NewExe.Exe Worm_Agobot.AD

zephra · Jun 16, 2006

Any one ever heard of this?NewExe.Exe Worm_Agobot.AD.Trend Micro Could not quarantine or delete.I ran ewido on one client machine and it deleted it.Not sure if it came back(Client Traveling)
Second Client had it today.Noticed NEWEXE.EXE in the Microsoft/Windows?Run Keys in Reg edit deleted it and ran Ewido quick scan in safe mode.Nothing detected.
Computer is still responding the same.CPU usage goes to 100% to 10%.Mouse locks up along with Task Manager At 100%.Internet explorer causes it really to peak and locks up.I know on monday i have to do everything that the Sticky suggests.(Spybot found Alexa related in safe mode 1 entry)Hijack this analysis on those web sites only found a url hook which I fixed.Still have this issue.Anyone think this Bot is flooding my TCP Ports???Anyone ever used TCP View??
Is this a new one??The info on google says it is(First detectedJune 6th) and some sites say it is a year old.
Any Thoughts??

Thanks,
-Z-

zephra · Jun 16, 2006

Come on...Someone humor me
I have cleaned many computers with the help of this web site.I have gone home today from work with my head in the sand.

zephra · Jun 16, 2006

Zephra,
These issues have a way of working themselves out.Don't get nervous.It does not matter that all week u have been trying to set up older computers for others to use...even though it is not your job....maybe you are causing the problem....my computer worked yesterday....why does it not work now......I can't get it to print...Ms exchange is not working...Windows Authentication won't let me log into the domain...Do we have any spare ink jet printers?Why do I save everything to C: and expect it to all go to my new computer??
Where in the World is NICK BURNS!!!!!!

zephra · Jun 16, 2006

Zephra,
Calm down...
You think you are Nick burns but you are not.
Nick Burns is a malware fighter.Nick Burns has the power of MOVE!!

Ted Capers
Diversified Manufacturing of Manufacturing Goods of America

chaslang · Jun 17, 2006

The more times you make posts that add nothing to your original message just to get it bumped causes you to lose you turn in the queue and makes it take even longer to get an answer. You should have just read the sticky threads and started performing the steps as required.

Yes I have seen this before. Probably as far back as January of 2006. It is not that new but could be just starting its rounds again.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender

Panda Scan

HijackThis

.

Log in or Sign up

NewExe.Exe Worm_Agobot.AD

zephra Private First Class

zephra Private First Class

zephra Private First Class

zephra Private First Class

chaslang MajorGeeks Admin - Master Malware Expert Staff Member