infection often places files in the drivers folder. Mbam & other scans may have removed them, but you should verify that they don't exist just to be safe.

    Hope that helps.
    Zyldar
     
  5. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Shaolin,
    set your antivirus to do a scan upon a reboot, outside of Windows
     
  6. Shaolin

    Shaolin TS Rookie Topic Starter

    OK. I have removed AVG and installed Avast. Avast did a preboot virus scan on the reboot. I have included the new logs. More trojans and various other things are being discovered as you can see.
    Combofix found and deleted 5 SKYNET files in drivers.
     
  7. Shaolin

    Shaolin TS Rookie Topic Starter

    As I havent reboot since Avast was installed and did the preboot, is it worth rebooting to scan again and see if the rootkit has reappeared?
     
  8. gguerra

    gguerra TS Maniac Posts: 317

    Try this to remove rootkits. It has worked for me.. What it does is rename the malicious files so that they cannot reload at boot up time
    McAfee Rootkit Detective

    It is a standalone program and does not install anything. It simply scans and renames
     
  9. Shaolin

    Shaolin TS Rookie Topic Starter

    I have rebooted twice, and run malware, antispyware, hijack and avast and it now seems to be completely clean. I ran the mcafee rootkit detective too and it said it couldnt find anything. So thanks everyone for your help, but it would seem like we have a clean machine.

    So thanks again.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...