[Active] Rootkit Agent keeps coming back like a zombie

[sonobang]

I was researching this for last couple days..with limited internet cause my internet provider kept banning me.
I desperately need help!

 

[crunchie]

Hi and welcome to TechSpot .

Combofix should not be run without direction, as it is not meant as an everyday scanner. It is a powerful tool that can render your pc useless .

==

Please follow the directions given here https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ and post the requested logs.

 

[sonobang]

gah.. I did not know that...
is ma laptop gonna be alright?..

 

[crunchie]

If it is still running now, it will be fine . I was just letting you know for future reference.

 

[sonobang]

phew..thanks..but how about the rootkit.agent?..what is it exactly doing to my laptop and how can I get rid of it?

 

[crunchie]

You need to follow the instructions given in my first post .

 

[sonobang]

I did what you told me to do. Hopefully I did everything right.

 

[sonobang]

Oops forgot this

 

[crunchie]

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\pgddypoc.sys

 

[sonobang]

scanners found nothing.

 

[crunchie]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :file
  C:\pgddypoc.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[sonobang]

Here you go

 

[crunchie]

Thats ok. It belongs to Gmer. It creates a random file name when it runs.
How do things appear now? Are you still having problems?

 

[sonobang]

well I was not really experiencing any problem, but according to my internet provider my laptop is continuously spamming through my internet. So they keep banning me whenever I use my internet..

 

[sonobang]

ooo I just ran my malwarebytes and the rootkit.agent is finally gone! am I good to go now?

 

[crunchie]

Should be if MBA-M came up clean .

Let's get rid of Combofix now that we are finished with it.

• Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  
  ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
•