Win32/Zbot.gen!Y

MSE keeps saying I have the above in my PC, I have removed it, quarantined it, ran Malwarebytes, Ad-Aware. Run my updates, and yet MSE still keeps giving me the RED balloon .

I have cleaned my C:\Users\Fiery_WA\AppData\Local\Temp, using CCleaner, yet still this damn balloon keeps popping up.

It particularly likes to pop up after a reboot, which has me stuffed, although at random times it also pops up.

HELP!!

Welcome
Since members have their own area of expertise, I will notify our security expert. She is away for a day or two, but you will be helped.

In preparation for her, can you do the following for us please:

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

CKScanner

CKScanner:

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Please post back with all of the logs from these programs

Tom

Edit: Please attach the text files of the logs with your next post, not copy and paste the contents (there will be a lot of text!)

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Done?

I restored my OS back to a previous time prior to virus. Got no idea where it came from though

I cannot remember how to mark the thread as closed

PWS:Win32/Zbot.gen!Y is a generic detection for a password stealer and remote access trojan.
Change all your passwords using a known, clean computer... not from the infected one!

P2P.... BitTorrent DNA

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs.
Besides being illegal, these files also are loaded with "planted" malware

See Fiery,
Its worth the wait for one of the best. Follow her instructions and you will be ok.

TY Jacee

Jacee said:

PWS:Win32/Zbot.gen!Y is a generic detection for a password stealer and remote access trojan.
Change all your passwords using a known, clean computer... not from the infected one!

P2P.... BitTorrent DNA

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs.
Besides being illegal, these files also are loaded with "planted" malware

Click to expand...

Yes I understand that P2P programmes can let in nasties, however I hadn't used Bittorrent in months, I check all of my emails using webmail first so as not to download anything undesirable, I am just confused as to how I got it in the first place .

Quick question from the reading I have been doing the zbot is after passwords for online banking, since I have done a system restore to two months prior to getting this zbot. Is it safe for me to now consider my PC clean?

MSE was the first to notify me of the zbot, since my system restore, I have run MSE, and it shows no signs of the zbot.

Quick question from the reading I have been doing the zbot is after passwords for online banking, since I have done a system restore to two months prior to getting this zbot. Is it safe for me to now consider my PC clean?

Click to expand...

I wouldn't trust my machine with the same passwords. Definitely change all of them using another 'known' clean computer.... Not the one your using now!


Let's see if ESET finds anything.....

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

Here is the ESET scan results, no other anti virus has ever listed these, what is Win32/TrojanDownloader.Small.PAC trojan?

Since the zbot scare I have since uninstalled MSE and am trialling paid for Internet Security Suites.

I have been on the internet for 14 years, I always use to use PC-Cillin up until the GUI became icky, that's when I switched over to KIS 2010 ,upgraded it to 2011, but that started random BSOD.

I occasionally had a nasty knock on my door, but my AVS always kept them out.

Right up to MSE, when my first ever virus slipped in.

To date I have trialled Bitdefender Internet Security, Comodo, and currently have ESET Smart Security installed. However as it keeps giving me Win32/TrojanDownloader.Small.PAC trojan for things like my GPU Driver's which I downloaded straight from Nvidia, and also Microsoft Genuine Validation tool.

I am going to uninstall it, and try Webroot. The winner to date is Bitdefender.

Will keep you posted

Hi,

To answer your question: -

http://vil.nai.com/vil/content/v_292388.htm

Encyclopedia entry: TrojanDownloader:Win32/Small - Learn more about malware - Microsoft Malware Protection Center

Gives a brief description.

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe