SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Software Support » Computer Security » System32.exe Agobot-Ku worm

Computer Security

Discuss Computer Security- Viruses, Adware, Spyware, etc...

Reply
 
LinkBack Thread Tools
  #1 (permalink)  
Old 09-12-2008, 10:00 AM
Herman1's Avatar
Herman1 Herman1 is offline
Junior Member
 
About:
Join Date: Aug 2008
Posts: 10
Herman1 is on a distinguished road

Default System32.exe Agobot-Ku worm


Can anyone tell me how to get rid of this virus.

Thanks



Reply With Quote
  #2 (permalink)  
Old 09-12-2008, 12:09 PM
lurkswithin's Avatar
lurkswithin lurkswithin is offline
Senior Member
 
About:
Join Date: Jan 2008
Location: Texas
Posts: 1,233
lurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura about

Default


Quote:
Originally Posted by Herman1 View Post
Can anyone tell me how to get rid of this virus.

Thanks
It is not a virus. It is a worm/trojan...which is slightly different.

Spybot S&D can get rid of it from safe mode or after you kill the process that starts it.

control, Alt, Del keys at the same time to bring up task manager. Choose processes and look for the

System 32 .exe. file ****NOTE**** the one you want is the one with blank information after the listing.
stop the process and then run spybot.



Reply With Quote
  #3 (permalink)  
Old 09-13-2008, 01:08 AM
Herman1's Avatar
Herman1 Herman1 is offline
Junior Member
 
About:
Join Date: Aug 2008
Posts: 10
Herman1 is on a distinguished road

Default


Unfortunately skybot S&D did not remove the worm in safe mode. I will keep denying the change until I can figure out how to get rid of it. Thanks for the suggestion.



Reply With Quote
  #4 (permalink)  
Old 09-13-2008, 03:54 AM
lurkswithin's Avatar
lurkswithin lurkswithin is offline
Senior Member
 
About:
Join Date: Jan 2008
Location: Texas
Posts: 1,233
lurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura about

Default


where are you getting this information about change from?

This might be a false possitive as spybot should have gotten rid of it!

Clean out all your temp files!

Run Ccleaner registry cleaner and delete what it finds.



Reply With Quote
  #5 (permalink)  
Old 09-14-2008, 11:27 PM
Herman1's Avatar
Herman1 Herman1 is offline
Junior Member
 
About:
Join Date: Aug 2008
Posts: 10
Herman1 is on a distinguished road

Default


I forgot to disable teatimer the previous time. I also ran all my other security software (avira, spyware, ccleaner, atf cleaner while I was in safe mode). It appears that the worm has been removed. It does not show up in the msconfig start menu anymore.

I did find I had to restart my computer in "last known config" after starting in safe mode though.

I need to read more about spybot, the help menu is pretty generic. There is some info I am not too sure about.

Thanks again for your support lurkswithin.



Reply With Quote
  #6 (permalink)  
Old 09-15-2008, 01:54 AM
lurkswithin's Avatar
lurkswithin lurkswithin is offline
Senior Member
 
About:
Join Date: Jan 2008
Location: Texas
Posts: 1,233
lurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura about

Default


I forgot about the teatimer in SpybotS&D. I never download it or use that part.



Reply With Quote
Reply




Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: rar file with worm edlal Computer Security 3 01-16-2007 05:54 PM
New Bagle Email Worm Spreading via Encrypted Zip File Sami News 0 06-22-2006 01:37 AM
Yahoo Messenger worm Installs Unsafe "Safety Browser" Sami News 0 05-22-2006 12:30 AM
Feebs Worm Spreads via email, P2P and More Sami News 0 04-23-2006 01:51 AM
Hackers Worm Into Hard Disk Via HP Printer Software Sami News 0 04-07-2006 01:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on



» Ads



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54