Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.zbot detected by Spybot S&D


  • Please log in to reply
2 replies to this topic

#1 byonic

byonic

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:58 PM

Posted 01 February 2010 - 05:17 PM

Hello there, and many thanks in advance for any help and advice that you can give.

I have picked up a rather nasty virus, which I have tried to shake by using Spybot, MalwareBytes and Trend Online Housecall to no real success so far.

When logged on to Win XP in normal mode (not safe mode), I am usually unable to see desktop wallpaper, taskbar, or icons. I am not able to use System Restore, or access Task Manager. Also, when I use a search engine within my browser, when I click on a result link I get redirected to a different site.

I was also seeing a wallpaper highjacked screen telling me that I was infected and needed to download an antivirus program (a fake one). This has stopped occuring since using Spybot.


Please help me clean up this infected PC.

Many thanks.

Byo
Big Yellow Feet
The production company

BC AdBot (Login to Remove)

 


#2 byonic

byonic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:58 PM

Posted 04 February 2010 - 06:58 AM

Update:

Since posting my last message I've been attempting to clean/fix the computer in question.

The rough steps I've followed are-

Running Malwarebytes anti-malware software numerous times
Removing my older version of Spybot and installing the newest version. (1.6.2)
When I ran this program, it found and identified the win32.zbot infection plus some other malware, said it couldn't remove all items as they were currently in use, and asked if it could run as the PC restarted. It did this and reported that it had successfully removed all threats.

Later I ran another Malwarebytes scan, which finished and then the PC performed a shutdown.

On startup, I now get the message
Windows could not start because the following file is missing or corrupt: System32\Drivers\Ntfs.sys

So, searching this and other forums, I have attempted to fix the problem by using the Recovery Console.

I have tried to replace the ntfs.sys file from the installation CD. Result: unsuccessful

I have used CHKDSK /p to inspect and repair the HDD. It found a fault on the drive. I ran CHKDSK /p until it no longer found a fault. (And I am assuming that it fixed the corrupted file(s).) However, on restart the PC displays the same 'Windows could not start...' message.

As I have read (via a forum) that the issue might be RAM related, I am currently running Memtest86+ on the machine- it has completed 4 passes so far and has reported no errors.

I have not yet tried a repair install- this is because I don't have the original install disc for the machine, but I do have the XP (SP2) install disc for another machine. Is it safe to use this disc to do the repair install from?

Is there any other help and advice on my predicament that anyone can give?

Many thanks.
Big Yellow Feet
The production company

#3 byonic

byonic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:58 PM

Posted 18 February 2010 - 10:13 AM

Hello again- I am here to give an update on the situation:

As this topic has received no posted replies with advice I've been preceeding as I have thought best.

I have now performed a repair install of Windows XP, which has allowed me to load windows normally.
I have run Spybot again, and it has discovered the ZBot trojan.

Any tips on how to eradicate successfully?

Thanks.
Big Yellow Feet
The production company




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users