Results 1 to 5 of 5

Thread: _agobot-ku_ Worm!

  1. 2007-09-01, 03:52 #1
    Judah
    Judah is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    23

    Default _agobot-ku_ Worm!

    Hi,

    I have a couple questions. I’ll start with this one and post the other after this is solved, if someone can help me out with this.

    The first entry in my Run>msconfig>Startup is blank and its ticked.
    Using Spybot System Startup, it says this blank entry is

    Current filename:

    Database status: Not required - virus, spyware, malware or other resource hog
    Value:
    Filename: system32.exe

    Description
    Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

    Source: Paul Collins Startup list

    This is in the Spybot Report:

    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:

    I don’t know how long its been there, I found it a couple days ago. I have scanned with TrendMicro online and it came up clean. I scanned with Spybot and Ad-Aware (free) in Safemode, and they both came up clean. My Symantec scan is clean. HijackThis does not show anything out of the ordinary.

    I can’t Search my computer for anything cause the Search is broke—always shows “no results”–that’s another post after this one. I also do not have SafeMode. I had to use Run>msconfig>BOOT.INI>Safeboot to scan in safe mode.

    Do I need to use something else to find this?

    I did do a search of the forum and found conclusions it was a false positive. True?

    Thank you.

    Judah
    Reply With Quote Reply With Quote
  2. 2007-09-01, 17:58 #2
    md usa spybot fan
    md usa spybot fan is offline
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Judah:

    You have a startup entry that gets interpreted as possibly coming from the W32/Agobot-KU Worm because the namevalue of the entry is blank. Since the entry has no data value it is just an invalid entry in your registry, not the W32/Agobot-KU Worm that would point to program system32.exe.

    Getting an answer is one thing, learning is another.

    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
    Reply With Quote Reply With Quote
  3. 2007-09-02, 00:20 #3
    Judah
    Judah is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    23

    Default

    Thank you md usa spybot fan. I am so happy to hear that.

    So I will just untick it. Or do I need to get rid of it somehow? If so, how?

    Thank you again. I'm am so relieved.

    P.S. This is a second try at posting this. I get a page that tells me to log in or a IE error page.
    Reply With Quote Reply With Quote
  4. 2007-09-02, 05:29 #4
    md usa spybot fan
    md usa spybot fan is offline
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    You can just untick it or you could also try to highlight the entry on the System Startup screen and then click on the Delete button to remove the entry.

    Getting an answer is one thing, learning is another.

    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
    Reply With Quote Reply With Quote
  5. 2007-09-02, 05:44 #5
    Judah
    Judah is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    23

    Default

    I used ccleaner. That way there is a backup just in case. So far no problems.

    Thanks for your help. Have a great weekend
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules