• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

A rootkit.agent/gen-rx problem

   Looks like it's time for me to "hat-in-hand" get in line to have Quads take a look at my system.  Last weekend all scans were clean.  Today when I did a scan in safe mode, Malwarebytes' found 17 Trojan.BHO infected files, log attached.  I then ran Super AntiSpyware and it found 2 tracking cookies and 3 Rootkit.agent files, log attached.  I then ran HiJackThis, file also attached. Norton never showed anything?  I did go to a green check mark site, but later received word from them that someone hacked into their site and deleted a lot of files.  Perhaps their message carried more than just that alert. 

   Just waiting for instructions.

Replies

Kudos0

Re: A rootkit.agent/gen-rx problem

   Looks like it's time for me to "hat-in-hand" get in line to have Quads take a look at my system.  Last weekend all scans were clean.  Today when I did a scan in safe mode, Malwarebytes' found 17 Trojan.BHO infected files, log attached.  I then ran Super AntiSpyware and it found 2 tracking cookies and 3 Rootkit.agent files, log attached.  I then ran HiJackThis, file also attached. Norton never showed anything?  I did go to a green check mark site, but later received word from them that someone hacked into their site and deleted a lot of files.  Perhaps their message carried more than just that alert. 

   Just waiting for instructions.

Kudos0

Re: A rootkit.agent/gen-rx problem

Hi, PC_confused,

In your Malwarebytes' Anti-Malware Scan, it says "No action taken" against all Threats; did you Remove them?  You might have to Re-Start the computer to Remove them from your system.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: A rootkit.agent/gen-rx problem

Sorry, Floating_Red, I did shutdown and restart the PC and again ran the Malwarebytes' program.  This time it didn't find any Infected files or folders.  I just sent that first log, to show what was found.  Here is the log showing those Trojan.BHO Files were Quarantined and Deleted successfully.
Kudos0

Re: A rootkit.agent/gen-rx problem

Thanks for letting us know, and for your co-operation.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: A rootkit.agent/gen-rx problem

Please Run a SysProt Log for us so we can check your system for Rootkit Activity. You will need to Disable Norton AntiVirus Auto-Protect while you Run the Scan.  You might need to Install the SysProt AntiRootkit to your Desktop for it to Run/Start.

Choose Report or Log, check all the boxes and Scan.

You will be able to Post the Log here using the "Add Attachments" Link just below the orange "Post" button.

Please make sure you Enable Norton AntiVirus Auto-Protect when the Log has been Created.

http://homepages.slingshot.co.nz/~crutches/SysProt

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: A rootkit.agent/gen-rx problem

 Looks like the file is too large, 1,450 KB.   I'll try to split them up. 
Kudos0

Re: A rootkit.agent/gen-rx problem

Here are part of the logs.
Kudos0

Re: A rootkit.agent/gen-rx problem

here is the Ports SysProtLog.  Hidden Files is too large to send.  Any way around the size limit?

File Attachment: 
Kudos0

Re: A rootkit.agent/gen-rx problem

Here is the first half of the Hidden Files
File Attachment: 
Kudos0

Re: A rootkit.agent/gen-rx problem

Hi

Looks as though "Rootkit.Agent/Gen-Rx" is a False Positive

BUT

Trojan.BHO was for real

Quads 

Kudos0

Re: A rootkit.agent/gen-rx problem

I think I must still be doing something wrong.  All of those files show "Access Denied", are they suppose to?  What can I check?  I've disabled NAV Auto Protect, shutdown SpySweeper, removed S&D and turned off Real Time checking from Microsoft Defender.  I have not been able to find and turn off Microsoft's Malicious Software Removal Program, should that matter?  I am logged in to an Administrator account.  What else can I check?

Kudos0

Re: A rootkit.agent/gen-rx problem

Hi

What files have "access denied"??

Quads 

Kudos0

Re: A rootkit.agent/gen-rx problem

  Quads, 

  Thanks for replying.  If I looked at those Hidden Files I posted, using that SysProt program, both the files in the first half and the second half all seemed to show "Access Denied". 

   I just finished running Malwarebytes' and SUPERAntiSpyware again and it found those 14 Trojan.BHO files and those Adware tracking cookies and the Rootkit.agent/Gen-Rx files.  This time it found them in the Restore File folder so I guess I'll be deleting all those restore points and erasing all my backed up hard drive files.  Then I'll run Malwarebytes' and SUPERAntiSpyware programs again.  Hopefully this time they won't find anything.

   I am happy that you think those Rootkit files may be a "False Positive" and I hope I don't get many more of those False alerts. 

This thread is closed from further comment. Please visit the forum to start a new thread.