worm agobot.pu

please help me please im from chile i need help with this virus plisssss!!!

[Jooske]

Hi there, please read this thread from the beginning, install and scan with TDS from www.diamondcs.com.au and let us know how it goes.

I have been following the suggestions posted and did the scan. I know I have the agobot b/c I get a pop-up window everytime I start my computer that says I do and tells me to run the AVG scan. I got these alarms when I scanned, but I'm afraid to remove them. I need to know if they are safe to delete out of my computer (I was told by a friend that deleting things from this area is dangerous) and how to delete them then. Does a right click and delete registry entry do it for me or are there additional steps I need to take.

Alarms:
Scan Control Dumped @ 13:58:42 23-08-04
RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Microsoft Update=Microsoft.exe]

RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [Microsoft Update=Microsoft.exe]

RegVal Trace: Suspicious: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [scvhost=scvhost.exe]

RegVal Trace: Suspicious: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [scvhost=scvhost.exe]

Positive identification (DLL): Adware.OTXMedia (dll)
File: c:\windows\downloaded program files\otxmedia.dll

I don't know if this is a side effect of this but my CD-RW drive pops in and out all the time. My uncle downloaded the AVG for me to stop it, but after he left it started doing it again (of course). Please help I don't want to wipe out my computer!

[illukka]

tell me what is your OS?

use the task manager to kill the worm processes=Microsoft.exe and scvhost.exe

or let tds handle them, these are no false positives..

right click a detection to see optons

[Gavin - DiamondCS]

Try to delete those startups with Autostart Explorer first - press CTRL-A to bring it up, then right-click and delete the startups detected..

Microsoft Update=Microsoft.exe (2 of these)
scvhost=scvhost.exe (2 of these)

If they reappear then try rebooting into Safe Mode and delete them there. It would be appreciated if you find the files themselves (Microsoft.exe, scvhost.exe) and scan them. If not detected, send them to submit@diamondcs.com.au so we can add detection

OS is Windows XP
Autostart (Ctrl+A) was very confusing! It contained more than just the 4 files and I don't want to delete anything out of it b/c I didn't understand what any of it meant. I did find the files (I think) under C:\Documents and Settings\ (2 under my name, 2 under my husbands name) The were listed as applications. There was another one:
RUN+[SCVHOST=SCVHOST.EXE] v5.windowsupdate.microsoft (v5.windowsupdate.microsoft.com)
I couldn't pinpoint where this one came from.

I tried scanning the ones in Docs & Sets, but Wormguard and TDS-3 never scanned either and AVG says there are no suspicious things in there.
Then I scanned both folders (mine and his) and the same 4 things came up with an additional thing. It said
Stream found - c:\documents and settings\sharron\ftlr3\ftlsetup.exea box thing like below)Summary Information
When I looked at it in notebook to copy and paste it here I got this:
ԁȀ Ā 鿲累栐ꮑࠀ⬧동　 ⠀ Ȁ Ā ᠀ €  Ȁ  ጀ ऄ
What is a Stream? I download clipart and tubes and wallpapers from the internet all the time, I don't know if this was something I downloaded on purpose or not.

[Miss Smiffy]

This thread was very informative, but a scan of my PC found a variant " agobot.v2 ".>Will the removal tool along with the suggestions rid my PC of this particular one?>I have Windows XP SP2 Home Edition.> Also, just a note, the IE icon in my address bar is gone.>A picture of the chip is showing.>But, the IE icon is present by the downloading info.>Any ideas on why ?>>>I learn lots from keeping track to answers on similar problems I have and therefore have not requested assistance, but this I had to as for help.