Just dont know

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
I am new here but have tried to remove the password stealing Win32/Zbotgen!AP but it still shows up in scans on my computer so I came here looking for help. I have run the two tools TFRST64, & aswMBR and have high hopes I can get my computer back
 

Attachments

  • FRST.txt
    49.8 KB · Views: 134
  • Addition.txt
    53.3 KB · Views: 96
  • aswMBRLOG.txt
    1.8 KB · Views: 76

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
Ok here is what I got from the scan, and by the way thank you,
 

Attachments

  • ComboFix.txt
    27.2 KB · Views: 120

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Open notepad and copy/paste the text present inside the code box below:


Code:
Folder::
c:\users\2of12\AppData\Roaming\Evniys
c:\users\2of12\AppData\Roaming\Yqcibae
c:\users\2of12\AppData\Roaming\Abbiamo
c:\users\2of12\AppData\Roaming\Apgumig
c:\users\2of12\AppData\Roaming\Gouzicid

ClearJavaCache::

Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
I did as you asked, their was nothing in any of the files they were all empty, I cleared the Java Cache and attached the txt file for combo fix. after dragging the empty file into ComboFix Again Thank you for your help.
 

Attachments

  • ComboFix.txt
    27.2 KB · Views: 109

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
where did I go wrong? I opened each of the files below but they were empty but I copied and pasted them to note pad and saved it as CFScript.txt I then cleared the Java cache, next I re-downloaded the ComBoFix file from the link onto my desktop, then I clicked on the empty CFScript.txt File and dragged it into the ComboFix.exe. then it started I let it finish after it produced the log file I saved it to C: ComboFix I then uploaded it to this post. believe me I would not- not follow your instructions I want to get this taken care of.
c:\users\2of12\AppData\Roaming\Evniys
c:\users\2of12\AppData\Roaming\Yqcibae
c:\users\2of12\AppData\Roaming\Abbiamo
c:\users\2of12\AppData\Roaming\Apgumig
c:\users\2of12\AppData\Roaming\Gouzicid
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
I think that because the files you told me to open and copy were empty
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
Thank You I miss understood. I copyed the script into notepad and saved it as CFScript then draged it to ComboFix it shows open script with ComboFix installer then lanches but it just sat there scanning all night with no progress at all it was still on the (Scanning for infected files...) this morning 6 hours later, should I try again and leave it all day?
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
we may have some progress I ran ComboFix again saved the log. Then I clicked on the CFScript.txt file it opened to show both the new log and the script i put into it. I then draged the script into ComboFix and it said the pubisher can not be verafied do you want to run I said yes. Looks like its running it's at stage 4 right now. WowHoo I will upload it when it finishes and I hope it has run with the script in it.
 

Attachments

  • log txt 2.txt
    26.8 KB · Views: 105

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
I have run two different scans and everything looks good, I don't trust the computer Just yet though. I want to thank you for your help I had tried and tried by my self but had little luck, I spent only a small amount of time here at the forum and it looks like its over. I would like to ask what besides common sense would you suggest to help keep the machine clean? You guy are Great :)
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
Ok I just ran a deep scan with Emsisoft Emergency Kit, I'm not sure but I don't think it looks good. I will see if I can upload the log, can you take a look when you get a free minute and let me know what it's all about. Note I tried to delete the objects detected but could not. :(
 

Attachments

  • a2scan_140315-181505 scan report.txt
    7.7 KB · Views: 76

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Some files are in quarantine, some of them are adware...


I can recommend you this software to avoid Adware in the future:

http://unchecky.com/

Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/


The main thing is that your PC is clean :)


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
Thanks have a look Looks good to ME
 

Attachments

  • DelFix.txt
    2.9 KB · Views: 50

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
I had to come back couldn't stay away. I just borrowed the clean up tool after cleaning up something that was happing not sure what but all seams right with the world now. thanks for the best help out their when you have a problem.
 

2of12

New Member
Thread author
Verified
Mar 11, 2014
18
Ok I but your wondering just what I was trying to fix. well when I click on a link say PCH a new window opens but then closes rather fast to the bottom task bar I can click on it and some times it opens but there is never an address in the address bar. Any Ideas? I have run just about everything but I can find no problems with any of the tools they say their is no problem. well sure acts like their is . Hum.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top