Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse generic 20.zyl ?


  • This topic is locked This topic is locked
6 replies to this topic

#1 tomm1

tomm1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 04 December 2010 - 10:11 PM

Hello,
This is my first post as I have just joined. I was searching on solutions for a trojan horse virus and ended up here....

I am using AVG free and it notified me of a threat yesterday. It says - Trojan horse Generic20.ZYL
File name C:\Program Files (x86)\HP\Digital Imaging\esupport\hpzscr01.exe
I have downloaded dds and created a log....Attached File  DDS.txt   17.63KB   10 downloadsAttached File  Attach.txt   6.77KB   4 downloads

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:30 PM

Posted 11 December 2010 - 07:47 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 tomm1

tomm1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 December 2010 - 01:21 PM

Thanks for the response Elle,
I have since spoke with a friend about the issue with the trojan horse generic 20.zyl and this person told me to just remove it as a "power user". I then ran avg and malware bytes and neither showed any sign of the trojan. I guess this is a good thing becuase my machine is running normally, but still wondering if it could be hiding in there somewhere...
When I scanned with AVG and noticed 3 infections seperate from the original issue...... Virus found Win32/NSAnti
C:\Users\Thomas\AppData\Local\Temp\SP43710.exe
C:\Users\Thomas\AppData\Local\Temp\SP43710.exe:\\Data1.cab
C:\Users\Thomas\AppData\Local\Temp\SP43710.exe:\\Data1.cab:\_F36AF78C27D94D03A041E56DD1773787

This Win32 is an older issue and didnt seem to cause a problem so I ignored it. Would you suggest I clear this up? I can start a new thread if you think that would be better.
Again - Thank you, TomAttached File  DDS.txt   14.7KB   4 downloadsAttached File  Attach.txt   6.82KB   2 downloads

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 13 December 2010 - 06:51 PM

Hello. I'll be helping you :) .

I am using AVG free and it notified me of a threat yesterday. It says - Trojan horse Generic20.ZYL
File name C:\Program Files (x86)\HP\Digital Imaging\esupport\hpzscr01.exe

This is a legit program, yet it is being flagged as infected. Though unlikely, this may mean you have a file infection on board. Let's check for this using an online scan.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista or higher, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select Critical Areas.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


With Regards,
The Panda

Edited by PropagandaPanda, 13 December 2010 - 06:51 PM.
typo


#5 tomm1

tomm1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 15 December 2010 - 08:51 PM

I cant seem to get the Kapersky scanner to work. I didnt have a choice to run Explorer "As administrator" on my desktop, I had to go in - All Programs

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 15 December 2010 - 09:07 PM

Hello.

Let's try ESET then.

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 30 December 2010 - 07:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users