Zzffbn.exe, what kinda malware is this ?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Fr0st, Jan 26, 2005.

  1. Fr0st

    Fr0st Private E-2

    Hi,

    Zzffbn.exe keeps running in the background everything I restart. Anyone have info on what kind of malware it is ?

    This is my HJT log:

    Logfile of HijackThis v1.99.0
    Scan saved at 8:44:13 PM, on 1/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Edit by chaslang: Unrequested inline log deleted. Please follow forum guidelines.
     
    Last edited by a moderator: Jan 26, 2005
    Fr0st, Jan 26, 2005
    #1
  2. jarcher

    jarcher I can't handle a title

    have you already gone through this sticky if not please do so. . .
    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal:
    if you have double check everything and make sure you did do everything
    and all software is up to date(do the online scans)

    NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting:
    *Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis! Please do this!!!*
    remember to close all running and tray apps. and all windows(including this one)before scaning

    if you have, successfuly
    How to Protect yourself from malware!


    ME: Virtumundo Problems/Resolution Threads
     
    jarcher, Jan 26, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Complete the READ ME that jarcher has pointed you towards.

    But before you even bother posting another HJT log make sure you do the stuff below:

    Goto Add/Remove programs and uninstall Messenger Plus! 3 It is the cause of a lot of your problems.


    Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file move.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)
    Double-click on the move.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge say yes.

    Exit all browsers and run HijackThis and have it FIX the following lines:
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
     
    chaslang, Jan 26, 2005
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds