| Other > Viruses and worms |
| Win32:Agent-KDC [Trj] how to remove!! |
| (1/2) > >> |
| teen:
Hi, In the past cpl days I've been getting an avast warning of this trojan, and that it is in Deflib.sys file in my windows 32 folder. I have tried deleting it when it shows up in avast, and have ran a scan in safe mode and turned off my system restore, but it still comes up when I rescan again. I have placed it in the chest for now and it hasnt given me any trouble, but I know it is still in my system and would like to know how to get it out. I've tried googling the trojan but came up with little in english about it. Thanks for your help...I am running windows XP. |
| DavidR:
I think you mean the system32 folder rather than windows 32 folder. You say you have tried to delete, etc. but it comes back, this is most certainly because it is (from a google search on the file name) a rootkit, which may be hiding other files, these may be restoring things. http://www.bleepingcomputer.com/startups/DefLib.sys-19681.html --- Quote ---This file is a rootkit and may be hiding other files, processes, and registry entries on your computer. --- End quote --- Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools. - Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip. - AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5. |
| teen:
thanks for your information! I hope I can get rid of it |
| DavidR:
No problem, welcome to the forums. Check the other information on the bleepingcomputer.com link I gave (there are other links on that page that may give more information) for any associated files, and especially any SysLibrary startup entry. Windows Start, Run, type msconfig, Startup tab and uncheck any entry (you can delete the entry later if there are no issues after a reboot, etc.). |
| franz123:
I have same problem too, every time I start computer avast on-scanner detect this kind of rootkit and I choose to move it to chest, this rootkit still exist..I have already try many anti-rootkit software but still can't detect & get rid this thing!!! ??? Is there any solution to remove this kind of rootkit....many thanks!!! |
| Navigation |
| Message Index |
| Next page |