Guest Loveembirds Posted August 22, 2008 Posted August 22, 2008 Hello all, Just ran my virus sweep and also use spysweeper here. Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System Volume Information\restore and C:\documents and setting\myname\desktop XPAinstall . There's more info. per those two places but I don't know how to hijack this-or whatever-to leave it all here. Just wondering if someone can lead me to a good source ( thats free) to help clean this stuff totally off my computer. As of now, I only had the option -per avast- to put it in the virus chest , should I leave them there , delete them or what ? Thanks if you can help !
Guest Muzafar Ganie Posted August 22, 2008 Posted August 22, 2008 RE: using AVAST : Trojan malware found Trojan , how to clean? Hi, Run the scan from safety.live.com and thet will take care of the issue Muzafar
Guest nass Posted August 22, 2008 Posted August 22, 2008 RE: using AVAST : Trojan malware found Trojan , how to clean? "Loveembirds" wrote: > Hello all, > > Just ran my virus sweep and also use spysweeper here. > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System > Volume Information\restore and C:\documents and setting\myname\desktop > XPAinstall . > > There's > more info. per those two places but I don't know how to hijack this-or > whatever-to leave it all here. > Just wondering if someone can lead me to a good source ( thats free) to help > clean this stuff totally off my computer. As of now, I only had the option > -per avast- to put it in the virus chest , should I leave them there , > delete them or what ? > > Thanks if you can help ! Clear the Restore Points as they seems to be infected by the trojans! Do this: Right click "My Computer" icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and check this box: [ ] Turn off System Restore on all drives Click [Apply] then click [OK] try to access some programs on your machine then do the stpes again to access the System Restore to create a new clean restore Point and this time Uncheck the check box [ ]. Right click "My Computer" icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and Uncheck this box: [ ] Turn off System Restore on all drives Go through these cleaning steps: 1... Click start >> Control Panel >> Double Click Network and Internet Connections >> Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from here: http://onecare.live.com/site/en-gb/default.htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm SuperAntispyware - Free http://www.superantispyware.com/superantispywarefreevspro.html Download this tool to clean your Temp and other unwanted orphans reside on your HDD: http://www.ccleaner.com HTH. nass --- http://www.nasstec.co.uk
Guest David H. Lipman Posted August 22, 2008 Posted August 22, 2008 Re: using AVAST : Trojan malware found Trojan , how to clean? From: "Loveembirds" <Loveembirds@discussions.microsoft.com> | Hello all, | Just ran my virus sweep and also use spysweeper here. | Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System | Volume Information\restore and C:\documents and setting\myname\desktop | XPAinstall . | There's | more info. per those two places but I don't know how to hijack this-or | whatever-to leave it all here. | Just wondering if someone can lead me to a good source ( thats free) to help | clean this stuff totally off my computer. As of now, I only had the option | -per avast- to put it in the virus chest , should I leave them there , | delete them or what ? | Thanks if you can help ! Download MULTI_AV.EXE from the URL -- http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest PA Bear [MS MVP] Posted August 22, 2008 Posted August 22, 2008 Re: using AVAST : Trojan malware found Trojan , how to clean? Avast Support Forum http://forum.avast.com/ Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Loveembirds wrote: > Hello all, > > Just ran my virus sweep and also use spysweeper here. > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System > Volume Information\restore and C:\documents and setting\myname\desktop > XPAinstall . > > There's > more info. per those two places but I don't know how to hijack this-or > whatever-to leave it all here. > Just wondering if someone can lead me to a good source ( thats free) to > help > clean this stuff totally off my computer. As of now, I only had the > option > -per avast- to put it in the virus chest , should I leave them there , > delete them or what ? > > Thanks if you can help !
