W32/Agent.BNEX!tr.rkit Removal

Struggling with this one.

Windows 7 HP Laptop

FortiClient AV detects W32/Agent.BNEX!tr.rkit at every startup. System runs very slowly and buggy, random aaps crash, etc.

In Safe Mode I have installed and scanned with:

Malwarebutes
SUPERAntiSpyware
Scanning with GMER rootkit tool now

Unable to find a lot about this virus on the web.

The offending files are I think the ones in C:\Users\User\Appdata\Local\ and \Temp

Lots of files named oxxwgfhf and fiqhfqio etc, as well as some suspicious exe's.

I delete them but next normal reboot they return.
LVL 1
hongeditAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
younghvConnect With a Mentor Commented:
The only reference I can find to that Trojan/Rootkit is fairly old (June 2011), so the current tools/scanners should work.

One of the keys to using Malwarebytes now is to run a rogue process stopper immediately prior to the scan.  Details here:
Rogue-Killer-What-a-great-name

You might want to also run TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

Please post the logs here as attachments for all three tools/scanners and we'll take a look at them for you.
0
 
Neil RussellTechnical Development LeadCommented:
"In Safe Mode I have installed and scanned with"

These tools are NOT designed to run in safe mode. You NEED to be running them in a normal boot environment.
0
 
hongeditAuthor Commented:
Oops. I meant I  downloaded and installed them in Safe mode, but scanned in normal.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.