Rootkit reinfection?

After stupidly opening an exe in an email, I got infected by Trojan.W32.Beagle, which disabled my AV (avast!), and prevented it being installed.

I ran the AVG antirootkit and it found this

I then used combofix to remove the malware, and it removed everything except -
C:\WINDOWS\System32\Drivers\aghslwes.SYS

After rebooting, I reinstalled avast! and ran a boot scan which it passed, however, eveytime i run AVG antirootkit, it comes up with an infected file like 'aghslwes.SYS' - and if I clean it and then reboot, there will be another file there with a different name.

eg: C:\WINDOWS\System32\Drivers\ancmq6f7.SYS

Does anyone know how to get rid of this?

Thanks

ps: I realise that a drive image would have solved all my problems, but I hadn't gotten round to it yet, and deleting the partition and formatting then reinstalling the OS (XP pro) and software would take days.

 

Maybe FileASSASSIN or Pocket Killbox can remove it. However, to be safe I suggest you consult an expert instead. Post a hijackthis log in one of the forums listed here.

thanatos

 

I see that posting unsolicited logs is expressly forbidden.

I'll go elsewhere. thanks for replying though.

 

Here is how Symantec recommends removal

http://www.symantec.com/security_response/writeup.jsp?docid=2006-032316-2221-99&tabid=3

 

I'd already removed Beagle.

Anyway, got it fixed in another forum, wasn't malware after all, lol!

 

Glad to here that everything is fine now . So the file you were trying to remove was actually legitimate?

thanatos