Author Topic: WIN32:Agent-RNK [Trj]  (Read 4525 times)

0 Members and 1 Guest are viewing this topic.

lexiebell

  • Guest
WIN32:Agent-RNK [Trj]
« on: February 11, 2008, 11:57:06 PM »
Does anyone recognize this virus? Can anyone tell me how to get rid of it. There are probably 100+ files which I was able to move to the chest. When the software scanned the computer and notified me, it was unable to repair, so I moved all to the chest. One of the options was to delete the files, but I was not sure about that option. The files read:
AO106653.exe c:\System Volume Information\_restore{F2681A7D-91E5-40HA-AC8B015335799DCO}\RP950. It starts at AO106653.exe and goes to AO114321.exe.
At the end of these files are two files that read:
autobar.exeC:\documents and settings\default user\start menu\programs\startup
autokit.exe C:\hp\bin

I am running Windows XP; Avast version 4.7 home edition.

Any suggestions would be appreciated.


nicholas1701

  • Guest
Re: WIN32:Agent-RNK [Trj]
« Reply #1 on: February 16, 2008, 02:24:31 AM »
I too have gotten this virus. About 68 files were infected and I moved them to the chest, including autotbar.exe and autotkit.exe, same as lexiebell.

The first file is A0288333.exe in C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP803. There are about 60 or so files like this, plus a few OrCAD program files and one called DC1.exe.
I have tried searching for information with Google and this forum but I haven't seen anything about this win32:agent-rnk trojan.

I'm also getting a runtime error every time I try to generate a VRDB. It states "the application has requested the Runtime to terminate it in an unusual way." I tried to repair avast by going to add/remove programs. Can these two problems be related?

I'm running Windows XP SP2 with Avast 7.7 Pro edition.

Any help will be greatly appreciated. Thanks.

taff1001

  • Guest
Re: WIN32:Agent-RNK [Trj]
« Reply #2 on: February 16, 2008, 05:26:07 AM »
I also picked up this virus the other day.  I now have about 20 files in the Avast chest including autotbar.exe and autotkit.exe.  I am now having problems staying connected to the internet and I keep getting error messages when I try to open my Yahoo mail.  I sure could do with some help on this.  Running Windows XP and Avast 4.7 Home edition.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: WIN32:Agent-RNK [Trj]
« Reply #3 on: February 16, 2008, 05:50:58 AM »
Did you sbmit the files to www.virustotal.com to see if other scanners detected anything. This may be a false positive.

If it's in the chest you will have to extrat it to a temporary location and submit it from there.


http://exelib.com/exe/299  autokit.exe

http://www.processlibrary.com/directory/files/autotbar
« Last Edit: February 16, 2008, 05:53:59 AM by oldman »

nicholas1701

  • Guest
Re: WIN32:Agent-RNK [Trj]
« Reply #4 on: February 20, 2008, 05:11:34 AM »
I uploaded a couple of my infected files to that site you gave a link for, oldman, and about four others said it was infected with the virus. Having had a backup of my hard drive on an external for just in case, I deleted the infected files in my chest.

However, I still have a Runtime Error trying to generate a VRDB. I searched for help on this but came up empty. Can another program be interfering with Avast causing this error? Or is it some kind of bug or something?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: WIN32:Agent-RNK [Trj]
« Reply #5 on: February 20, 2008, 01:39:01 PM »
However, I still have a Runtime Error trying to generate a VRDB. I searched for help on this but came up empty. Can another program be interfering with Avast causing this error? Or is it some kind of bug or something?
Are you logged as the administrator of the computer?
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
If this does not help, can you uninstall / boot / install / boot again?
The best things in life are free.

lexiebell

  • Guest
Re: WIN32:Agent-RNK [Trj]
« Reply #6 on: February 21, 2008, 02:03:54 AM »
A few questions: What is a VRDB?
How do I go about extracting the files to a temporary location to submit to www.virustotal.com? Do you mean to create a temporary folder somewhere on my hard drive or desktop, copy the files to the folder and then transmit the files from that folder?
Is there on place on the Avast website to send the files to for review?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: WIN32:Agent-RNK [Trj]
« Reply #7 on: February 21, 2008, 02:11:38 AM »
A few questions: What is a VRDB?
It stores the necessary info to restore executables (*.exe, *.com) files.
VRDB is not a backup system, the stored information is very small (not the whole files).
Besides, only Win32 executables are processed.
The VRDB data are stored in <avast>\Data\Integ\avast.int
So it's not a backup utility, but a restore feature of avast.

How do I go about extracting the files to a temporary location to submit to www.virustotal.com?
From VRDB? Impossible...

Is there on place on the Avast website to send the files to for review?
virus@avast.com
The best things in life are free.

nicholas1701

  • Guest
Re: WIN32:Agent-RNK [Trj]
« Reply #8 on: February 21, 2008, 06:28:53 AM »
How do I go about extracting the files to a temporary location to submit to www.virustotal.com? Do you mean to create a temporary folder somewhere on my hard drive or desktop, copy the files to the folder and then transmit the files from that folder?

Yeah, that's pretty much what I did. I extracted the infected files from the chest to an old travel drive (I just wanted to be extra careful), then uploaded that file to virustotal.com. For what it's worth, I deleted all the infected files and haven't had any problems so far.

Tech, I have the pro edition. If I uninstall, will I have to re-enter my license key again? I can guess the answer to that question but I just want to make sure. And is the uninstall utility the best way to go? Or Add/Remove good enough?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: WIN32:Agent-RNK [Trj]
« Reply #9 on: February 21, 2008, 08:11:23 AM »
@lexiebell

Create a folder on your desktop, right click the desktop and select new, select folder. Name the folder something you can remember.

Open the chest, click on the infected files button. Right click on the file you want to test and select extract. In the box that appears navigate to the folder you created on your desk top, click ok. A copy of the file will now be in the folder.

Go to virustotal, use the browse button on there to navigate to the folder on the desktop and the file in it, click ok. The file will be listed in the box, click send. Wait for the results.

If it's clean, go back in the chest, this time when you right click it, select restore. Delete the file from your desktop. and empty the recycle bin.