Manually remove Trojan downloader: Rootkit.Win32.Agent.b

Posted on Thursday, 24 June 2010

trojan downloader: Rootkit.Win32.Agent.b

Risk level: Medium

virus symptoms

The sample is a downloader which was developed by “VC”, the size of “78,848 bytes” , icon “
“, Virus extension” exe “, the virus main purpose is to download and run the exe list of designated sites, to Slow down quickly infected the operating system, and turn the computer back door, the computer user’s security at risk.
After the user’s computer was infected, there will be computer and network running slow, there caused all kinds of viruses affecting user privacy disclosure and the phenomenon of computer users, even lead to not enter the operating system.

Infected OS

Windows 2000/Windows XP / Windows 2003/Windows Vista / Windows 7

Transmission

Download tools to disseminate

Manual solutions (only for those who download, do not apply to the downloading of viruses):

1, manually delete the following files

% Sytemroot% \ system.exe

2, manually delete the following Registry

Key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Value: system
Data:% Sytemroot% \ system.exe

Variable declaration:

% SystemDriver% system where the disk partition, usually “C: \”
% SystemRoot% WINDODWS directory, usually “C: \ Windows”
% Documents and Settings% user documentation directory, usually “C: \ Documents and Settings”
% Temp% temp folder, usually “C: \ Documents and Settings \ current user name \ Local Settings \ Temp”
% ProgramFiles% system program default installation directory, typically: “C: \ ProgramFiles”

The virus creates files:

% ProgramFiles% \ rav \ CDriver.sys
% ProgramFiles% \ rav \ CDriver.inf
% SystemRoot% \ xxxxxx.dll (random name)
% SystemRoot% \ xxxxxx.dll (random name)

Virus delete the files:

The virus itself
% ProgramFiles% \ rav \ CDriver.sys
% ProgramFiles% \ rav \ CDriver.inf

Virus to create the registry:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ system

Access the network:

http://sh16 .*****. com: 8080/sh16/d.txt
1: http://sh16 .*****. com: 8080/ok.exe
1: http://sh16 .*****. com: 8080/a02.exe
1: http://sh16 .*****. com: 8080/a05.exe
1: http://sh16 .*****. com: 8080/a17.exe
1: http://sh16 .*****. com: 8080/a31.exe
1: http://sh16 .*****. com: 8080/a14.exe
1: http://sh16 .*****. com: 8080/a4.exe
1: http://sh16 .*****. com: 8080/a03.exe
1: http://sh16 .*****. com: 8080/a09.exe
1: http://sh16 .*****. com: 8080/a07.exe
1: http://sh16 .*****. com: 8080/a10.exe
1: http://sh16 .*****. com: 8080/a24.exe
1: http://sh16 .*****. com: 8080/a13.exe
1: http://sh16 .*****. com: 8080/a30.exe
1: http://sh16 .*****. com: 8080/a04.exe
1: http://sh16 .*****. com: 8080/a01.exe
1: http://sh16 .*****. com: 8080/a08.exe
1: http://sh16 .*****. com: 8080/a19.exe
1: http://sh16 .*****. com: 8080/a11.exe
1: http://sh16 .*****. com: 8080/a25.exe
1: http://sh16 .*****. com: 8080/a16.exe
1: http://sh16 .*****. com: 8080/a21.exe
1: http://sh16 .*****. com: 8080/a27.exe
1: http://sh16 .*****. com: 8080/a12.exe
1: http://sh16 .*****. com: 8080/a23.exe
1: http://sh16 .*****. com: 8080/a26.exe
1: http://sh16 .*****. com: 8080/a15.exe
1: http://sh16 .*****. com: 8080/a18.exe
1: http://sh16 .*****. com: 8080/a20.exe
1: http://sh16 .*****. com: 8080/a22.exe
1: http://sh16 .*****. com: 8080/a28.exe
1: http://sh16 .*****. com: 8080/a29.exe
1: http://sh16 .*****. com: 8080/a06.exe
1: http://sh16 .*****. com: 8080/a1.exe
1: http://sh16 .*****. com: 8080/a2.exe
1: http://sh16 .*****. com: 8080/a3.exe
1: http://sh16 .*****. com: 8080/a5.exe
1: http://sh16 .*****. com: 8080/b16.exe
1: http://sh16 .*****. com: 8080/k16.exe
1: http://sh16 .*****. com: 8080/tj.exe
1: http://sh16 .*****. com: 8080/down.exe

Share this Post:

Tagged with: downloader, remove Rootkit.Win32.Agent.b, Trojan

1,557 Responses to “Manually remove Trojan downloader: Rootkit.Win32.Agent.b”

Trackbacks are disabled.

public relations firm

Radio Control Shop

plumbing repairs auckland

phone number numerology

interior doors

successful home business

canterbury massage

holistic Health

what is my car worth

Kopa lagenheter i Antalya

siker

music lovers

Bulk Email

science fiction posters

HQ Kiteboard

Repossession

Affordable California Web Design

Track Internet Usage

science fiction books

Hosted QuickBooks 2012

Business Gas

plumber leeds

generating ebook leads online now

Financial Planning Process

fat loss 4 idiots book

Caralluma Actives reviews

search engine optimisation

ottawa website developer

Foundation Financial Group

Middletown Real Estate

Add A Website

public relations firm

Plumber Fairfax VA

weight loss supplements for women

Conservatory Furniture

dating

free ps3

Automotive Locksmith Chicago

tesla free energy generator

Golf in Tucson

stamp collecting

average cost of chain link fence installation

Watch Puss In Boots Online

Immigration Lawyer Denver Colorado Attorney

gambling systems

smell vagina

big chandelier earrings

LED Lighting

Online dating

Buy Guaranteed Facebook Fans

your over 35 week by week pregnancy guide

watch shows online

Criminal Law San Luis Obispo

exercises to tone stomach

Ira Retirement calculator

pokies

Business Coach Training

andis dog clippers

Dating Tips and Advice

earn money from home

Joe

order plus ones

profile editor 2.5 download

hotels in vienna

rising stars of india

crystal heels

custom essays

A Very Harold and Kumar Christmas Full Movie

Pine Doors

Watch 11-11-11 Online

Watch The Rum Diary Online

Richmond IN foundation repairs

Organic Shampoo

bridal gown in Santa Maria CA

Personal Development Resources

hair restoration fast

Download iPad eBooks for FREE here

Seyego

home security systems Flushing NY

Watch A Very Harold and Kumar Christmas

Paperli

High Risk Merchant Account

Foundation Financial Group

global information network

Flight Simulator

search by phone number

tire and rim packages

Automotive Repair Deer Park Vic

gander mountain coupons 2011

where to buy rings

Build chicken coops

Incandescent Light Bulb Price

meal replacement shakes

Kaiser Permanente jobs

mobile marketing trends

where to go on vacation

How to get rid of blackheads

myrtle beach campround

roxy bathing suits

xentec hid review

wholesale real estate

Dentist in Laredo

sigil tedavisi

3d butterfly wall art

kundali

Gate Repairs

play flash games

buy twitter followers

diet solution program

Zebra skin

how to configure linksys router

cigar samplers

Home builders Melbourne

Flash Games All World Languages

Army Knowledge Online

option trading education

online backup

coolest guy in the makati

play chess against computer

Quality chiropractic

jeep wrangler

lethbridge plumbing contractors

32 inch lcd tv

Rap Beat Making Software

Movies Downloading Sites

paintball sniper rifle

secret commission system

floor mats for trucks

Watch Breaking Dawn Online

Habbo Cheats

Power wheels dune racer

ls7 crate engine

medjool dates

Carpet Cleaning RI

bad credit car leasing

website design orange county

leather sectional sofa

hang pictures without nails

subprime car finance

TMJ Dentist Orange County

sectional couch

bug detector

dining solutions direct

REMODELING KITCHEN PORTLAND | 503-692-3115 | WAYNE S. RANDALL

Microlending

Yoga Teacher Training in India

Imperial Agent Abilities Tree

iron horse solutions

PPTP, L2TP, & SSTP

Babyliss pro hair dryer

Hostgator Cyber Monday

oil change coupons

Burlington coat factory coupons

cape cod hotels

Statesville Ice Cream

Global Capital Finance News

bankruptcy attorney bellevue

African Mango

Best Web Hosting

dining solutions direct

Learner Driver Insurance

Creepy Adventure

online business ideas

clothing

finance

Statesville Ice Cream

boucheron perfume

intercambio banners

grow taller 4 idiots review

Accounting Basics

Legal Aid Services San Jose

Asian Tiger Mosquito

Twilight Breaking Dawn Part 2

Lavon TX Christmas Lights Installation

online public relations

Schrotthandel

Georgia DUI Penalties

i phone apps

Twilight Breaking Dawn Part 2

Cyber Monday Hosting

Twilight Breaking Dawn FULL MOVIE

lebanese-restaurants-brisbane

T-Shirt drucken lassen

horoscope by date of birth

No flour no sugar

Twilight Breaking Dawn FULL MOVIE

Twilight Breaking Dawn Part 2

Backcountry

Twilight Breaking Dawn Part 2

top online sports betting sites

Omegle

Sporting Goods

chicken recipes for dinner

Hostgator Black Friday

Trojan Vibrations Coupon Codes

monoculars

domination by women

Locksmith Sutton Coldfield

phillip cannella iii

Bedroom Furniture Stores

Plumber Vallejo CA

Skiing

garbage disposal repair

Buy Web Traffic

Twilight Breaking Dawn FULL MOVIE

shop firearms

Adventures

Twilight Breaking Dawn FULL MOVIE

the way health insurance works

film television comedy

Twilight Breaking Dawn FULL MOVIE

raadslid

i need money

car lease costa rica

GRAPHIC DESIGN JOHANNESBURG

REALTOR In Vancouver BC

viviscal hair vitamins

watch twilight online

LLBean Coupon

Beyonce

personal injury solicitor

Barnes and Noble Nook Coupons

buy deca durabolin

Bergners Coupon

Mancino's of Big Rapids

white ceramic watch

white ceramic watches

Buy cell phones on sale - Android & Blackberry

ite madrid

leaflet delivery

Environmental Training Courses

satellite tv

Toralei Stripe

onkelseoserbe

Side Effects of Citalopram

business coach

buy investment property

floor coverings

survival

liberty reserve hosting

Panasonic Projectors

puppy breeders

leather aviator jackets

Car Shipping Rates

http:/www.givovafranchising.com

IPO Services

website design auckland

hair restoration for men

home alarm system

web design and development

schwinn 420 elliptical machine

Predictive Maintenance

inventory management software

best vitamins for men

fundraising

top rated workout supplements

how to get bigger breast naturally

ceramic watch

skeleton watch

automatic watch winder

birth injury claims

cake decorations

Press release samples

omegacabinets

Gem Opal rockface

improving your credit score

Internet Advertising Marketing

hair loss in souther carolina

extended car warranty comparison

path too long utility

dyson dc25 animal vacuum reviews

kindle screen problem

Pizza Hut Coupon Code

Pizza Hut 2012 Coupon Codes

debt consolidation companies

Drapery

kosttillskott

debt consolidation companies

good company names

resume objective

careers working with animals

herbs

Trojan Vibrations Coupons

Victoria secret coupons

facebook games facebook games

Asian Tiger Mosquito

neil asher

rebuilding credit after bankruptcy

credit cards after bankruptcy

Wholehous dehumidifiers

unlock iphone 3g 4.1

DUI Penalties

Get rid of acne fast

homes for sale in Charlotte

Search Engine Submitter

log splitter reviews

radiography

sbobet

black stand up comedians

Sua tuoi

protective life insurance

ways to become a famous singer

razor electric scooter reviews says:

2012-02-29 at 7:00 am

You really make it seem really easy together with your presentation however I find this matter to be actually something that I believe I’d never understand. It sort of feels too complicated and extremely extensive for me. I am taking a look forward for your subsequent post, I will try to get the cling of it!

Projektowanie Stron Www Gorzow says:

2012-01-24 at 10:30 am

As a Newbie, I am constantly searching online for articles that can be of assistance to me. Thank you

Fast Cash Commission Guy says:

2011-10-27 at 4:05 pm

Very useful article, I personally was delighted to come across your blog on the internet. I decide to put a link in my blogging site consequently my site visitors could very well get through to yuor web blog. Don’t hesitate to take a look.

novelty motorcycle helmets says:

2011-10-25 at 11:31 am

Cool sites…

[...]we came across a cool site that you might enjoy. Take a look if you want[...]……

how to get rid of man boobs says:

2011-10-25 at 11:12 am

Hello…..

Thanks for sharing superb informations. Your web-site is very cool. I’m impressed by the details that you’ve on this site. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my frie…

External Wall U Value says:

2011-10-25 at 8:21 am

Yummy Reading…

I appreciated the story….

phone answering service says:

2011-10-25 at 7:24 am

Looking around…

I like to look around the web, often I will go to Digg and read and check stuff out…

Lindsay Ellingson Weight says:

2011-10-25 at 5:35 am

Tumblr article…

I saw a writer writing about this on Tumblr and it linked to…

Holidays To The Maldives 2011 says:

2011-10-25 at 4:04 am

What…

I can befittingly claim that we didn’t like it….

best attorney says:

2011-10-24 at 8:51 pm

Visitor recommendations…

[...]one of our visitors recently recommended the following website[...]……

PV Solar Panels says:

2011-10-24 at 6:51 pm

Hi…..

I have recently started a web site, the information you provide on this site has helped me tremendously. Thank you for all of your time & work. “It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” by S…

Best Skin Tightening Cream says:

2011-10-24 at 12:25 pm

Hiya…..

Nice read, I just passed this onto a friend who was doing some research on that. And he just bought me lunch because I found it for him smile Therefore let me rephrase that: Thanks for lunch! “England and America are two countries separated by the sam…

Buy & Sell Services, $5 to $100 - Australia says:

2011-10-24 at 6:16 am

Wow…..

I really appreciate this post. I’ve been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thank you again! “All that is gold does not glitter not all those that wander are lost.” by J. R. R. Tolkien….

basista furniture says:

2011-10-24 at 2:36 am

Links…

[...]Sites of interest we have a link to[...]……

« Previous 1 ... 20 21 22

PC solutions

Give you Professional Suggestions

Manually remove Trojan downloader: Rootkit.Win32.Agent.b

1,557 Responses to “Manually remove Trojan downloader: Rootkit.Win32.Agent.b”

Leave a Reply:

Popular Articles

latest comments

Tags

Category

Archives

Links

Pages