Rootkit.Win32.Agent.pp is a harmful Trojan that can hide its presence on the computer utilizing rootkit functionality. Rootkit is a technology developed by virus authors that enables a presence of malware on the system while hiding its occurrences to users and security application. Once executed, Win32.Agent.pp it will create a copy of itself on Windows system directory as ‘ctl_w32.sys’. The file is launched on Windows start-up via own registry integrated to compromised computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Rootkit.Win32.Agent.pp primarily spread through spam operation. It is either in the form of email or Internet campaign. To be specific, Rootkit.Win32.Agent.pp role is to fetch other malware that cannot be distributed over the said campaign. Being small in size and able to escape antivirus detection, Rootkit.Win32.Agent.pp can easily fit email attachment. Authors of this Trojan also embed the code into downloadable executable files that are mostly hosted on unsecured file-sharing networks.
Rogue Programs and Rootkit.Win32.Agent.pp
There are occasions that Rootkit.Win32.Agent.pp will appear as a threat detected by rogue programs like AntiMalware, PC Scout and others. During this occurrence, you don’t need to worry on the presence of Rootkit.Win32.Agent.pp, the Trojan is not active on your computer. But this doesn’t justify an uncontaminated PC. In fact, you must deal with the mentioned rogue applications with highest priority.
Fake security messages that will pop-up may contain messages that are similar to the following:
AntiMalware detected the virus of the harmful program on your computer!
Internet Explorer is infected with worm Rootkit.Win32.Agent.pp This worm can harm your computer.
PC Scout detected the virus or the harmful program on your computer!
Internet Explorer is infected with worm Rootkit.Win32.Agent.pp. This worm can harm your computer.
How to Remove Rootkit.Win32.Agent.pp
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Rootkit.Win32.Agent.pp
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Rootkit.Win32.Agent.pp without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
Automatic Removal of Rootkit.Win32.Agent.ppIn order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Alternative Removal Method for Rootkit.Win32.Agent.pp
Option 1 : Use Windows System Restore to return Windows to previous state
If Rootkit.Win32.Agent.pp enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Rootkit.Win32.Agent.pp infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.