using AVAST : Trojan malware found Trojan , how to clean?

[Guest Loveembirds]

Hello all,

 

Just ran my virus sweep and also use spysweeper here.

Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

Volume Information\restore and C:\documents and setting\myname\desktop

XPAinstall .

 

There's

more info. per those two places but I don't know how to hijack this-or

whatever-to leave it all here.

Just wondering if someone can lead me to a good source ( thats free) to help

clean this stuff totally off my computer. As of now, I only had the option

-per avast- to put it in the virus chest , should I leave them there ,

delete them or what ?

 

Thanks if you can help !

[Guest Muzafar Ganie]

RE: using AVAST : Trojan malware found Trojan , how to clean?

 

 

Hi,

 

Run the scan from safety.live.com and thet will take care of the issue

 

Muzafar

[Guest nass]

RE: using AVAST : Trojan malware found Trojan , how to clean?

 

 

 

"Loveembirds" wrote:

> Hello all,

>

> Just ran my virus sweep and also use spysweeper here.

> Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

> Volume Information\restore and C:\documents and setting\myname\desktop

> XPAinstall .

>

> There's

> more info. per those two places but I don't know how to hijack this-or

> whatever-to leave it all here.

> Just wondering if someone can lead me to a good source ( thats free) to help

> clean this stuff totally off my computer. As of now, I only had the option

> -per avast- to put it in the virus chest , should I leave them there ,

> delete them or what ?

>

> Thanks if you can help !

 

 

Clear the Restore Points as they seems to be infected by the trojans!

Do this:

Right click "My Computer" icon and select Properties from the drop down list.

On the system Properties click on System Restore Tab and check this box:

[ ] Turn off System Restore on all drives

 

Click [Apply] then click [OK] try to access some programs on your machine

then do the stpes again to access the System Restore to create a new clean

restore Point and this time Uncheck the check box [ ].

Right click "My Computer" icon and select Properties from the drop down list.

On the system Properties click on System Restore Tab and Uncheck this box:

[ ] Turn off System Restore on all drives

 

Go through these cleaning steps:

1... Click start >> Control Panel >> Double Click Network and Internet

Connections >> Double click Internet Options, on the IE Properties window

you will see these Options:

General | Security | Privacy | Content | Connections | Programs

| Advanced .

 

Click on General Tab (1st Tab on the left) and you will see a Button called

[ Clear History ..] click on it to clear your History caches, then click on

[Delete Files..] to delete Internet Files created over the time, click on [

Delete Cookies...] to delete your cookies left by visiting websites.

 

= Then try to Disable the Add-Ons on your Browser somehow installed on your

browser, On how to disable the Add-ons follow this:

Click on Programs Tab and then click the Manage Add-Ons Button there Disable

the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one

later and see which is the culprit .

How to manage Add-Ons:

http://support.microsoft.com/kb/883256

 

Scan for malware from here:

http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

http://onecare.live.com/standard/en-gb/default.htm

SuperAntispyware - Free

http://www.superantispyware.com/superantispywarefreevspro.html

Download this tool to clean your Temp and other unwanted orphans reside on

your HDD:

http://www.ccleaner.com

 

 

HTH.

nass

---

http://www.nasstec.co.uk

[Guest David H. Lipman]

Re: using AVAST : Trojan malware found Trojan , how to clean?

 

From: "Loveembirds" <Loveembirds@discussions.microsoft.com>

 

| Hello all,

 

| Just ran my virus sweep and also use spysweeper here.

| Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

| Volume Information\restore and C:\documents and setting\myname\desktop

| XPAinstall .

 

| There's

| more info. per those two places but I don't know how to hijack this-or

| whatever-to leave it all here.

| Just wondering if someone can lead me to a good source ( thats free) to help

| clean this stuff totally off my computer. As of now, I only had the option

| -per avast- to put it in the virus chest , should I leave them there ,

| delete them or what ?

 

| Thanks if you can help !

 

 

Download MULTI_AV.EXE from the URL --

http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

 

http://www.pctipp.ch/downloads/dl/35905.asp

 

English:

http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

 

To use this utility, perform the following...

Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }

Choose; Unzip

Choose; Close

 

Execute; C:\AV-CLS\StartMenu.BAT

{ or Double-click on 'Start Menu' in C:\AV-CLS }

 

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your

FireWall to allow it to download the needed AV vendor related files.

 

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}

This will bring up the initial menu of choices and should be executed in Normal Mode.

This way all the components can be downloaded from each AV vendor's web site.

The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

 

You can choose to go to each menu item and just download the needed files or you can

download the files and perform a scan in Normal Mode. Once you have downloaded the files

needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key

during boot] and re-run the menu again and choose which scanner you want to run in Safe

Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

 

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help

file.

