Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VZ.exe infection


  • Please log in to reply
14 replies to this topic

#1 scorpi0

scorpi0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 22 November 2010 - 01:16 PM

Hi All,

My computer has recently been infected with the virus/malware vz.exe which I see is running in the Task Manager. A security window pops up each time and it keeps telling me that my system is infected. If I kill the vz.exe process, it goes off.

I tried installing malwarebytes, but the exe is not running.

What do I do now?

Edited by Budapest, 22 November 2010 - 04:20 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 noswald

noswald

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 22 November 2010 - 04:46 PM

I was able to get Malwarebytes running by killing the vz.exe process and explorer and then launching the install executable from a command prompt. The computer is still running a scan, so I don't know if Malwarebytes will get rid of this infection.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 22 November 2010 - 04:51 PM

Please post the complete results of your MBAM scan for review when done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 scorpi0

scorpi0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 22 November 2010 - 07:02 PM

I located the file vz.exe and deleted it. Moreover, I removed the entries that it had made in the registry.
After this I was not able to open any exe file and an error popped saying the file was not associated, so
I ran a fix for the registry. All .exe are working fine now and I'm not getting the malware error.

Is there anything more to be done? How do I make sure the malware got removed completely?


The registry fix is below.(I'm running Vista, but still this worked)


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 22 November 2010 - 09:16 PM

Is there anything more to be done? How do I make sure the malware got removed completely?

Please post the complete results of your MBAM scan for review.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 scorpi0

scorpi0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 22 November 2010 - 09:41 PM

Please find the results of the MBAM scan below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22-Nov-10 6:56:18 PM
mbam-log-2010-11-22 (18-50-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 455267
Time elapsed: 4 hour(s), 0 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\xxxx\AppData\Local\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\m.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 22 November 2010 - 10:06 PM

Your Malwarebytes Anti-Malware log indicates you are using an outdated database version.
The database shows 4052. Last I checked it was 5172.

Please update it through the program's interface (preferable method) or manually download the latest database definitions from one of the following locations and just double-click on mbam-rules.exe to install:
Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Edited by quietman7, 22 November 2010 - 10:09 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 scorpi0

scorpi0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 22 November 2010 - 11:06 PM

Please find the results of the Quick scan below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5173

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22-Nov-10 10:01:39 PM
mbam-log-2010-11-22 (22-01-39).txt

Scan type: Quick scan
Objects scanned: 163033
Time elapsed: 13 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 23 November 2010 - 06:58 AM

That looks better. Now continue with the Norman Malware Cleaner scan and post those results.

Also let me know how your computer is running and if there are any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 CMetzger

CMetzger

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 November 2010 - 11:36 AM

My Windows XP computer has also been infected with VZ.exe. I've deleted the file, run Malware's Anti-malware twice which found a number of infected files and deleted them. I don't appear to be getting the security breach pop-ups from the virus but now I can't run executables. Does anyone have any suggestions for what I need to do next?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 23 November 2010 - 11:40 AM

Welcome to BC CMetzger

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 CMetzger

CMetzger

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 November 2010 - 11:49 AM

OK. My apologies.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 23 November 2010 - 12:51 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 scorpi0

scorpi0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 25 November 2010 - 12:41 PM

I have downloaded Norman and am scanning again. Shall keep you posted.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 AM

Posted 25 November 2010 - 04:08 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users