Guest Loveembirds Posted August 23, 2008 Posted August 23, 2008 RE: using AVAST : Trojan malware found Trojan , how to clean? Oh wow, thanks guys for all your help ! So far though I can only follow Nass' directions and feel somewhat comfortable doing those myself, I am computer challenged ! I Know nothing about " Hijack this, that or the other procedures. I may have to take this machine into someone but wanted to ask Nass a couple more questions, anyone else feel free to add your comments. Per my add ons : I checked those, all were enabled so am I to assume I'm safe there? I do clear my cookies and temp. files all the time but do so via whatever web page I'm on at the time via tools then internet options, have since done it via the general tab in the internet options via the control panel. Nass, Per the system restore instructions , will doing that leave me with only one restore point after I do all that, can I be assured that one will be safe after perofrming that task ? Of course I understand I need to run the onecarelive malware scan also and may do that first to see if I do indeed have this problem and it's not a " false positive"?! I will check back in here later, am using this infected machine and am a bit antsy in doing so to be honest with you, yikes ! "nass" wrote: > > > "Loveembirds" wrote: > > > Hello all, > > > > Just ran my virus sweep and also use spysweeper here. > > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System > > Volume Information\restore and C:\documents and setting\myname\desktop > > XPAinstall . > > > > There's > > more info. per those two places but I don't know how to hijack this-or > > whatever-to leave it all here. > > Just wondering if someone can lead me to a good source ( thats free) to help > > clean this stuff totally off my computer. As of now, I only had the option > > -per avast- to put it in the virus chest , should I leave them there , > > delete them or what ? > > > > Thanks if you can help ! > > > Clear the Restore Points as they seems to be infected by the trojans! > Do this: > Right click "My Computer" icon and select Properties from the drop down list. > On the system Properties click on System Restore Tab and check this box: > [ ] Turn off System Restore on all drives > > Click [Apply] then click [OK] try to access some programs on your machine > then do the stpes again to access the System Restore to create a new clean > restore Point and this time Uncheck the check box [ ]. > Right click "My Computer" icon and select Properties from the drop down list. > On the system Properties click on System Restore Tab and Uncheck this box: > [ ] Turn off System Restore on all drives > > Go through these cleaning steps: > 1... Click start >> Control Panel >> Double Click Network and Internet > Connections >> Double click Internet Options, on the IE Properties window > you will see these Options: > General | Security | Privacy | Content | Connections | Programs > | Advanced . > > Click on General Tab (1st Tab on the left) and you will see a Button called > [ Clear History ..] click on it to clear your History caches, then click on > [Delete Files..] to delete Internet Files created over the time, click on [ > Delete Cookies...] to delete your cookies left by visiting websites. > > = Then try to Disable the Add-Ons on your Browser somehow installed on your > browser, On how to disable the Add-ons follow this: > Click on Programs Tab and then click the Manage Add-Ons Button there Disable > the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one > later and see which is the culprit . > How to manage Add-Ons: > http://support.microsoft.com/kb/883256 > > Scan for malware from here: > http://onecare.live.com/site/en-gb/default.htm?s_cid=sah > http://onecare.live.com/standard/en-gb/default.htm > SuperAntispyware - Free > http://www.superantispyware.com/superantispywarefreevspro.html > Download this tool to clean your Temp and other unwanted orphans reside on > your HDD: > http://www.ccleaner.com > > > HTH. > nass > --- > http://www.nasstec.co.uk >
Guest Loveembirds Posted August 23, 2008 Posted August 23, 2008 RE: using AVAST : Trojan malware found Trojan , how to clean? Nass, Do I perform a "full service scan" at onecare and if I do the cc cleaner, will I be safe messing around with a registry cleaner since I know nothing about that? "nass" wrote: > > > "Loveembirds" wrote: > > > Hello all, > > > > Just ran my virus sweep and also use spysweeper here. > > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System > > Volume Information\restore and C:\documents and setting\myname\desktop > > XPAinstall . > > > > There's > > more info. per those two places but I don't know how to hijack this-or > > whatever-to leave it all here. > > Just wondering if someone can lead me to a good source ( thats free) to help > > clean this stuff totally off my computer. As of now, I only had the option > > -per avast- to put it in the virus chest , should I leave them there , > > delete them or what ? > > > > Thanks if you can help ! > > > Clear the Restore Points as they seems to be infected by the trojans! > Do this: > Right click "My Computer" icon and select Properties from the drop down list. > On the system Properties click on System Restore Tab and check this box: > [ ] Turn off System Restore on all drives > > Click [Apply] then click [OK] try to access some programs on your machine > then do the stpes again to access the System Restore to create a new clean > restore Point and this time Uncheck the check box [ ]. > Right click "My Computer" icon and select Properties from the drop down list. > On the system Properties click on System Restore Tab and Uncheck this box: > [ ] Turn off System Restore on all drives > > Go through these cleaning steps: > 1... Click start >> Control Panel >> Double Click Network and Internet > Connections >> Double click Internet Options, on the IE Properties window > you will see these Options: > General | Security | Privacy | Content | Connections | Programs > | Advanced . > > Click on General Tab (1st Tab on the left) and you will see a Button called > [ Clear History ..] click on it to clear your History caches, then click on > [Delete Files..] to delete Internet Files created over the time, click on [ > Delete Cookies...] to delete your cookies left by visiting websites. > > = Then try to Disable the Add-Ons on your Browser somehow installed on your > browser, On how to disable the Add-ons follow this: > Click on Programs Tab and then click the Manage Add-Ons Button there Disable > the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one > later and see which is the culprit . > How to manage Add-Ons: > http://support.microsoft.com/kb/883256 > > Scan for malware from here: > http://onecare.live.com/site/en-gb/default.htm?s_cid=sah > http://onecare.live.com/standard/en-gb/default.htm > SuperAntispyware - Free > http://www.superantispyware.com/superantispywarefreevspro.html > Download this tool to clean your Temp and other unwanted orphans reside on > your HDD: > http://www.ccleaner.com > > > HTH. > nass > --- > http://www.nasstec.co.uk >
Guest nass Posted August 23, 2008 Posted August 23, 2008 RE: using AVAST : Trojan malware found Trojan , how to clean? "Loveembirds" wrote: > Oh wow, thanks guys for all your help ! > So far though I can only follow Nass' directions and feel somewhat > comfortable doing those myself, I am computer challenged ! > I Know nothing about " Hijack this, that or the other procedures. I may > have to take this machine into someone but wanted to ask Nass a couple more > questions, anyone else feel free to add your comments. > > Per my add ons : I checked those, all were enabled so am I to assume I'm > safe there? > I do clear my cookies and temp. files all the time but do so via whatever > web page I'm on at the time via tools then internet options, have since > done it via the general tab in the internet options via the control panel. > > Nass, Per the system restore instructions , will doing that leave me with > only one restore point after I do all that, can I be assured that one will be > safe after perofrming that task ? Of course I understand I need to run the > onecarelive malware scan also and may do that first to see if I do indeed > have this problem and it's not a " false positive"?! > I will check back in here later, am using this infected machine and am a > bit antsy in doing so to be honest with you, yikes ! Hi, For the Add-ons issue try to Disbale the Non-verified Add-ons per the MS Article then Renable them one at a time and see if your browser behavior will change or act funt, it may be the virus hooked a plug-ins on your browser that direct you or track your Browsing the internet! How to manage Add-Ons: http://support.microsoft.com/kb/883256 http://blogs.msdn.com/ie/archive/2006/07/25/678113.aspx http://windowshelp.microsoft.com/Windows/en-US/help/e85a03aa-c7c6-428e-9891-67ea76df9b7e1033.mspx For the Restore Point yes please clear the Infested Restore point and create clean one per the instruction provided in my previous post. Onecare yes peform a full scan on your system and also scan with Superantispyware. The ccleaner, use the registry option and it will prompt you to save a backup, please do so and save a copy on your Desktop and run the registry and remove any orphans or unwanted Registry Keys may detected by ccleaner. Reboot after that and see if your Applications work okay...if all is well you can delete the backup for ccleaner from your Desktop. HTH. nass --- http://www.nasstec.co.uk
Recommended Posts