Posted 04 March 2010 - 01:47 PM
Here is my tale. To start off, this is my computer at work. Running Windows XP SP2. I have an administrator account for the computer, but not for the network.
So a few weeks ago Firefox tells me to update. So I update to version 3.6. After the update I notice a few weird things happening. Sometimes a new tab will open without me having clicked on something and go to a random website, usually what looks like an obscure search site related to what I am already looking at or have searched in the past. Sometimes (and especially in Internet Explorer) a click on a search result in Google will bring me to something that is not what I clicked on. I also received a couple of emails of the Nigerian bank variety, and I don't usually get emails like that.
So I decide to run a virus scan. My work has Symantec endpoint protection. Symantec comes up with three instances of a Zbot trojan and a tacking cookie. The Zbots are quarantined, and the cookie deleted. I am not satisfied with quarantine, so I have the computer guy delete the quarantined files manually.
After this the problem persists. There is also an instance where the windows clock is wrong, which makes me late for a meeting because I didn't get the reminder from outlook. I am also getting notices in pop ups that my computer is infected. This time, I decide to consult Dr. Google to fix the problem. I find a file named sdra64.exe which Google search tells me is a bad file associated with the Zbot Trojan. So the way to delete this file is to go into the registry and delete part of the Winlogon userinit entry after stopping some processes and saving the change right before a reboot (caused by stopping processes, windows will reboot after 60 seconds, etc). After doing this, the registry doesn't change itself back, and I am able to delete the sdra64 file. I did forget to rename the file before I deleted it, which my instructions told me to do. But it seems to be gone now, and the registry hasn't changed back. However, the same problems persist.
So I start to get more desperate. Google searches suggest to me that a few programs may be able to solve my problem. Below are the results of each program I tried.
Avast - found a few things and deleted them. I have Unistalled the program.
Malware Bytes - found a lot of things and deleted them, including a lowsec folder supposed to be associated with the Zbot. Also deleted a file in one of the programs I need. I had to copy the file from a co-worker and replace it to get the program to work. I Unistalled the program. I re-installed it and am now running a new scan, which so far, shows no infections.
SuperAntiSpyware - found a lot of things and deleted them. I have Unistalled the program.
HijackThis - gave me a report I did not understand. I have Unistalled the program.
RootKit Revealer - gave me a report I did not understand. . I have Unistalled the program.
Spyware Doctor - reports 11 infections of Zbot, 24 tracking cookies, 4 spywere.known_bad_sites, and 13 adware infections. Have to buy Spyware Doctor for it to do anything about it, which I haven't done.
I also uninstalled and re-installed firefox. I also downloaded the add-in Web of Trust (WOT) for firefox.
After all this the problem persists. Now that I have WOT it tells me that the sites that pop up in new tabs are bad sites. Firefox takes a long time to load up and crashes pretty frequently. I also get a lot of unresponsive script warnings. Also the computer is running very sluggishly now. I am afraid that my installing of all these programs may have done some harm and has probably left my registry a mess.
So… Is there anything I can do other than telling my boss I fried my computer?