using AVAST : Trojan malware found Trojan , how to clean?

[Loveembirds]

Hello all,

Just ran my virus sweep and also use spysweeper here.
Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System
Volume Information\restore and C:\documents and setting\myname\desktop
XPAinstall .

There's
more info. per those two places but I don't know how to hijack this-or
whatever-to leave it all here.
Just wondering if someone can lead me to a good source ( thats free) to help
clean this stuff totally off my computer. As of now, I only had the option
-per avast- to put it in the virus chest , should I leave them there ,
delete them or what ?

Thanks if you can help !

 

[Muzafar Ganie]

Hi,

Run the scan from safety.live.com and thet will take care of the issue

Muzafar

 

[nass]

Hello all,

Just ran my virus sweep and also use spysweeper here.
Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System
Volume Information\restore and C:\documents and setting\myname\desktop
XPAinstall .

There's
more info. per those two places but I don't know how to hijack this-or
whatever-to leave it all here.
Just wondering if someone can lead me to a good source ( thats free) to help
clean this stuff totally off my computer. As of now, I only had the option
-per avast- to put it in the virus chest , should I leave them there ,
delete them or what ?

Thanks if you can help !

Clear the Restore Points as they seems to be infected by the trojans!
Do this:
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and check this box:
[ ] Turn off System Restore on all drives

Click [Apply] then click [OK] try to access some programs on your machine
then do the stpes again to access the System Restore to create a new clean
restore Point and this time Uncheck the check box [ ].
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and Uncheck this box:
[ ] Turn off System Restore on all drives

Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Scan for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Download this tool to clean your Temp and other unwanted orphans reside on
your HDD:
http://www.ccleaner.com


HTH.
nass

 

[David H. Lipman]

From: "Loveembirds" <[email protected]>

| Hello all,

| Just ran my virus sweep and also use spysweeper here.
| Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System
| Volume Information\restore and C:\documents and setting\myname\desktop
| XPAinstall .

| There's
| more info. per those two places but I don't know how to hijack this-or
| whatever-to leave it all here.
| Just wondering if someone can lead me to a good source ( thats free) to help
| clean this stuff totally off my computer. As of now, I only had the option
| -per avast- to put it in the virus chest , should I leave them there ,
| delete them or what ?

| Thanks if you can help !


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[PA Bear [MS MVP]]

Avast Support Forum
http://forum.avast.com/

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

 

[Loveembirds]

Oh wow, thanks guys for all your help !
So far though I can only follow Nass' directions and feel somewhat
comfortable doing those myself, I am computer challenged !
I Know nothing about " Hijack this, that or the other procedures. I may
have to take this machine into someone but wanted to ask Nass a couple more
questions, anyone else feel free to add your comments.

Per my add ons : I checked those, all were enabled so am I to assume I'm
safe there?
I do clear my cookies and temp. files all the time but do so via whatever
web page I'm on at the time via tools then internet options, have since
done it via the general tab in the internet options via the control panel.

Nass, Per the system restore instructions , will doing that leave me with
only one restore point after I do all that, can I be assured that one will be
safe after perofrming that task ? Of course I understand I need to run the
onecarelive malware scan also and may do that first to see if I do indeed
have this problem and it's not a " false positive"?!
I will check back in here later, am using this infected machine and am a
bit antsy in doing so to be honest with you, yikes !

Hello all,

Just ran my virus sweep and also use spysweeper here.
Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System
Volume Information\restore and C:\documents and setting\myname\desktop
XPAinstall .

There's
more info. per those two places but I don't know how to hijack this-or
whatever-to leave it all here.
Just wondering if someone can lead me to a good source ( thats free) to help
clean this stuff totally off my computer. As of now, I only had the option
-per avast- to put it in the virus chest , should I leave them there ,
delete them or what ?

Thanks if you can help !

Clear the Restore Points as they seems to be infected by the trojans!
Do this:
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and check this box:
[ ] Turn off System Restore on all drives

Click [Apply] then click [OK] try to access some programs on your machine
then do the stpes again to access the System Restore to create a new clean
restore Point and this time Uncheck the check box [ ].
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and Uncheck this box:
[ ] Turn off System Restore on all drives

Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Scan for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Download this tool to clean your Temp and other unwanted orphans reside on
your HDD:
http://www.ccleaner.com


HTH.
nass

 

[Loveembirds]

Nass,

Do I perform a "full service scan" at onecare and if I do the cc cleaner,
will I be safe messing around with a registry cleaner since I know nothing
about that?

Hello all,

Just ran my virus sweep and also use spysweeper here.
Avast found Win 32 : Zbot-ALY [trj] in two places it seems : C: System
Volume Information\restore and C:\documents and setting\myname\desktop
XPAinstall .

There's
more info. per those two places but I don't know how to hijack this-or
whatever-to leave it all here.
Just wondering if someone can lead me to a good source ( thats free) to help
clean this stuff totally off my computer. As of now, I only had the option
-per avast- to put it in the virus chest , should I leave them there ,
delete them or what ?

Thanks if you can help !

Clear the Restore Points as they seems to be infected by the trojans!
Do this:
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and check this box:
[ ] Turn off System Restore on all drives

Click [Apply] then click [OK] try to access some programs on your machine
then do the stpes again to access the System Restore to create a new clean
restore Point and this time Uncheck the check box [ ].
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and Uncheck this box:
[ ] Turn off System Restore on all drives

Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Scan for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Download this tool to clean your Temp and other unwanted orphans reside on
your HDD:
http://www.ccleaner.com


HTH.
nass

 

[nass]

Oh wow, thanks guys for all your help !
So far though I can only follow Nass' directions and feel somewhat
comfortable doing those myself, I am computer challenged !
I Know nothing about " Hijack this, that or the other procedures. I may
have to take this machine into someone but wanted to ask Nass a couple more
questions, anyone else feel free to add your comments.

Per my add ons : I checked those, all were enabled so am I to assume I'm
safe there?
I do clear my cookies and temp. files all the time but do so via whatever
web page I'm on at the time via tools then internet options, have since
done it via the general tab in the internet options via the control panel.

Nass, Per the system restore instructions , will doing that leave me with
only one restore point after I do all that, can I be assured that one will be
safe after perofrming that task ? Of course I understand I need to run the
onecarelive malware scan also and may do that first to see if I do indeed
have this problem and it's not a " false positive"?!
I will check back in here later, am using this infected machine and am a
bit antsy in doing so to be honest with you, yikes !

Hi,

For the Add-ons issue try to Disbale the Non-verified Add-ons per the MS
Article then Renable them one at a time and see if your browser behavior will
change or act funt, it may be the virus hooked a plug-ins on your browser
that direct you or track your Browsing the internet!
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
http://blogs.msdn.com/ie/archive/2006/07/25/678113.asp
http://windowshelp.microsoft.com/Windows/en-US/help/e85a03aa-c7c6-428e-9891-67ea76df9b7e1033.mspx

For the Restore Point yes please clear the Infested Restore point and create
clean one per the instruction provided in my previous post.

Onecare yes peform a full scan on your system and also scan with
Superantispyware.

The ccleaner, use the registry option and it will prompt you to save a
backup, please do so and save a copy on your Desktop and run the registry and
remove any orphans or unwanted Registry Keys may detected by ccleaner.
Reboot after that and see if your Applications work okay...if all is well
you can delete the backup for ccleaner from your Desktop.
HTH.
nass