GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

win32/Zbot hellllllllllp please!!!

View previous topic View next topic Go down

win32/Zbot hellllllllllp please!!!

Post by booster76 on Mon Feb 21, 2011 7:32 pm

Hi i have registered here in the hope that you guys can help me remove a dreaded virus. I have AVG installed yes its the free edition but it didnt stop this virus getting thru, i have run malwarebytes and that removed 7 problems and a few others since i have run it again (safe mode) i have also down loaded a trojan remover and this has no effect. This virus is also chomping its way through various program files stopping them from working. Here is a log i saved from malewarebytes.

Thanks for any help Guys David......

win32/Zbot.

VBS/generic

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5796

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21/02/2011 12:33:02
mbam-log-2011-02-21 (12-33-02).txt

Scan type: Quick scan
Objects scanned: 151986
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\local settings\Temp\utt19.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/02/2011 14:41:36
mbam-log-2011-02-18 (14-41-36).txt

Scan type: Quick scan
Objects scanned: 153377
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\start menu\Programs\Startup\mihexxtl.exe (Spyware.Zbot) -> Delete on reboot.
c:\documents and settings\administrator\start menu\Programs\Startup\mihexxtl.exe (Spyware.Zbot) -> Quarantined and deleted successfully.




booster76
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2011-02-21
OS : xp
Points : 21128
# Likes : 0

View user profile

Back to top Go down

Re: win32/Zbot hellllllllllp please!!!

Post by Crush on Mon Feb 21, 2011 9:11 pm

Hi David,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: win32/Zbot hellllllllllp please!!!

Post by booster76 on Tue Feb 22, 2011 12:36 pm

Hi thanks for the help but i cannot access internet explorer now at all so am reading this reply via a doner pc which has a fan like a bus and pretty annoying any ideas David....

Managed to download mozilla to get on net and wont let me open combo keep getting this message

File not found

Firefox can't find the file at [You must be registered and logged in to see this link.]








* Check the file name for capitalization or other typing errors.

* Check to see if the file was moved, renamed or deleted.

still at a loss.........

booster76
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2011-02-21
OS : xp
Points : 21128
# Likes : 0

View user profile

Back to top Go down

Re: win32/Zbot hellllllllllp please!!!

Post by Crush on Tue Feb 22, 2011 6:42 pm

Can you put the file on to removable media like a blank CD and copy it over to the infected machine?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum