[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1099
  • Last Modified:

Virus -

I have the latest Trend Virus with the Damecleanup.. I checked the logs and all computers are up to date.. But yet.. i still get alerts from machines that have this problem. Any suggestions what else to do..?

Virus Alert!!
WORM_AGOBOT.AKN is detected on KIP-PPC(KIP-PPC) in Workgroup domain.
Infected file: C:\WINNT\windb.exe
Detection date: 2005.04.05 13:31:55
Action: Virus successfully detected, cannot perform the Clean action (Cannot perform the Quarantine action)
0
shoris
Asked:
shoris
  • 3
  • 2
  • 2
  • +3
1 Solution
 
gpriceeeCommented:
Trend has a link for removal of this virus.  If automatic removal does not work, use the microsoft links.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FAGOBOT%2EGEN&VSect=Sn
0
 
nobusCommented:
try housecall :

http://housecall.trendmicro.com/     
0
 
FalconHawkCommented:
"Action: Virus successfully detected, cannot perform the Clean action (Cannot perform the Quarantine action)"

See this line? it means that trend couldnt remove or quarantine the virus. so, that why u keep getting virus alerts. for the rest, just follow gpriceee`s link for the removal instructions for manual removal
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gpriceeeCommented:
Have you had any success?  In the meantime, you can set your Trend options to delete and then run the scan again.
0
 
shorisAuthor Commented:
I have had no success what so ever. How do i set the trend options to delete and then run the scan again?
0
 
FalconHawkCommented:
If trend cant quarantine it, it will also most likely fail to delete it. This is most probally going to be a manual operation.

Ok, Boot windows in safe mode (F8 at startup) And go to the WINNT map and simply delete the file. Safe mode is needed since appears the file is in use.
0
 
rvisionCommented:
Also whenever using safemode always try and logon as administrator
0
 
Scissors73Commented:
This is a fun one, It's been a while since I had to remove agobot/gaobot.  But it pretty much has to be a manual thing.  Different varients hide in different places, so i'll give you the all inclusive fix.

1. Disable system restore
2. Restart and go into safe mode (F8)
3. Start -> Run -> msconfig
   3a. Services tab
   3b. <Check> Hide all microsoft services
   3c. Uncheck anything you don't recognize.  Some varients have different names, the most common service is Configuration Loading
4. c:\windows\prefetch -> select all -> delete
5. Start -> Search -> Files and Folders -> Advanced -> <Check> ...Hidden files and folders -> windb.exe
   5a. Delete all found
6. Delete all temporary files and temporary internet files
7. Start -> Run -> regedit (note: if you are unfamiliar with windows registry don't proceed, you can potentially cause more problems)
   7a. File -> Export -> (this is a backup...just in case)
   7b. find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   7c. Remove anything involving windb.exe
   7d. find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   7e. Remove anything involving windb.exe
8. Reboot and scan
0
 
shorisAuthor Commented:
Actually, I had to re-install one of the patches from Microsoft. I used a batch file to distribute to the network, rebooted the machines and then re-ran the virus check and it found it and cleaned it. In trend I noticed two computers that were polling the most from the network and those two machines i manually re-installed the exe patch from Microsoft and re-ran the virus check and it seemed to work.
0
 
gpriceeeCommented:
Have you also patched Trend?  
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now