Solved

W32/Agent.BNEX!tr.rkit Removal

Posted on 2011-09-11
3
865 Views
Last Modified: 2013-11-22
Struggling with this one.

Windows 7 HP Laptop

FortiClient AV detects W32/Agent.BNEX!tr.rkit at every startup. System runs very slowly and buggy, random aaps crash, etc.

In Safe Mode I have installed and scanned with:

Malwarebutes
SUPERAntiSpyware
Scanning with GMER rootkit tool now

Unable to find a lot about this virus on the web.

The offending files are I think the ones in C:\Users\User\Appdata\Local\ and \Temp

Lots of files named oxxwgfhf and fiqhfqio etc, as well as some suspicious exe's.

I delete them but next normal reboot they return.
0
Comment
Question by:hongedit
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36518988
"In Safe Mode I have installed and scanned with"

These tools are NOT designed to run in safe mode. You NEED to be running them in a normal boot environment.
0
 
LVL 1

Author Comment

by:hongedit
ID: 36519028
Oops. I meant I  downloaded and installed them in Safe mode, but scanned in normal.
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 36519227
The only reference I can find to that Trojan/Rootkit is fairly old (June 2011), so the current tools/scanners should work.

One of the keys to using Malwarebytes now is to run a rogue process stopper immediately prior to the scan.  Details here:
Rogue-Killer-What-a-great-name

You might want to also run TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

Please post the logs here as attachments for all three tools/scanners and we'll take a look at them for you.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now