[求救] RKIT/Agent.aago root kit
1. 敘述問題:
我的作業系統是Vista 前幾天開始發生無法關機之狀況
使用小紅傘掃了之後 有掃到 RKIT/Agent.aago root kit
但無法刪除 有使用 EFix 但也無法刪除 出現下面文字
Begin scan in 'C:\' <S3A6591D005>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Windows\System32\drivers\myifm.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.aago root kit
[WARNING] The file could not be opened!
Begin scan in 'F:\'
Beginning disinfection:
C:\Windows\System32\drivers\myifm.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.aago root kit
[WARNING] An error has occurred and the file was not deleted. ErrorID:
26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[WARNING] The file could not be marked for deleting after reboot. Error
description: 附加到系統的某個裝置失去作用。
請問這有關係嗎??
2. 系統資料:
Vista
3. 分析報告:
EFix:http://sun.cis.scu.edu.tw/~92a39/upload/37808.txt
Combofix:http://sun.cis.scu.edu.tw/~92a39/upload/37809.txt
hijackthis:http://sun.cis.scu.edu.tw/~92a39/upload/37810.txt
Sreng2:http://sun.cis.scu.edu.tw/~92a39/upload/37811.txt
感謝協助 ><"
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 220.129.234.205
→
01/01 00:54, , 1F
01/01 00:54, 1F
※ 編輯: rodmantw 來自: 220.129.234.205 (01/01 01:06)
→
01/01 01:07, , 2F
01/01 01:07, 2F
※ 編輯: rodmantw 來自: 61.223.193.23 (01/01 10:54)
※ 編輯: rodmantw 來自: 61.223.193.23 (01/01 11:00)
→
01/01 18:34, , 3F
01/01 18:34, 3F
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
