Removing Zeus by resetting Windows

Status
Not open for further replies.
I

ihatecomputers

New Member
Thread author
May 1, 2024
4
I was notified by my universities internet provider that my computer attempted to access a botnet and is most likely infected with Zeus. I ran a full system scan using Bitdefender and Avast and nothing came up, so since I don't have a lot of files on this computer I would like to reset/reinstall windows. Would resetting windows definitely remove the virus or do I need to do a clean install (using the terminology used on Reinstall Windows - Microsoft Support , so deleting and recreating disk partitions)? Or would neither of these options guarantee that my system is clean?

Also, there are a few files (txt and tex) that I would prefer to keep. Are there any dangers in storing those files in a cloud and then downloading them on the cleaned computer?
 
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

It would be best if you remove any malware before considering reinstalling Windows.

First:

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones.
Please use this Guide for Windows 10 or 11. https://support.microsoft.com/en-us...d-folders-in-windows-97fbc472-c603-9d90-91d0-
Follow the instructions.

Then Download the Microsoft Scanner for this site:
Microsoft Safety Scanner Download - Microsoft Defender for Endpoint

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

p.s.
There are more information for you to read in the download link
===

Next:

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the 3l ogs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====.
 
I

ihatecomputers

New Member
Thread author
May 1, 2024
4
It's still running, sadly, but just to be clear running the scan and removing the viruses afterwards is better than reinstalling windows from a security perspective right? Because for me it would be a lot more convenient to just do a clean install than scanning and removing the viruses
 
I

ihatecomputers

New Member
Thread author
May 1, 2024
4
I have attached the results of the scanners (when copying and pasting the contents of FRST.txt into this message the forum didn't let me post). Please let me know how to proceed.
 

Attachments

  • Addition.txt
    88.4 KB · Views: 3
  • msert.log
    1.6 KB · Views: 0
  • FRST.txt
    50.6 KB · Views: 2
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

The files were attached.

No malware was found in your logs. This is just some cleanup and maintenance .

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Any issues with this computer?
 

Attachments

  • Fixlist.txt
    5.6 KB · Views: 1
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Thank you for letting me know.
Stay safe
 
Status
Not open for further replies.

Similar threads

Ehp12
  • Locked
Having problems with boyu
Replies
2
Views
401
Windows Malware Removal Help & Support
nasdaq
nasdaq
skeptfusky
  • Locked
Still having the Boyu problem despite doing the instructions provided ready.
Replies
10
Views
766
Windows Malware Removal Help & Support
nasdaq
nasdaq
L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
385
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top