Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/Spy.Zbot.ABC


  • Please log in to reply
5 replies to this topic

#1 errroneous

errroneous

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 22 December 2013 - 06:07 PM

My wife's computer recently was causing files in a thumb drive to disappear (I put files on it with my pc, plug the drive into her laptop and files where hidden) and while I got the files to reappear, nod32 keeps quarantining a file named eqalexe.exe in a subdirectory of the roaming folder it says is infected with Win32/Spy.Zbot.ABC trojan.  After scanning with both Nod and Malwarebytes, they show no infection?  Even ran Malwarebytes in safe mode now and it showed nothing.

 

Does anyone know of another way to get to the bottom of this?    Many thanks.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:57 AM

Posted 22 December 2013 - 07:16 PM

Hello erroneous -

There are a few minor versions of this infection, but ESET generally removes it.

 

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.
4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Next -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

 

Thank You -



#3 errroneous

errroneous
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 22 December 2013 - 10:49 PM

Thank you for the detailed response, noknojon.  Scanning now... will report back my results tomorrow.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:57 AM

Posted 23 December 2013 - 02:50 AM

No Problems -

 

Whenever you get a chance -



#5 errroneous

errroneous
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 December 2013 - 09:47 AM

OK, finished!  Excellent instructions by noknojon... many thanks!  I've often searched these forums for help with various issues but never had the ned to post since most answers were pretty easy to find, but for this one... thank Heavens for noknojon!

My best guess is that the recent appearance of the "Ask.com" toolbar had something to do with the infection.  I ran the Eset online scanner per noknojon's instructions.  The first run through I got a BSOD.  Darned thing cycled away too quick for me to read which file was causing the problem.  On the second attempt I had success, even if it ran over night.  Eset removed 3 infected files:

 

...User/Appdata/Local/Temp/AskLib.dll a variant of Win32/Bundled.Toolbar.Ask application - deleted

The other two files where Foxit Pdf reader install files which had been the same infection as above.  Not sure if Foxit got corrupted or if it was downloaded from an unreliable source.

 

Anyway, after letting Eset do it's thing I ran TFC and it cleaned 36,000+ files... the pc is all quick and snappy again.  I'm thinking of doing the same procedure on my machine as the real trouble began when I used a thumb drive to move files from my machine to hers... my wife later told me that there was a virus going around her college but that it was fixed now.  The thumb drive was the one she used for school and she told me after the fact... naturally :-\

 

Again, many thanks noknojon!  Merry Christmas or Happy Hanukkah or whatever you choose to celebrate!  Couldn't have done it without your help.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:57 AM

Posted 23 December 2013 - 05:45 PM

Hi -

The topic will not be moved, so if you need to repeat this, it will be here.

 

This is always good for removal of smaller problems ......

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

 

This program will reboot your system once it completes -

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

No need to post the logs unless you have a problem

 

Safe Surfing (beware of those Add-Ons) -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users