Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I can't seem to find the root file for this trojan/worm.
When it's activated, I have vadasq.exe and asfqw.exe in my tasks.
Using hijackthis, I remove them, restart, and delete them.
They continually returned.
So, I used filemon and found that vagistisk.exe was self extracting asfqw.exe which in turn created vadasq.exe
Also, I noticed that MS Tasks was running at27.job in the tasks directory which ran vagistisk.exe
So, I deleted all the tasks and disable ms tasks.
However, Vagistisk.exe is created within 30 minutes of its removal.
This is where I'm stumped. Filemon claims it is created by the process "system:8" which does things like writes to pagefile.sys, etc. which I'm assuming is a very general process name.
I've searched for vagistisk.exe on google, I've scanned my computer with ad-aware, spybot, housecall, and symantec antivirus and nothing has picked up vagistisk or whatever is creating it.
I'm planning on reformating, but would be more comfortable knowing what's happening in the first place.
Thanks
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
forgot to mention some important info.
When activated, it uses all my bandwidth (surprise).
I'm running windows 2000
all the exes I've mentioned are found in winnt\system32\
I have previously been infected with the virus that uses softload.exe and p4yl0ad as some of its major components but haven't seen a reoccurance of those files.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top