Boss's computer infected, help me oh god :(

[Descent]

Okay, hopefully someone here can help me. If not, I think we're in deep crap

On my boss's computer, we have a cable connection. Using Mcafee Firewall + Virusscan.

The other day, got a virus alert for the life of me I can't remember what it was, but Mcafee said it got rid of it okay. Soon after, the CPU usage shot up to 100% and slowed down the computer massively. It stopped after a while, but today, I can't open Mcafee, every time I try to run virus scan or turn on the firewall it shuts down. I tried to go to the Mcafee.com site, but it says page can't be accessed. I somehow doubt their pag went down and this whatever is causing all this isn't letting me get to the Mcafee site. A process tried to access the internet when I rebooted earlier, winxtc.exe which I denied access to, but is still running and I can't end it. Firewall says it's connected to a remote IP when I can get it to stay open long enough to check. I tried to do a search for the winxtc.exe file, but I discovered I can no longer get into the search for files and folders through the start menu. I also tried to go into my Windows folder to look but alas, I can't see any of my files! It's the same in program files, it says they are there (x amount of folder and size) but I can't see anything. If anyone has any idea if I can fix this, or what to do, I would appreciate a reply as soon as possible! Thanks.

[osprey4]

He's the boss, right? Tell him he's in great shape, the CPU is running at 100%!!

Seriously, though, sounds like a case for Hijackthis:
http://www.snapfiles.com/get/hijackthis.html

The term "winxtc.exe" is showing up all over the Hijackthis forums.

[Detritus]

First try seeing if you can complete a scan here http://housecall.trendmicro.com/hous...start_corp.asp

Also try this virus scanner http://www.grisoft.com/us/us_dwnl7.php

Try this as well http://www.spychecker.com/program/hijackthis.html

[Descent]

The term "winxtc.exe" is showing up all over the Hijackthis forums.

Can you give me a link to the specific forums? I can't seem to find anything. And I downloaded hijackthis, and it keep shutting down on me to!

[Descent]

Okay, I just rebooted and Mcafee grabbed it this time. All better now. Watch out for that damn winxtc.exe crap :|

[osprey4]

Quote:

Originally Posted by Descent

Okay, I just rebooted and Mcafee grabbed it this time. All better now. Watch out for that damn winxtc.exe crap :|

I'll mention it to my boss.

[Redwolf]

It has a name:

WORM_AGOBOT.WD
http://www.trendmicro.com/vinfo/viru...WORM_AGOBOT.WD

Quote:

This worm has backdoor capabilities. It executes commands sent in via Internet Relay Chat (IRC) and can be used to launch as denial of service attack against specified target sites.

It terminates certain antivirus processes and files dropped by other malware. It steals the CD keys of popular game applications.

It modifies the HOST file so that any access to specific antivirus Web sites is redirected to the local machine.

[nomaxim]

We have a poster in our office that says something like this,

Quote:

We have the most up to date Anti-spyware and Anti-virus software, but we forgot about Ruth in accounting!

[filipino]

do housecall over at trendmicro since only trendmicro doing the job right
http://www.trendmicro.com/vinfo/viru...WORM_AGOBOT.WD