I am dumb with pc's.. pls add my msn and help me! MSN removed by Moderator. im only 15 and just got a pc! pls help im a desperate girl who wants to play her world of warcraft without FEAR! i hate these damd poopie pop ups. i see how to remove but .. gah HELP PLS. someone with a heart.

the dam thing is called Rootkit.angent

1. We do not provide any private assistance via IM, email or Private Messaging.

2. How do you know you have "rootkit.angent"? Please post whatever log is telling you that. Do not post the log as an attachment. Open it with Notepad, go to the Format menu and uncheck Word Wrap, then copy and paste it into a post to this topic.

Well i reinstalled my zone alarm suite, AVG, and some other stuff..

Malwarebytes' Anti-Malware 1.01
Database version: 309

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 27799
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChange) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> No action taken.

i think i removed all but "Rootkit.win32.agent" zone alarm keeps poping up saying remove.. then rename.. then remove on reboot. but it wont go away.

please help i am not very good at this stuff. sorry i posted my e-mail!

Virus Name: Rootkit.Win32.Agent.to

Date Detected: 16 Jan 2008 05:21:00 +0300

this is only thing left.. it opens IE pages. and nothing i try removes it.

Try the free version of the following botkiller as it ha a strong ARK capability

It took out C:\WINDOWS\system32\drivers\core.cache.dsk

for AP on this topic yesterday>>>
http://forums.superantispyware.com/viewtopic.php?t=1181

HTH:)

Hi fatdcuk i will try it.. but i already got everything off my pc xcept "Rootkit.Win32.Agent.to" or Rootkit.Agrent as spy doctor pro reads it. i think its impossible to remove!! i found it is NOT a keylogger but a mailware so i am glad i can atleast play my world of warcraft without fear! BUT id really like help on how to remove this crappy thing.

You are correct, your system is infected, and with multiple ones at that. This does not need to be dealt with here in this forum, it can be dealt with quite well in our HJT forum. To get started, I recommend that you follow CastleCops' Malware Removal and Prevention procedure, a new system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Trend_Micro_HijackThis_Logs.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you. If they determine that you do have a rootkit that requires our assistance, you will then be referred back to this forum for more help. This way, you can have your system comprehensively and systematically cleaned of all malware and rootkits if there are any.

NOTE: You MUST be a member here to receive help in our HJT forum. Please join, it is completely free, before you try to post in the HJT Forum.

You might also want to read this to learn more about rootkits:

http://wiki.castlecops.com/Rooting_Out_the_Dangers:_Rootkit_Removal_for_Beginners