WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


win32/Zbot hellllllllllp please!!!

2 posters

descriptionwin32/Zbot hellllllllllp please!!! Emptywin32/Zbot hellllllllllp please!!!21st February 2011, 7:32 pm

more_horiz
Hi i have registered here in the hope that you guys can help me remove a dreaded virus. I have AVG installed yes its the free edition but it didnt stop this virus getting thru, i have run malwarebytes and that removed 7 problems and a few others since i have run it again (safe mode) i have also down loaded a trojan remover and this has no effect. This virus is also chomping its way through various program files stopping them from working. Here is a log i saved from malewarebytes.

Thanks for any help Guys David......

win32/Zbot.

VBS/generic

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5796

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21/02/2011 12:33:02
mbam-log-2011-02-21 (12-33-02).txt

Scan type: Quick scan
Objects scanned: 151986
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\local settings\Temp\utt19.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/02/2011 14:41:36
mbam-log-2011-02-18 (14-41-36).txt

Scan type: Quick scan
Objects scanned: 153377
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\start menu\Programs\Startup\mihexxtl.exe (Spyware.Zbot) -> Delete on reboot.
c:\documents and settings\administrator\start menu\Programs\Startup\mihexxtl.exe (Spyware.Zbot) -> Quarantined and deleted successfully.



descriptionwin32/Zbot hellllllllllp please!!! EmptyRe: win32/Zbot hellllllllllp please!!!21st February 2011, 9:11 pm

more_horiz
Hi David,

Please download ComboFix win32/Zbot hellllllllllp please!!! Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

win32/Zbot hellllllllllp please!!! Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
win32/Zbot hellllllllllp please!!! RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionwin32/Zbot hellllllllllp please!!! EmptyRe: win32/Zbot hellllllllllp please!!!22nd February 2011, 12:36 pm

more_horiz
Hi thanks for the help but i cannot access internet explorer now at all so am reading this reply via a doner pc which has a fan like a bus and pretty annoying any ideas David....

Managed to download mozilla to get on net and wont let me open combo keep getting this message

File not found

Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/ComboFix.exe.








* Check the file name for capitalization or other typing errors.

* Check to see if the file was moved, renamed or deleted.

still at a loss.........

descriptionwin32/Zbot hellllllllllp please!!! EmptyRe: win32/Zbot hellllllllllp please!!!22nd February 2011, 6:42 pm

more_horiz
Can you put the file on to removable media like a blank CD and copy it over to the infected machine?

descriptionwin32/Zbot hellllllllllp please!!! EmptyRe: win32/Zbot hellllllllllp please!!!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum