agobot nightmares...

[lorne]

hi all,
just looking for some insight... a friends computer was infected with the
agobot worm. it was hell to get rid of. after a thorough cleaning with
several antivirus scanners/trojan scanners, i got the system cleaned. my
son tested the computer all weekend long. no warnings at all. gave the
computer back to my buddy. within several hours, he called me to tell me
that the agobot infection is back. how could this be? could my buddy be
using msn messenger, aol's instant messenger and icq (all at the same time).
Is this where the worm comes from? is there a sure-fire way to remove this
worm? does the hard drive need to be formated to clean it up?

thanks for any and all suggestions/comments

 

[Carey Frisch [MVP]]

Yes, some viruses infect a PC via a messenger program!

The nasty little virus could be hiding in System Restore.
Turn off System Restore, reboot, and run a virus scan again.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

You may wish to try the Panda ActiveScan Free Online Scanner.
Just click on the "Scan your PC" box.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also, was a good, up-to-date, antivirus program installed?

3 Steps to Help Insure Your PC is Protected
http://www.microsoft.com/security/protect/

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------------------


| hi all,
| just looking for some insight... a friends computer was infected with the
| agobot worm. it was hell to get rid of. after a thorough cleaning with
| several antivirus scanners/trojan scanners, i got the system cleaned. my
| son tested the computer all weekend long. no warnings at all. gave the
| computer back to my buddy. within several hours, he called me to tell me
| that the agobot infection is back. how could this be? could my buddy be
| using msn messenger, aol's instant messenger and icq (all at the same time).
| Is this where the worm comes from? is there a sure-fire way to remove this
| worm? does the hard drive need to be formated to clean it up?
|
| thanks for any and all suggestions/comments

 

[lorne]

thanks carey,
been there done that!
system restore was off, av scanned (avg free + housecall). system was
clean. turned system restore back on. rebooted, rescanned, and tested over
the weekend, Clean! returned the computer and .... bang, it was back.
friend said he didnt do anything out of the ordinary (other than all the
chat programs running).

 

[lorne]

will installing a router be a good firewall?

 

[Hilary Karp]

Is he using a firewall?

thanks carey,
been there done that!
system restore was off, av scanned (avg free + housecall). system was
clean. turned system restore back on. rebooted, rescanned, and tested over
the weekend, Clean! returned the computer and .... bang, it was back.
friend said he didnt do anything out of the ordinary (other than all the
chat programs running).

 

[Guest]

I have been VERY successful removing the AGOBOT virus using the free PC scan from trendmicro.com......it finds and allows you to delete what appears to be ALL forms of AGOBOT. I uninstalled Norton security first. Removed the AGOBOT, turned System Restore OFF, reinstalled Norton - scanned in the Safe Mode, then, turned System Restore ON. I don't know if I had to do all that - but it worked!