Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP informed me that I had a possible zbot infection


  • Please log in to reply
1 reply to this topic

#1 dcvc200

dcvc200

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 January 2017 - 11:54 PM

Hello,

 

Around 2 days ago I received an email from Cox notifying me that the laptops on my network may have been infected by a Zeus zbot. I have two laptops on this network.  

 

One laptop came back clean from Avast, MBAM, Microsoft Safety Scanner, Symantec Zbot Removal tool, Emsisoft Emergency Kit, ESET Online Scanner, Kaspersky Virus Removal Tool.  Some cookies found by SuperAntiSpyware however.

 

The second came back clean from Avast, MBAM, Microsoft Safety Scanner, Symantec Zbot Removal, but Emsisoft detected 10 items

 

Here is the log for Emsisoft for the second laptop

 

Emsisoft Emergency Kit - Version 12.0
Last update: 2017-01-23 10:41:00
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 2017-01-23 오후 11:09:21
C:\Users\Hyun\AppData\LocalLow\HPAppData detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\YAHOOPARTNERTOOLBAR detected: Application.Win32.YTool (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A) []
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} detected: Application.AdInstall (A) []
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02478D38-C3F9-4EFB-9B51-7695ECA05670} detected: Application.AdInstall (A) []
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EF99BD32-C1FB-11D2-892F-0090271D4F88} detected: Application.AdInstall (A) []
 
Scanned 136898
Found 10
 
Scan end: 2017-01-23 오후 11:27:21
Scan time: 0:18:00
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Application.AdInstall (A)
Key: HKEY_USERS\S-1-5-21-4140936485-3910622445-3063334193-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Application.Win32.YTool (A)
C:\Users\Hyun\AppData\LocalLow\HPAppData Application.AdInstall (A)
 
Quarantined 10
 
 
 
Mike

 

 

 



BC AdBot (Login to Remove)

 


#2 dcvc200

dcvc200
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 January 2017 - 11:58 PM

I forgot to ask my question, please forgive me, I am a little frazzled.

 

Does the Emsisoft log show anything that might be a zbot?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users