Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Was this trojan removed properly? Was it a false positive?

  • Please log in to reply
1 reply to this topic

#1 ireallyhateviruses


  • Members
  • 35 posts
  • Local time:12:16 AM

Posted 07 October 2013 - 11:22 PM



I'm using a two month old Samsung laptop with Windows 8. I use Google Chrome 99% of the time with the AdBlock extension. My laptop came with a Norton trial and I installed Malwarebytes the day I bought it. I haven't had any viruses or malware until this past week.


Two days ago, I updated and ran Malwarebytes for the first time since September 26. The quick scan picked up a Zbot trojan (Trojan.PWS.Zbot.AI) in my recycle bin from a file called AudioTest.exe. I do not know where this file came from. I checked my downloads folder and it wasn't in there, nor was it in my Chrome download history.


My laptop has a history of randomly disconnecting from the wifi - this has happened since I bought it - and I recently noticed the mouse cursor would occasionally randomly jerk to the other side of the screen while I was using it. I don't know if those are symptoms of a trojan virus, because the cursor jerk sometimes happens to me if there is a piece of dirt on the laser thing (sorry, don't know the proper word for it). However, I did click on a link that a close friend sent (while we were instant messaging) that was for an online TV show that we were just talking about. I know that this wasn't a hacking attempt because nothing strange has ever happened before or since while IMing with my friend. Anyway, a pop-up appeared right after I clicked on the website, which I thought was strange since I have AdBlock. I closed the pop-up immediately before it could load properly. I closed the website too and did not watch the video. I didn't notice any strange occurrences after that happened. That was on September 27, the day after my last Malwarebytes scan.


Malwarebytes quarantined the trojan and I removed it. I then ran two quick scans, a full scan, and a scan with RogueKiller. The MWB scans came back clean and the RK scan only showed two registry errors. Norton expired two days ago, so I downloaded AVG this evening and ran a scan, which also came back clean.


I was hoping this trojan was just a false positive. It seems too good to be true that a Zbot trojan could be removed in a few minutes. I am worried that there are still traces of it on my computer. I'm willing to do other scans and also a full reformat if I need to (I am really scared of viruses and the possibility of hackers stealing my family's online banking information!).


Thank you in advance.

Edited by ireallyhateviruses, 07 October 2013 - 11:23 PM.

BC AdBot (Login to Remove)


#2 yougotdslapd


  • Members
  • 27 posts
  • Gender:Male
  • Location:Buffalo, NY
  • Local time:01:16 AM

Posted 08 October 2013 - 12:53 AM

In my unprofessional opinion, free AV's are...well, you get what you pay for. It's free for a reason. Nod32 is my personal favorite.

Anyways, I would believe that the Trojan, if it was a Trojan, is gone. A Zbot would not cause your mouse to move to somewhere you didn't move it to. That is not its function.

If you are concerned about it still remaining, back up your important documents and photos into a flash drive, reset windows to it's factory default, then migrate your files back onto the PC and invest in a reliable antivirus!

University at Buffalo - Computer Science Major

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users