Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I can't seem to find the root file for this trojan/worm.
When it's activated, I have vadasq.exe and asfqw.exe in my tasks.
Using hijackthis, I remove them, restart, and delete them.
They continually returned.
So, I used filemon and found that vagistisk.exe was self extracting asfqw.exe which in turn created vadasq.exe
Also, I noticed that MS Tasks was running at27.job in the tasks directory which ran vagistisk.exe
So, I deleted all the tasks and disable ms tasks.
However, Vagistisk.exe is created within 30 minutes of its removal.
This is where I'm stumped. Filemon claims it is created by the process "system:8" which does things like writes to pagefile.sys, etc. which I'm assuming is a very general process name.
I've searched for vagistisk.exe on google, I've scanned my computer with ad-aware, spybot, housecall, and symantec antivirus and nothing has picked up vagistisk or whatever is creating it.
I'm planning on reformating, but would be more comfortable knowing what's happening in the first place.
Thanks
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
forgot to mention some important info.
When activated, it uses all my bandwidth (surprise).
I'm running windows 2000
all the exes I've mentioned are found in winnt\system32\
I have previously been infected with the virus that uses softload.exe and p4yl0ad as some of its major components but haven't seen a reoccurance of those files.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top