Preventing rootkit.agent

[tony cooper]

I seem to be attacked frequently by the browser search engine
highjacker rootkit.agent at windows\system32\sysaudio.sys. I can
remove it with Malwarebytes Anti-Malware, but I would like to be able
to prevent future infestations.

I'm using WindowsXP and AVG Anti-Virus and, usually, Firefox as a
browser. I do use IE sometimes, but Firefox seems more prone to
catching this bug.

Is there a suggested program for resisting rootkit.agent? Preferably
free.

 

[tony cooper]

From: "tony cooper" <[email protected]>

| I seem to be attacked frequently by the browser search engine
| highjacker rootkit.agent at windows\system32\sysaudio.sys. I can
| remove it with Malwarebytes Anti-Malware, but I would like to be able
| to prevent future infestations.

| I'm using WindowsXP and AVG Anti-Virus and, usually, Firefox as a
| browser. I do use IE sometimes, but Firefox seems more prone to
| catching this bug.

| Is there a suggested program for resisting rootkit.agent? Preferably
| free.

| --
| Tony Cooper - Orlando, Florida

Was it MBAM that defind this trojan as "rootkit.agent" ?

I'm not sure. When I started noticing that my browser was being
highjacked, I started searching for info on rootkit.agent. MBAM was
one of the programs that I found that would find it. Now, when the
problem starts (search results in hits for the subject, but links to
other sites), I can run MBAM and it will turn-up rootkit.agent and
kill it. The problem goes away until it comes back.

Please submit a sample of "sysaudio.sys" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

How do I do that? I'm not sure how I *get* a sample.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

This we can see what anti virus vendor recognises this trojan and that information can be
used to get you better protected as well as Alwil (Avast) will then get a sample such that
they can generate signatures for it.

All new to me. First time I've had a virus-type thing. The websites
I visit are mostly hobby-connected photography sites (Not *that*
kind!) and some individual pages from links in photography newsgroups.
All very tame stuff. I never personally open email that is not from a
known source, but my wife gets some forwarded inspirational stuff from
elderly relatives.

 

[The Real Truth MVP]

Use Avast www.avast.com

 

[ToddJ]

Use Avastwww.avast.com

--
The Real Truthhttp://pcbutts1-therealtruth.blogspot.com/








- Show quoted text -

Root kits are nasty and hard to remove sometimes. Try some of the
links below for free software.

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx - MS
root kit detector.

http://www.f-secure.com/security_center/ - scroll to downloads at the
bottom and look for Blacklight.

http://wiki.castlecops.com/Lists_of_freeware_antirootkit

http://www.virushackerfreeinanhour.com/root-kit.html