 

Additional Instructions:

http://pcdid.com/Multi_AV.htm

 

 

* * * Please report back your results * * *

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest PA Bear [MS MVP]]

Re: using AVAST : Trojan malware found Trojan , how to clean?

 

Avast Support Forum

http://forum.avast.com/

 

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjuction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. **Post your log to

http://aumha.net/viewforum.php?f=30,

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html, or other appropriate forums for review

by an expert in such matters, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

Loveembirds wrote:

> Hello all,

>

> Just ran my virus sweep and also use spysweeper here.

> Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

> Volume Information\restore and C:\documents and setting\myname\desktop

> XPAinstall .

>

> There's

> more info. per those two places but I don't know how to hijack this-or

> whatever-to leave it all here.

> Just wondering if someone can lead me to a good source ( thats free) to

> help

> clean this stuff totally off my computer. As of now, I only had the

> option

> -per avast- to put it in the virus chest , should I leave them there ,

> delete them or what ?

>

> Thanks if you can help !

[Guest Loveembirds]

RE: using AVAST : Trojan malware found Trojan , how to clean?

 

Oh wow, thanks guys for all your help !

So far though I can only follow Nass' directions and feel somewhat

comfortable doing those myself, I am computer challenged !

I Know nothing about " Hijack this, that or the other procedures. I may

have to take this machine into someone but wanted to ask Nass a couple more

questions, anyone else feel free to add your comments.

 

Per my add ons : I checked those, all were enabled so am I to assume I'm

safe there?

I do clear my cookies and temp. files all the time but do so via whatever

web page I'm on at the time via tools then internet options, have since

done it via the general tab in the internet options via the control panel.

 

Nass, Per the system restore instructions , will doing that leave me with

only one restore point after I do all that, can I be assured that one will be

safe after perofrming that task ? Of course I understand I need to run the

onecarelive malware scan also and may do that first to see if I do indeed

have this problem and it's not a " false positive"?!

I will check back in here later, am using this infected machine and am a

bit antsy in doing so to be honest with you, yikes !

 

 

"nass" wrote:

>

>

> "Loveembirds" wrote:

>

> > Hello all,

> >

> > Just ran my virus sweep and also use spysweeper here.

> > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

> > Volume Information\restore and C:\documents and setting\myname\desktop

> > XPAinstall .

> >

> > There's

> > more info. per those two places but I don't know how to hijack this-or

> > whatever-to leave it all here.

> > Just wondering if someone can lead me to a good source ( thats free) to help

> > clean this stuff totally off my computer. As of now, I only had the option

> > -per avast- to put it in the virus chest , should I leave them there ,

> > delete them or what ?

> >

> > Thanks if you can help !

>

>

> Clear the Restore Points as they seems to be infected by the trojans!

> Do this:

> Right click "My Computer" icon and select Properties from the drop down list.

> On the system Properties click on System Restore Tab and check this box:

> [ ] Turn off System Restore on all drives

>

> Click [Apply] then click [OK] try to access some programs on your machine

> then do the stpes again to access the System Restore to create a new clean

> restore Point and this time Uncheck the check box [ ].

> Right click "My Computer" icon and select Properties from the drop down list.

> On the system Properties click on System Restore Tab and Uncheck this box:

> [ ] Turn off System Restore on all drives

>

> Go through these cleaning steps:

> 1... Click start >> Control Panel >> Double Click Network and Internet

> Connections >> Double click Internet Options, on the IE Properties window

> you will see these Options:

> General | Security | Privacy | Content | Connections | Programs

> | Advanced .

>

> Click on General Tab (1st Tab on the left) and you will see a Button called

> [ Clear History ..] click on it to clear your History caches, then click on

> [Delete Files..] to delete Internet Files created over the time, click on [

> Delete Cookies...] to delete your cookies left by visiting websites.

>

> = Then try to Disable the Add-Ons on your Browser somehow installed on your

> browser, On how to disable the Add-ons follow this:

> Click on Programs Tab and then click the Manage Add-Ons Button there Disable

> the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one

> later and see which is the culprit .

> How to manage Add-Ons:

> http://support.microsoft.com/kb/883256

>

> Scan for malware from here:

> http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

> http://onecare.live.com/standard/en-gb/default.htm

> SuperAntispyware - Free

> http://www.superantispyware.com/superantispywarefreevspro.html

> Download this tool to clean your Temp and other unwanted orphans reside on

> your HDD:

> http://www.ccleaner.com

>

>

> HTH.

> nass

> ---

> http://www.nasstec.co.uk

>

[Guest Loveembirds]

RE: using AVAST : Trojan malware found Trojan , how to clean?

 

Nass,

 

Do I perform a "full service scan" at onecare and if I do the cc cleaner,

will I be safe messing around with a registry cleaner since I know nothing

about that?

 

 

"nass" wrote:

>

>

> "Loveembirds" wrote:

>

> > Hello all,

> >

> > Just ran my virus sweep and also use spysweeper here.

> > Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System

> > Volume Information\restore and C:\documents and setting\myname\desktop

> > XPAinstall .

> >

> > There's

> > more info. per those two places but I don't know how to hijack this-or

> > whatever-to leave it all here.

> > Just wondering if someone can lead me to a good source ( thats free) to help

> > clean this stuff totally off my computer. As of now, I only had the option

> > -per avast- to put it in the virus chest , should I leave them there ,

> > delete them or what ?

> >

> > Thanks if you can help !

>

>

> Clear the Restore Points as they seems to be infected by the trojans!

> Do this:

> Right click "My Computer" icon and select Properties from the drop down list.

> On the system Properties click on System Restore Tab and check this box:

> [ ] Turn off System Restore on all drives

>

> Click [Apply] then click [OK] try to access some programs on your machine

> then do the stpes again to access the System Restore to create a new clean

> restore Point and this time Uncheck the check box [ ].

> Right click "My Computer" icon and select Properties from the drop down list.

> On the system Properties click on System Restore Tab and Uncheck this box:

> [ ] Turn off System Restore on all drives

>

> Go through these cleaning steps:

> 1... Click start >> Control Panel >> Double Click Network and Internet

> Connections >> Double click Internet Options, on the IE Properties window

> you will see these Options:

> General | Security | Privacy | Content | Connections | Programs

> | Advanced .

>

> Click on General Tab (1st Tab on the left) and you will see a Button called

> [ Clear History ..] click on it to clear your History caches, then click on

> [Delete Files..] to delete Internet Files created over the time, click on [

> Delete Cookies...] to delete your cookies left by visiting websites.

>

> = Then try to Disable the Add-Ons on your Browser somehow installed on your

> browser, On how to disable the Add-ons follow this:

> Click on Programs Tab and then click the Manage Add-Ons Button there Disable

> the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one

> later and see which is the culprit .

> How to manage Add-Ons:

> http://support.microsoft.com/kb/883256

>

> Scan for malware from here:

> http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

> http://onecare.live.com/standard/en-gb/default.htm

> SuperAntispyware - Free

> http://www.superantispyware.com/superantispywarefreevspro.html

> Download this tool to clean your Temp and other unwanted orphans reside on

> your HDD:

> http://www.ccleaner.com

>

>

> HTH.

> nass

> ---

> http://www.nasstec.co.uk

>

[Guest nass]

RE: using AVAST : Trojan malware found Trojan , how to clean?

 

 

 

"Loveembirds" wrote:

> Oh wow, thanks guys for all your help !

> So far though I can only follow Nass' directions and feel somewhat

> comfortable doing those myself, I am computer challenged !

> I Know nothing about " Hijack this, that or the other procedures. I may

> have to take this machine into someone but wanted to ask Nass a couple more

> questions, anyone else feel free to add your comments.

>

> Per my add ons : I checked those, all were enabled so am I to assume I'm

> safe there?

> I do clear my cookies and temp. files all the time but do so via whatever

> web page I'm on at the time via tools then internet options, have since

> done it via the general tab in the internet options via the control panel.

>

> Nass, Per the system restore instructions , will doing that leave me with

> only one restore point after I do all that, can I be assured that one will be

> safe after perofrming that task ? Of course I understand I need to run the

> onecarelive malware scan also and may do that first to see if I do indeed

> have this problem and it's not a " false positive"?!

> I will check back in here later, am using this infected machine and am a

> bit antsy in doing so to be honest with you, yikes !

 

Hi,

 

For the Add-ons issue try to Disbale the Non-verified Add-ons per the MS

Article then Renable them one at a time and see if your browser behavior will

change or act funt, it may be the virus hooked a plug-ins on your browser

that direct you or track your Browsing the internet!

How to manage Add-Ons:

http://support.microsoft.com/kb/883256

http://blogs.msdn.com/ie/archive/2006/07/25/678113.aspx

http://windowshelp.microsoft.com/Windows/en-US/help/e85a03aa-c7c6-428e-9891-67ea76df9b7e1033.mspx

 

For the Restore Point yes please clear the Infested Restore point and create

clean one per the instruction provided in my previous post.

 

Onecare yes peform a full scan on your system and also scan with

Superantispyware.

 

The ccleaner, use the registry option and it will prompt you to save a

backup, please do so and save a copy on your Desktop and run the registry and

remove any orphans or unwanted Registry Keys may detected by ccleaner.

Reboot after that and see if your Applications work okay...if all is well

you can delete the backup for ccleaner from your Desktop.

HTH.

nass

---

http://www.nasstec.co.uk