Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Wed 29 Jun 2011, 9:14 am

First topic message reminder :

Hi I registered today and ran the checks you have asked.

I however have done these after doing a few bits (Stupidly probably) myself.

The story starts with a pop up asking me to allow it. I said yes as it said it was from microsoft. Then the viruses came.

Originally i was using AVG and it showed win32/zbot - g and VBS Generic viruses were everywhere 8000+

After starting to delete some of these I read it was not the right thing to do. I am unable to use adobe acrobat and celtx (Maybe some other things im not sure).

I ended up uninstalling AVG as it was interfering with malwarebytes which found and deleted 2 infected items. I have also ran superantispyware pro which found and deleted a few things.

However I have now installed Avast and its showing 8000+ viruses affected again. I have conducted this scan in safe mode.

This scan also however doesnt show the zbot or vbs generic viruses anymore instead it shows a whole new crop.

These are:

vbs:exedropper-gen
Win32 Ramnit G
win32 fileinfector - a
win32:vitro
win32:prefploy

I am still in safe mode and will attach the otl/extras/aswMBR/checkup results in a secondary post.

However i must note i'm not sure if it froze/finished or i was impatient but i am not sure if the aswMBR had fully finished.

Any help is really appreciated. Hope to hear from you soon.

Best,

Richard.

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down


Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Thu 30 Jun 2011, 5:33 pm

OK, weŽll try another rootkit scan if GMER doesnŽt work properly.

Please download RootkitUnhooker by EP-X0FF from here and save it to your desktop.
  • You need to unpack this .rar file, for example using WinRar (not a free program) or 7-Zip (free program).
  • After extracting the archive, doubleclick RkU3.8.388.590.exe to run the setup program.
  • Install the tool into a folder with random name, as instructed by the setup program.
  • Close all programs and windows before running this tool.
  • Browse to this folder and double click the randomly named .exe that is in the folder (NOT the unins000.exe) to run RootkitUnhooker.
  • Wait a moment for the user interface to pop up and click the Report tab.
  • Click the Scan button, verify that all options are checked and click OK.
  • During the scan a Select Disks for Scan window will pop up. Select your system disk (usually C:\) and no other disks and hit OK.
  • The files and folders scan will take some time, so please be patient.
  • When finished, choose File > Save Report from the menu and save the report.
  • Please copy & paste the entire report in your next reply. You may need multiple posts for this.


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 6:53 pm

ok i have it in a randomly named folder but when i double clicked it with all windows and programmes shut it came up with this message.

rootkit unhooker has detected a parisite inside itself!

it is reccomended to remove the parisite Ok?

parisite type: unknown remote threat
thread ID: 4572
priority: 8
thread start address:0x7782EC2E
Module: ntdll.dll

It gives the options OK or Cancel

What should I Do?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Thu 30 Jun 2011, 7:46 pm

just click cancel and allow it to run.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 8:45 pm

Ok well it started kinda?

it asked which drive and i selected C

but now it appears to be doing nothing? it's not showing filesbeing scanned or anything? The computer isnt connectedd to the internet. Could this be why it's not doing anything?

It's currently saying:

Please wait while RkU makes a scan youi can stop scan be pressing "cancel"

getting list of files and directories (C:\)

It has also selected the stealth code tab then the Files tab. So it is no longer on the report tab that I had selected.

My dad is wanting to format the laptop to factory settings?Is this a good idea? It seems quite drastic?



canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Thu 30 Jun 2011, 8:52 pm

The "getting list of files and directories (C:\)" takes quite while.
The file scan takes even more.

Just let it run.

And yes, restoring to factory settings seems a bad idea. I think your computer is clean of malware.

WeŽre just making sure with a full blown rootkit scan.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 8:55 pm

ok thankyou.

It does appear to have started. It says disk low but is working.

Will get back to you with the log asap.

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 11:27 pm

It would appear the scan has halted like GMER.

The loading bar has not moved at all for over an hour.

There are lots of items (20 - 30) in the suspect file list with the status's all saying Hidden.

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Thu 30 Jun 2011, 11:32 pm

hmm... can you show me those results in some way?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 11:43 pm

Can i post a photo on here?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Thu 30 Jun 2011, 11:45 pm

you can attach files to posts in e.g. jpg format

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 11:50 pm

there are more on the scroll down but it wont let me touch it as the san progress window bleeps.

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Thu 30 Jun 2011, 11:58 pm

have i uploaded it?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 12:07 am


canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Fri 01 Jul 2011, 12:27 am

OK, nothing of this is hidden malware.

I think you are clean and the slowliness of your computer is not caused by malware. Maybe load some less programs on startup and run a defrag program. Stuff like that can increase the speed.

Most malware is very present in the form of redirects or unsolicited advertisements.

If you really want to run another scan, try something like a antivirus rescue disk. Several exist that you can download & burn, for example Avira.

Any more questions or shall we proceed with closing this case and cleaning up tools we used?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 12:32 am

So ill cancel that scan that seems to have halted yeah?

Ok so I need to unistall/remove a few programmes?

And reinstall Avast? If avast finds anything again like before ill post here yeah?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Fri 01 Jul 2011, 12:36 am

Time to uninstall used tools.
  • Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  • Double click OTL.exe to run it again and click the CleanUp button.
  • Uninstall Rootkitunhooker as well
  • If we used any other tools and they still remain on your desktop, please delete them manually.


Yes, reinstall avast (or any other antivirus you might like). If it finds 7K threats again, let me know

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Fri 01 Jul 2011, 12:38 am

One more thing: you need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 12:46 am

ok ill do these and get back to you soon.

What would you reccomend as a free anti virus? Avast? AVG? or?

Thank you for your help!

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 12:49 am

Ok i cant locate OTL?

or find a way of uninstalling aswMBR and GMER?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 1:04 am

In my task manager is shows 5 seperate firefox.exe processes running? I only have one firefox window open?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Fri 01 Jul 2011, 1:19 am

aswmbr or gmer you just delete from the desktop.

Those extra firefox processes can be killed.

If this problem reproduces IŽd say reinstall firefox. If that doesnŽt solve it, you may need to come back for more.

Check out my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean) for antivirus recommendation, among other things:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware canŽt touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 1:31 am

Avast on restart has stayed on a balck load up screen and is doing a scan it's found lots of win32:prefploy's and ramnit g's?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 1:34 am

it's going crazy finding them every second.exedroppergen's?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on Fri 01 Jul 2011, 5:19 pm

So I am a bit surprised here
Malwarebytes could not find a thing
and Avast! goes nuts.

Lets go for a third opinion.

  • Please download TFC (Temp File Cleaner) by OldTimer from here and save it to your desktop.
  • Close all programs before proceeding with the next step.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that needs to be deleted this can take seconds or up to several minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

WeŽre going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the ESET Online Scanner webpage
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on Fri 01 Jul 2011, 8:52 pm

Hello again,

My dad went along with the complete reformat last night.

It seems clean now.

I do want to ask a couple of things:

1 - reccomendations and tips for enhancing security

2- My dad burned a selection of files/photos/pdfs onto DVD before he re-formatted. How do I know these will be safe?

Thanks for all your help. Have you ever heard of such a bad virus?

canyousmellme

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-06-29
Operating System : windows 7 32 bit

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Sponsored content Today at 4:25 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum