Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scan identified Win32:Zbot-MHS[Trj]


  • Please log in to reply
7 replies to this topic

#1 Tinwoodsman

Tinwoodsman

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 14 May 2010 - 11:31 PM

My Avast virus scan identified Win32:Zbot-MHS[Trj] during my latest scan. I tried to move it to the Virus Chest as recommended but the scan log indicates an error occured when trying to move it to the chest. What is the best way to remove this threat?

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:22 PM

Posted 14 May 2010 - 11:50 PM

Hi,
I can't exactly tell you what is the matter because I do not use Avast, but I can tel you what it reminds me of. It reminds me of what happened to a friend of mine from Connecticut. He told me that he had this ridiculous virus (Win32/Cryptor), and that it wouldn't go away. Well I told my other friend about it, and the guy never thought of secondary scanners, that's for sure. So he left my friend from Connecticut hopeless. First and foremost, that is not what is going to happen to you, and secondly my point is, have you tried any secondary scanners (Eset online scanner, Malwarebytes Anti-malware, Super antispyware)? Those do wonders for a computer, and often, they are just what one needs when they get stubborn Trojans like this (though I am not very familiar with Avast's naming conventions). Try those and see if they work for you. Otherwise, let me or someone who may see this before I return know.

Regards,
Your Tech Geek Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 Tinwoodsman

Tinwoodsman
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 May 2010 - 08:12 AM

Thanks for the input. I ran SpyBot, AntiMalwarebytes, Windows Live Care Scanner and Avast. Avast is the only program that identifies the threat.

#4 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:06:22 PM

Posted 15 May 2010 - 08:41 AM

I agree with chromebuster and suggest using Malwarebytes and SuperAntiSpware to check your system.

Malwarebytes:

http://www.malwarebytes.org/mbam.php

SuperAntiSpyware:

http://www.superantispyware.com/download.html

Avast "Action to take"
Repair, Move to Chest, Delete, Do Nothing.
The recommended action is "Move to Chest".

Have you tried deleting.

The above programs may deal with the problem, without you having to choose an Avast option.

Edited by petewills , 15 May 2010 - 08:45 AM.


#5 Tinwoodsman

Tinwoodsman
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 May 2010 - 10:10 AM

I did the Malwarebytes and the Antispyware with no success in identifying the threat. As far as Avast is concerned, it identifies the threat as "Win32:Zbot-MHS[Trj] and the location as being in "Local Settings". There it labels it as "3YMH6JJY.exe" Using Avast I tried to move it to the Chest but it indicates a error occurs when trying to do this. Same is true when I try to delete it.

#6 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:06:22 PM

Posted 15 May 2010 - 10:26 AM

Would you like to have a look at this topic about possible false positives.

http://www.bleepingcomputer.com/forums/t/291754/avast-false-positives/

I would just delete the file with something like Unlocker, which gets rid of stubborn files,
but then I'm not bothered about reinstalling etc, as I maintain full backups.

#7 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:22 PM

Posted 15 May 2010 - 08:21 PM

I hardly find that odd now that you told me what happened today. It could be a false positive on avast, but just to make sure, you should run eset online scanner at www.eset.com/onlinescan, and see if that detects the threat. If so, you can probably be concerned, but if not, take the file itself that avast is saying is infected, and upload it to virus total, and then see what is said by multiple scanners. FP's do occur sometimes.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#8 Tinwoodsman

Tinwoodsman
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 May 2010 - 09:14 PM

Well, it seems like the problem is resolved. After running every virus and malware program I had, all came back negative except Avast. I was able to determine the the virus was located in my .pst folder and in a backup folder I had made in preparation for upgrading my MS Office.

I deleted the backup folder and then ran Avast again which identified the virus but this time let me move it to the virus chest. From there I was able to delete it. Being in duplicate folders must have generated a condition Avast could not deal with therefore the error when I tried to quarantine it. Once the duplication was eliminated, Avast could do its thing.

Thanks for the inputs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users