Solved

W32/Agent.BNEX!tr.rkit Removal

Posted on 2011-09-11
3
860 Views
Last Modified: 2013-11-22
Struggling with this one.

Windows 7 HP Laptop

FortiClient AV detects W32/Agent.BNEX!tr.rkit at every startup. System runs very slowly and buggy, random aaps crash, etc.

In Safe Mode I have installed and scanned with:

Malwarebutes
SUPERAntiSpyware
Scanning with GMER rootkit tool now

Unable to find a lot about this virus on the web.

The offending files are I think the ones in C:\Users\User\Appdata\Local\ and \Temp

Lots of files named oxxwgfhf and fiqhfqio etc, as well as some suspicious exe's.

I delete them but next normal reboot they return.
0
Comment
Question by:hongedit
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36518988
"In Safe Mode I have installed and scanned with"

These tools are NOT designed to run in safe mode. You NEED to be running them in a normal boot environment.
0
 
LVL 1

Author Comment

by:hongedit
ID: 36519028
Oops. I meant I  downloaded and installed them in Safe mode, but scanned in normal.
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 36519227
The only reference I can find to that Trojan/Rootkit is fairly old (June 2011), so the current tools/scanners should work.

One of the keys to using Malwarebytes now is to run a rogue process stopper immediately prior to the scan.  Details here:
Rogue-Killer-What-a-great-name

You might want to also run TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

Please post the logs here as attachments for all three tools/scanners and we'll take a look at them for you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now