Win32:Zbot-BEJ infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by toddler, May 6, 2009.

  1. toddler

    toddler Private E-2

    Hello,
    My Avast anti-virus keeps detecting 2 files infected with Win32:Zbot-BEJ trojan. Attempts to delete the files or quarantine them do not work, even in safe mode. I am running WXP with all microsoft updates. I followed instructions for cleaning my machine. None of the antispyware software finds the infection, only the Avast. I routinely run sygate firewall, ccleaner and spywareblaster. Enclosed are my logs, any help is greatly appreciated! The infections turn up back to back while Documents and settings\local settings\application data is being scanned.
     

    Attached Files:

    toddler, May 6, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there.

    Sygate Firewall is no longer supported or updated. Therefore at the end of the fix you should consider the uninstallation of it, and to get yourself an up to date third party firewall, many to choose from in our how to protect yourself from malware thread, however, we will get to that further on down the line.

    where is Avast finding these threats? Let me know the exact file path where it's locating them.
    is this where it's finding them?

    I will start reviewing your logs today, please be patient until I have worked out a fix for you. Thanks.

    Kes13!
     
    Kestrel13!, May 9, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Your firewall should always be running 100% of the time. It is not a malware scanner that you periodically run. However as I said Sygate is indeed unsupported now.


    It would seem that your logs are clean.

    I believe Avast is giving you a false positive with whatever threats it is finding. That or it is finding something in system restore. If it continues to detect them, please let me know the full file path.

    Just some miscellaneous stuff to take care of:

    1. If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    2. Is your copy of Spyware Doctor 6.0 a free trial which is useless and does not fix anything anyway or is it paid for software? If a free trial, then please uninstall it before we continue.

    3. FYI:

    Bad idea to have all users with admin privledges!!


    4. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    5. Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    6. Let me know if Avast is still finding the threats.
     
    Kestrel13!, May 10, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds