Opened an email by mistake that infected system with PWS:Win32/Zbot.gen!plock. now everything I try to use to clean the system reveals more Trojans infecting system.
Possibly PWS:win32/zbot.gen!plock, Trojan Downloader:win32/Zembot or others
- Thread starter Jon
- Start date
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
- Mar 8, 2013
- 22,627
Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Tell me how is computer now?
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:
Folder::
c:\users\Gail\AppData\Roaming\Vyalke
c:\users\Gail\AppData\Roaming\Nineycq
c:\users\Gail\AppData\Roaming\Ywerawk
ClearJavaCache::Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Tell me how is computer now?
Here is the log you wished me to send. the system in the past would seem to run fine, but when we would do a full scan (which on this system lately has been taking 24+ hours to complete) with Microsoft security essentials is when it would pop saying it is finding various trojans and malware. I will turn the real time protection back on and start it running a full scan and check back in with it it on Monday to see how it is.
- Mar 8, 2013
- 22,627
Sorry for taking so long to get back to you. It is now going on 50+ hrs into a Microsoft Security essentials full scan and it is only 70% complete. The attached JPG is the log of what security essentials showed us was infected before we decided to come to you for assistance. Unfortunately I can not show you the earlier logs of other items it found before that because the log was accidently removed in parts of removing items from the system. Hopefully the scan will complete overnight and I can send you another updated results in the morning.
Attachments
- Mar 8, 2013
- 22,627
That looks ok. Never run full scan, because it is taking forever, and sometimes it is useless. Quick Scan is enough because it scans for locations malware usually use. Do a Quick Scan and let me know how is situation now?
full scan finished and came up clean. we shutdown system and let it sit for a few minutes and before rebooting. I did an update and a quick scan as per your instruction which also came up clean.
However Internet explorer is acting strange. For whatever reason it has problems loading yahoo and google the system just hangs the icon next to the url is the same as the previous site visited, the tab name is that of the previous visited site and it sits a a blank screen. however firefox and chrome do still work fine so its not too much of an issue, my only concern is this may still be symptoms of something still crawling around in the system.
However Internet explorer is acting strange. For whatever reason it has problems loading yahoo and google the system just hangs the icon next to the url is the same as the previous site visited, the tab name is that of the previous visited site and it sits a a blank screen. however firefox and chrome do still work fine so its not too much of an issue, my only concern is this may still be symptoms of something still crawling around in the system.
- Mar 8, 2013
- 22,627
Sorry for taking so long to get back to you, After talking with others I have learned that the Internet Explorer has seemed to always work a little quirky and this behavior is really nothing new for this system. If anything I think it gives a perfect excuse to push more for the use of Chrome and or Firefox. thank you very much for all your assistance the system is working perfectly. Thank you so much for making an exception to your rule to help our Non for profit organization.
- Mar 8, 2013
- 22,627
For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Similar threads
