Zbol virus -- seems clean but wireless acting weird...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Phlegmbot, Jul 26, 2010.

  1. Phlegmbot

    Phlegmbot Private First Class

    According to MBAM (quick and full scan), Avira, & Superanti... (quick and full scan) I'm clean...

    But ever since I got the virus my wireless is acting weirdly: it won't sign me on, then it will for a few seconds, then it loses the connection, then it tries again, then it's on, off, on, off, and so on.

    I've been going through the MajorGeeks removal guide and screwed up, accidentally DLing MGTools.exe to the desktop. I MOVED it to the C:/ drive, ran it and the black screen that pops up kept showing me "Access Denied" over and over...I also kept getting the "Do you want to allow this program to make changes" pop-up during that. So, I'd click YES, and then the black window would write another live of "Access Denied" -- this happened over and over until I quit these via Task Manager.

    I tried re-DLing, and it wouldn't DL again. SO I tried moving MGTools BACK to the desktop...ran it, nothing happened.

    I'm thinkin' that you didn't mean for me to RUN MGTools yet, JUST download it...is that correct?

    In the meantime, I wanted to turn off the UAC. But the step-by-step does NOT match what I'm seeing on my Win7 64-bit environ. After User Accounts, what you describe does not appear.

    There is NO check box which reads "Use User Account Control (UAC) to help protect your computer"...Also, I AM in Admin Approval Mode I believe, but no window popped up to ask me about it; I found this option chosen, w/a radio button, elsewhere, but the other option is grayed out and NOT choosable.

    Please help.

    Thank you.
     
    Phlegmbot, Jul 26, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The guide actually stated you could put it on the Desktop if necessary. ;) It says this:
    Yes this will occur when UAC is not disabled as requested.

    Some people run into problems downloading and running immediately. Some even have problems running MGtools thru to completion on Vista and Win 7 which is why the procedure stated
    but this has been less of a problem now as long as UAC is properly disabled and followed by a reboot before running MGtools and if MGtools is Run As Administrator.

    Does the method in the below link work?

    http://www.howtogeek.com/howto/windows-vista/disable-user-account-control-uac-the-easy-way-on-windows-vista/
     
    chaslang, Jul 26, 2010
    #2
  3. Phlegmbot

    Phlegmbot Private First Class

    Hey, thanks for the help!

    Gonna quote you the old-fashioned way:
    "The guide actually stated you could put it on the Desktop if necessary."

    Yup, saw that, but it had a qualifier in there I wasn't certain about: "as long as your Desktop folder is located on the same drive that you boot Windows from" -- hence my hesitation there.

    "Yes this will occur when UAC is not disabled as requested."

    Yup -- I got that. That was my point.

    "Some people run into problems downloading and running immediately. Some even have problems running MGtools thru to completion on Vista and Win 7 which is why the procedure stated "

    "Does the method in the below link work?"

    Thank you on both of the above.

    The link ALSO has the steps wrong. But, here's how dumb I am: another window was popping up and I was just panicking in my head going "I DON'T KNOW WHAT THAT IS!"...But, in essence, it's the check box everyone points out. But it's now a big slider. I thought it was something completely different as I still don't fully understand Win7 and all its settings.
     

    Attached Files:

    Phlegmbot, Jul 27, 2010
    #3
  4. Phlegmbot

    Phlegmbot Private First Class

    BTW, MGTools is stuck on analyse.exe at the time of this posting. Thoughts?
     
    Phlegmbot, Jul 27, 2010
    #4
  5. Phlegmbot

    Phlegmbot Private First Class

    Sorry, please ignore the post about MGTools freezing -- a window popped-up with "Accept"/"Decline" options, but the window wasn't visible until I closed Firefox and Windows Explorer for some reason.

    My MGTools Zip file is attached.
     

    Attached Files:

    Last edited: Jul 27, 2010
    Phlegmbot, Jul 27, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not sure what you mean. That link even shows you an image of the slider.


    At any rate, it does not apear that you are having malware problems since these logs are clean. You said MBAM and SAS found nothing but your logs show SAS did find things in two different scans:
    Code:
     3,036 2010-07-25 C:\Users\K-OK\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 07-25-2010 - 06-59-20.log
16,150 2010-07-25 C:\Users\K-OK\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 07-25-2010 - 08-06-42.log
    Or were these all just cookies. If it was just cookies then you did not follow the instructions in the READ & RUN ME for configuring and running SUPERAntiSpyware since we said to uncheck the option for cookies since they are a waste of time to scan and report.
     
    chaslang, Jul 28, 2010
    #6
  7. Phlegmbot

    Phlegmbot Private First Class

    Hey, Chas!

    Honestly, I didn't even get that far once I saw the first image was again wrong, showing a page and an option that simply doesn't exist.

    Eek. Sorry about that -- it IS likely they are cookies as I did some Internet surfing inbetween running MBAM and SAS and MGTools. But I hadn't made any further changes to my system, gone to any untoward websites, or downloaded anything.

    So, let me ask you these questions:
    1. Is it possible Zbol is the cause of my weird wireless issue?
    2. if it seems I'm clean, and I've already reinstalled my wireless drivers but am still having this odd issue, are there any fixes you can recommend? (I know this question may be one for another forum, but I thought I'd ask since it could be virus-related.)
     
    Last edited: Jul 28, 2010
    Phlegmbot, Jul 28, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The first image for Windows 7 is perfectly correct. I checked it on 4 Win 7 systems just to be sure.

    There were no infections in your logs. Don't know what Zbol is? Did you mean Zbot or Zlob? If not, exactly what are you referring to since the same infection can be referred to by a different name by every company/scanner.


    Networking Forum is more appropriate especically since you are saying it is an intermittant type problem. When infections ( like Win32.Bagle) have cause problems with wireless interfaces, they were not intermittant. There was never a connection until repaired. I wrote the below for case where Bagle and others broke the Wireless Zero Service.

    Fixing Wireless Zero Config Service
     
    chaslang, Jul 28, 2010
    #8
  9. Phlegmbot

    Phlegmbot Private First Class

    I'm uncertain why you're so argumentative, Chas, but, in spite of that, I appreciate your assistance.

    The first panel is flat-out wrong on my machine, and I think I included an image to show that.

    That said, since you said this sort of symptom is not typical, I've re-reinstalled my drivers, completely unplugged and re-set everything related to my wireless, restarted, and it all seems to be working now.
     
    Phlegmbot, Jul 29, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not being argumentative. I'm just stating facts. You are not looking at the correct figure. The link I gave you has info for both Vista and Win 7. The 1st image for Win 7 is exactly what you posted from your PC. You are likely looking at the Vista instructions. The 1st two images are for Vista, the 3rd and 4th are for Win 7.

    Great.
     
    chaslang, Jul 29, 2010
    #10
  11. Phlegmbot

    Phlegmbot Private First Class

    4 Hours later:

    It began happening again. I'm starting to wonder if I should just trade out some of my wires.

    Beyond that, I'll take this out of the Malware forums and post elsewhere.

    Sighhh....

    Thank you once more for the assistance.
     
    Phlegmbot, Jul 29, 2010
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link:
     
    chaslang, Jul 30, 2010
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds