Should I delete this file agp440.sys?
in [Windows Viruses]
|
From: David H. Lipman on 2 Oct 2009 15:43 From: "FromTheRafters" <erratic @nomail.afraid.org> | "rock" <1940(a)pobox.com> wrote in message | news:udpjhHwQKHA.5052(a)TK2MSFTNGP06.phx.gbl... | Yikes! | Did you have any other infections recently (like antivirus pro 2010) | that was incompletely removed? | You may have a rootkit preventing some antimalware programs from seeing | and completely removing new malware. | Try GMER and followup with MBAM, SAS and MSRT. | Sometimes one malware instance can download and execute some others. | Then your detection/removal programs alert you to and offer to remove | what it can detect of the original and the additional malware - it can | miss some of the *new* malware. | Antimalware programs try to be as comprehensive as they can within their | malware arena, but it is *still* a little like using a fishnet to keep | out mosquitoes. I agree with what was posted here. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: rock on 2 Oct 2009 22:26
David H. Lipman wrote: > From: "FromTheRafters" <erratic @nomail.afraid.org> > > | "rock" <1940(a)pobox.com> wrote in message > | news:udpjhHwQKHA.5052(a)TK2MSFTNGP06.phx.gbl... > > | Yikes! > > | Did you have any other infections recently (like antivirus pro 2010) > | that was incompletely removed? > > | You may have a rootkit preventing some antimalware programs from seeing > | and completely removing new malware. > > | Try GMER and followup with MBAM, SAS and MSRT. > > | Sometimes one malware instance can download and execute some others. > | Then your detection/removal programs alert you to and offer to remove > | what it can detect of the original and the additional malware - it can > | miss some of the *new* malware. > > | Antimalware programs try to be as comprehensive as they can within their > | malware arena, but it is *still* a little like using a fishnet to keep > | out mosquitoes. > > > > I agree with what was posted here. > Thank you guys for your time and advice. Sorry about the multi posting and I understand the reasons. To finalise it all so it shows a resolve.. I did rename alg400.sys file to .old and there no was difference so I bit the bullet and removed it to quarantine. Both files also noticed a 7758ql.exe file which I also gave to quarantine. After the last quarantine, XP closed and warm booted. I noticed a slight speed up in the box at that stage as well. At the moment the box is up and running without the agp440.sys in /drivers/ however it is in the /SoftwareDistribution/ dir. Yes did the VirusTotal thing as well. A great free service. I do also have.. SpywareBlaster, Spyware Terminator, SysProt, HiJack this, procexp, Ad-Aware, Security Check and RootRepleal. All have been helpful in letting me know some of what is happening. I eventually got a reply the from SpywareWarriors forum and they have done an excellent and thorough job diagnosing my box and we are just about through showing a clean system!! He has suggested to move the agp440.sys from /software/ to /drivers/ when he is ready. Box speed is up tremendously and so are my 'spirits'. It sure is a heavy load when these things happen, especially when the box is so importantly used for business 16 hours a day. This box is using ftp much of the day to our clients sites and we had been breached through ftp somehow. We had several sites which had all index files across the sites changed, some with those iframes pointing to a site with a ru extension. We checked the ftp log and I did an IP search and found they were from Slovenia, Romania, Netherlands, Sweden, Hungary and all points east so it seems. They must have been using some proxy or something as they were all uploading the new index files within seconds of each other. Anyway, that some my gossip!! Thanks again guys. It is always good to know that there are some who balance up the evil on the Internet. oz from downunda :-) |