Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 6:33 am

OK, weŽll try another rootkit scan if GMER doesnŽt work properly.

Please download RootkitUnhooker by EP-X0FF from [You must be registered and logged in to see this link.] and save it to your desktop.
  • You need to unpack this .rar file, for example using [You must be registered and logged in to see this link.] (not a free program) or [You must be registered and logged in to see this link.] (free program).
  • After extracting the archive, doubleclick RkU3.8.388.590.exe to run the setup program.
  • Install the tool into a folder with random name, as instructed by the setup program.
  • Close all programs and windows before running this tool.
  • Browse to this folder and double click the randomly named .exe that is in the folder (NOT the unins000.exe) to run RootkitUnhooker.
  • Wait a moment for the user interface to pop up and click the Report tab.
  • Click the Scan button, verify that all options are checked and click OK.
  • During the scan a Select Disks for Scan window will pop up. Select your system disk (usually C:\) and no other disks and hit OK.
  • The files and folders scan will take some time, so please be patient.
  • When finished, choose File > Save Report from the menu and save the report.
  • Please copy & paste the entire report in your next reply. You may need multiple posts for this.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 7:53 am

ok i have it in a randomly named folder but when i double clicked it with all windows and programmes shut it came up with this message.

rootkit unhooker has detected a parisite inside itself!

it is reccomended to remove the parisite Ok?

parisite type: unknown remote threat
thread ID: 4572
priority: 8
thread start address:0x7782EC2E
Module: ntdll.dll

It gives the options OK or Cancel

What should I Do?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 8:46 am

just click cancel and allow it to run.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 9:45 am

Ok well it started kinda?

it asked which drive and i selected C

but now it appears to be doing nothing? it's not showing filesbeing scanned or anything? The computer isnt connectedd to the internet. Could this be why it's not doing anything?

It's currently saying:

Please wait while RkU makes a scan youi can stop scan be pressing "cancel"

getting list of files and directories (C:\)

It has also selected the stealth code tab then the Files tab. So it is no longer on the report tab that I had selected.

My dad is wanting to format the laptop to factory settings?Is this a good idea? It seems quite drastic?



canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 9:52 am

The "getting list of files and directories (C:\)" takes quite while.
The file scan takes even more.

Just let it run.

And yes, restoring to factory settings seems a bad idea. I think your computer is clean of malware.

WeŽre just making sure with a full blown rootkit scan.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 9:55 am

ok thankyou.

It does appear to have started. It says disk low but is working.

Will get back to you with the log asap.

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 12:27 pm

It would appear the scan has halted like GMER.

The loading bar has not moved at all for over an hour.

There are lots of items (20 - 30) in the suspect file list with the status's all saying Hidden.

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 12:32 pm

hmm... can you show me those results in some way?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 12:43 pm

Can i post a photo on here?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 12:45 pm

you can attach files to posts in e.g. jpg format

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 12:50 pm

there are more on the scroll down but it wont let me touch it as the san progress window bleeps.

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 12:58 pm

have i uploaded it?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 1:07 pm

[You must be registered and logged in to see this link.]

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 1:27 pm

OK, nothing of this is hidden malware.

I think you are clean and the slowliness of your computer is not caused by malware. Maybe load some less programs on startup and run a defrag program. Stuff like that can increase the speed.

Most malware is very present in the form of redirects or unsolicited advertisements.

If you really want to run another scan, try something like a antivirus rescue disk. Several exist that you can download & burn, for example [You must be registered and logged in to see this link.].

Any more questions or shall we proceed with closing this case and cleaning up tools we used?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 1:32 pm

So ill cancel that scan that seems to have halted yeah?

Ok so I need to unistall/remove a few programmes?

And reinstall Avast? If avast finds anything again like before ill post here yeah?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 1:36 pm

Time to uninstall used tools.
  • Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  • Double click OTL.exe to run it again and click the CleanUp button.
  • Uninstall Rootkitunhooker as well
  • If we used any other tools and they still remain on your desktop, please delete them manually.


Yes, reinstall avast (or any other antivirus you might like). If it finds 7K threats again, let me know Smile

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 1:38 pm

One more thing: you need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to [You must be registered and logged in to see this link.], click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 1:46 pm

ok ill do these and get back to you soon.

What would you reccomend as a free anti virus? Avast? AVG? or?

