1 reply to this topic

[Morganboy]

I picked these up the other day making a huge mistake trying to download one of those programs to capture You Tube vids.

A scan revealed

Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

But after a reboot and a scan they are still there. I realize root infections are nasty! Neither one of these files ever shows up when I use explorer to find them. I thought of filing in the false positive part of your forum, but suspect I really have a problem.

Note: If I signon to my system under a different user name (non-admin) and run a scan the infections don't show up.

I'm new to this forum and not sure what information I need to post to assist in finding solutions to this problem.

[DaChew]

Follow the directions in this guide

http://www.malwareby...?showtopic=9573

Post the reccomended logs in this forum

http://www.malwareby...php?showforum=7

Be patient and one of the HJT specialists will be along to help with that rootkit