Scan with Trend Micro indicates infection with rtkt_agent.err.

dholsomback
dholsomback used Ask the Experts™
on
It indicates file name is efdb.sys in windows\system32, but I cannot delete this file.  Any suggestions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I don't know what efdb.sys is but if you've deemed it to be safe to delete, first try Safe Mode. If you can't delete it there either, you can use Winternals ERD Commander (Microsoft Diagnostics and Recovery Toolkit) or BartPE to boot into a windows-like environment and delete the file. Also run through the registry and make sure there is no entry for it so you don't get errors during startup.
Sudeep SharmaTechnical Designer

Commented:
Get a copy of Autoruns from Microsoft and search for the efdb.sys

http://download.sysinternals.com/Files/Autoruns.zip

Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.

Name the file "filename.arn" (filename could be any name)

You might want to zip the arn file before posting it here for further analysis.

Sudeep
Top Expert 2009
Commented:
Try Tdsskiller and Hitmanpro. If it is being deemed as a rootkit then one of them has a good chance of detecting and removing
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial