• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 931
  • Last Modified:

W32/Agent.BNEX!tr.rkit Removal

Struggling with this one.

Windows 7 HP Laptop

FortiClient AV detects W32/Agent.BNEX!tr.rkit at every startup. System runs very slowly and buggy, random aaps crash, etc.

In Safe Mode I have installed and scanned with:

Malwarebutes
SUPERAntiSpyware
Scanning with GMER rootkit tool now

Unable to find a lot about this virus on the web.

The offending files are I think the ones in C:\Users\User\Appdata\Local\ and \Temp

Lots of files named oxxwgfhf and fiqhfqio etc, as well as some suspicious exe's.

I delete them but next normal reboot they return.
0
hongedit
Asked:
hongedit
1 Solution
 
Neil RussellTechnical Development LeadCommented:
"In Safe Mode I have installed and scanned with"

These tools are NOT designed to run in safe mode. You NEED to be running them in a normal boot environment.
0
 
hongeditAuthor Commented:
Oops. I meant I  downloaded and installed them in Safe mode, but scanned in normal.
0
 
younghvCommented:
The only reference I can find to that Trojan/Rootkit is fairly old (June 2011), so the current tools/scanners should work.

One of the keys to using Malwarebytes now is to run a rogue process stopper immediately prior to the scan.  Details here:
Rogue-Killer-What-a-great-name

You might want to also run TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

Please post the logs here as attachments for all three tools/scanners and we'll take a look at them for you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now