Sign In
Create Account
Sorry for posting this without reading other threads to see what the suggestions already being passed on are. I'm atrociously busy these days, but I wanted to pass on the information I learned in finally managing to rid myself of fakealert, vundo and agent after a 3 day infection. Malwarebytes cleans up most of the files at issue, but was still leaving behind the rootkit.agent, and was--of course--unable to wipe this at boot.
At first I was, mistakenly, focusing on trying to find a way to beat the access protection and delete the file. I made boot disk, tried removal utilities, tried to change it's load priority in the registry--etc.
What worked? It's locked because it's loading on startup as a system driver. It's loading the driver, because agent installed itself as a hardware item. In my device manager I enabled the view of hidden devices, and found it under the same name as the driver, listed under the Non plug-and-play devices section. Disabling the device and rebooting allowed me to remove the device and my malwarebytes' scans are now clean.
I hope this information is useful--I remember noting the large number of recent threads on being unable to install this rootkit when I came here looking for info.
Best luck!
0
Getting rid of agent, vundo;
Started by Guest_bugmenot_*, Dec 07 2008 09:45 PM
Back to top
#2
Posted 07 December 2008 - 09:52 PM
-
- Members
-
- 24 posts
New Member
Boot of your OS disc and "recover Windows by using the recovery console"
Or something similarly labeled; I cannot remember the exact name even though I used it successfully today!
Make sure to record the path of the infected files. The parameters are:
del [path]
Example:
C:\system32\del C:\55d.exe
Or something similarly labeled; I cannot remember the exact name even though I used it successfully today!
Make sure to record the path of the infected files. The parameters are:
del [path]
Example:
C:\system32\del C:\55d.exe
Windows 7. Norton AntiVirus 2009 installed. Satisfied.
#3
Posted 07 December 2008 - 09:59 PM
-
- Moderators
-
- 1,648 posts
Forum Deity
- Gender:Male
Hello.
Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
During this scan and cleanup process you should not install any other software unless requested to do so.
Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
During this scan and cleanup process you should not install any other software unless requested to do so.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