Thank you for your help!

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 1:49 pm

Ok i cant locate OTL?

or find a way of uninstalling aswMBR and GMER?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 2:04 pm

In my task manager is shows 5 seperate firefox.exe processes running? I only have one firefox window open?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 30th June 2011, 2:19 pm

aswmbr or gmer you just delete from the desktop.

Those extra firefox processes can be killed.

If this problem reproduces IŽd say reinstall firefox. If that doesnŽt solve it, you may need to come back for more.

Check out my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean) for antivirus recommendation, among other things:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware canŽt touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • [You must be registered and logged in to see this link.]. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • [You must be registered and logged in to see this link.] has received great reviews from leading security analysts.
  • [You must be registered and logged in to see this link.] is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • [You must be registered and logged in to see this link.]. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • [You must be registered and logged in to see this link.]. A very smart and user friendly firewall.
  • [You must be registered and logged in to see this link.] is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. [You must be registered and logged in to see this link.] is an excellent source of freeware reviews.
  • Navigate safely. [You must be registered and logged in to see this link.] is the safest browser available. However, Mozilla Firefox can be made extremely safe with the [You must be registered and logged in to see this link.] addon. Internet Explorer (always use [You must be registered and logged in to see this link.]) can be made a lot safer with [You must be registered and logged in to see this link.] (manual [You must be registered and logged in to see this link.]).
  • The [You must be registered and logged in to see this link.] addon will help you to stay on reliable webpages.
  • [You must be registered and logged in to see this link.] alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 2:31 pm

Avast on restart has stayed on a balck load up screen and is doing a scan it's found lots of win32:prefploy's and ramnit g's?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 30th June 2011, 2:34 pm

it's going crazy finding them every second.exedroppergen's?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 1st July 2011, 6:19 am

So I am a bit surprised here
Malwarebytes could not find a thing
and Avast! goes nuts.

Lets go for a third opinion.

  • Please download TFC (Temp File Cleaner) by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all programs before proceeding with the next step.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that needs to be deleted this can take seconds or up to several minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

WeŽre going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the [You must be registered and logged in to see this link.]
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 1st July 2011, 9:52 am

Hello again,

My dad went along with the complete reformat last night.

It seems clean now.

I do want to ask a couple of things:

1 - reccomendations and tips for enhancing security

2- My dad burned a selection of files/photos/pdfs onto DVD before he re-formatted. How do I know these will be safe?

Thanks for all your help. Have you ever heard of such a bad virus?

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by Gabethebabe on 1st July 2011, 10:10 am

[You must be registered and logged in to see this link.] wrote:
1 - reccomendations and tips for enhancing security

2- My dad burned a selection of files/photos/pdfs onto DVD before he re-formatted. How do I know these will be safe?

Thanks for all your help. Have you ever heard of such a bad virus?
1. I will post my ALORTKYCC in a minute.
2. Run a virus scan. But usually malware does not hide in this kind of data files (movies, music, pictures, documents).

We have seen a lot of malware here and yourŽs was not pretty, but not the worst either.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware canŽt touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • [You must be registered and logged in to see this link.]. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • [You must be registered and logged in to see this link.] has received great reviews from leading security analysts.
  • [You must be registered and logged in to see this link.] is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • [You must be registered and logged in to see this link.]. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • [You must be registered and logged in to see this link.]. A very smart and user friendly firewall.
  • [You must be registered and logged in to see this link.] is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. [You must be registered and logged in to see this link.] is an excellent source of freeware reviews.
  • Navigate safely. [You must be registered and logged in to see this link.] is the safest browser available. However, Mozilla Firefox can be made extremely safe with the [You must be registered and logged in to see this link.] addon. Internet Explorer (always use [You must be registered and logged in to see this link.]) can be made a lot safer with [You must be registered and logged in to see this link.] (manual [You must be registered and logged in to see this link.]).
  • The [You must be registered and logged in to see this link.] addon will help you to stay on reliable webpages.
  • [You must be registered and logged in to see this link.] alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Post by canyousmellme on 1st July 2011, 10:45 am

OK brilliant.

Thanks for all your help.

I'll go over all your reccomendations.

If I have any problems with the DVD's I'll let you know.

Thank You!!

canyousmellme
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-06-28
OS OS : windows 7 32 bit
Points Points : 20413
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum