PDA

View Full Version : _agobot-ku_ Worm!



Judah
2007-09-01, 04:52
Hi,

I have a couple questions. I’ll start with this one and post the other after this is solved, if someone can help me out with this.

The first entry in my Run>msconfig>Startup is blank and its ticked.
Using Spybot System Startup, it says this blank entry is

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: system32.exe

Description
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list

This is in the Spybot Report:

--- Startup entries list ---
Located: HK_LM:Run,
command:
file:

I don’t know how long its been there, I found it a couple days ago. I have scanned with TrendMicro online and it came up clean. I scanned with Spybot and Ad-Aware (free) in Safemode, and they both came up clean. My Symantec scan is clean. HijackThis does not show anything out of the ordinary.

I can’t Search my computer for anything cause the Search is broke—always shows “no results”–that’s another post after this one. I also do not have SafeMode. I had to use Run>msconfig>BOOT.INI>Safeboot to scan in safe mode.

Do I need to use something else to find this?

I did do a search of the forum and found conclusions it was a false positive. True?

Thank you.

Judah

md usa spybot fan
2007-09-01, 18:58
Judah:

You have a startup entry that gets interpreted as possibly coming from the W32/Agobot-KU Worm because the namevalue of the entry is blank. Since the entry has no data value it is just an invalid entry in your registry, not the W32/Agobot-KU Worm that would point to program system32.exe.

Judah
2007-09-02, 01:20
Thank you md usa spybot fan. I am so happy to hear that. :yahoo:

So I will just untick it. Or do I need to get rid of it somehow? If so, how?

Thank you again. I'm am so relieved.

P.S. This is a second try at posting this. I get a page that tells me to log in or a IE error page.

md usa spybot fan
2007-09-02, 06:29
You can just untick it or you could also try to highlight the entry on the System Startup screen and then click on the Delete button to remove the entry.

Judah
2007-09-02, 06:44
I used ccleaner. That way there is a backup just in case. So far no problems.

Thanks for your help. :) Have a great weekend