zzb.exe

F

Francisco Diaz

Hello:
I don't know how my computer got infected with a program
called zzb.exe. I noticed a little window each time I went
on line. One day, using control-alt-delete, I tracked it to
zzb.exe program. I have deleted many time but if I use the
internet explorer it will come up. I used spyware removal
software and hasn't work.
I will appreciate any help.
thanks,
Francisco
 
F

Frank Saunders, MS-MVP

What spyware removal tools did you use and did you update them first?
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
M

Mike Burgess

Francisco,
zzb.exe = TrojanDownloader.Win32.Fyn (aka: TROJ_GOLID.A)

Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
 
F

Francisco Diaz

Frank:
I tried it and didn't work. I tried symantec and they
provided me with the removal information and didn't work.
I think that it is embeded in the Internet explorer and can
not be detected if the browser is not running.
In the meantime I will give up on the browser and get
another one, like netscape.
Thank you,
Francisco
 
F

Francisco Diaz

frank
I forgot to mention that I used spybot, spykiller, hijack
this before I tried I upgraded them. Also, my norton
antivirus had the lastest update(03/03/04).
Francisco
 
M

Mike Burgess

Francisco,
Did you post your HijackThis log as suggested?
If so, provide a link to your post and I'll have a look.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--
 
M

Mike Burgess

Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
--
Anyway ..... I see that your post has already been addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
 
G

Guest

Hello Mike:
After reading the message I went and checked the cwshredder
and updated it. I ran it and got the same message that
said that cws.smartsearch.2is trying to close it. I ran
anyway. The report is bellow.
Thanks,
Francisco

I got this repport:
WShredder v1.53.1 scan only report

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system32
AppData folder: C:\Documents and Settings\Francisco
Díaz\Application Data
Username: Francisco Díaz

Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts
(734 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit]
C:\WINDOWS\system32\userinit.exe,
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic]
http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (881 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (134 bytes, A)

- END OF REPORT -
-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
--
Anyway ..... I see that your post has already been addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco
Click to expand...


.
Click to expand...
 
F

Francisco Diaz

Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco

-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
--
Anyway ..... I see that your post has already been addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco
Click to expand...


.
Click to expand...
 
M

Mike Burgess

Francisco,
I replied to your post at SWI:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco

-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
--
Anyway ..... I see that your post has already been addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco
Click to expand...


.
Click to expand...
Click to expand...
 
G

Guest

Mike:
I tried to follow your instructions.
My reply is at SWI.
Thank you,
Francisco
-----Original Message-----
Francisco,
I replied to your post at SWI:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco

-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
Click to expand...
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
Click to expand...
addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
Click to expand...
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco


.
Click to expand...
Click to expand...


.
Click to expand...
 
F

Francisco Diaz

Hello Mike:
I posted my las HT report at SWI.
Thank you,
Francisco
-----Original Message-----
Francisco,
I replied to your post at SWI:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco

-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note the extra 'R') and
a different Registry value. It drops a hosts file that blocks over two dozen
anti-spyware sites. CWShredder has been updated to circumvent this.
</quote>
Click to expand...
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the infected user
from accessing most major anti-spyware programs and sites. They are also
suspected of the recent DDos attacks. Download: CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
Click to expand...
addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
Click to expand...
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco


.
Click to expand...
Click to expand...


.
Click to expand...
 
M

Mike Burgess

Francisco,
http://www.spywareinfo.com/forums/index.php?showtopic=33792&st=0&#entry176785

____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
I posted my las HT report at SWI.
Thank you,
Francisco
-----Original Message-----
Francisco,
I replied to your post at SWI:
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco


-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that
attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the
SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note
the extra 'R') and
a different Registry value. It drops a hosts file that
blocks over two dozen
anti-spyware sites. CWShredder has been updated to
circumvent this.
</quote>
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the
infected user
from accessing most major anti-spyware programs and sites.
They are also
suspected of the recent DDos attacks. Download:
CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
--
Anyway ..... I see that your post has already been addressed.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User]
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans,
with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is
invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:

http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco


.
Click to expand...


.
Click to expand...
Click to expand...
 
F

Francisco Diaz

Hello Mike:
I followed your last suggestions and posted the report.
Here is the link:
http://www.spywareinfo.com/forums/index.php?s=0821d5784b12731ef13c0023d470bf9f&showtopic=33792
Thank you,
Francisco
-----Original Message-----
Francisco,
http://www.spywareinfo.com/forums/index.php?showtopic=33792&st=0&#entry176785

____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Francisco Diaz said:
Hello Mike:
I posted my las HT report at SWI.
Thank you,
Francisco
-----Original Message-----
Francisco,
I replied to your post at SWI:
Click to expand...
http://www.spywareinfo.com/forums/i..._____________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is invalid
--

Hello Mike:
Here is a link to my message posted regarding hijackthis
reports.
Thank you,
Francisco


-----Original Message-----
Francisco,
Are you *sure* you are using the latest version of CWShredder?
<quote>
CWS.Smartsearch.2: A mutation of this variant exists that
attempts to close
CWShredder, HijackThis, Ad-Aware, Spybot S&D and the
SpywareInfo forums when
they are opened. It uses the filename IEXPLORER.EXE (note
the extra 'R') and
a different Registry value. It drops a hosts file that
blocks over two dozen
anti-spyware sites. CWShredder has been updated to
circumvent this.
</quote>
Click to expand...
http://www.spywareinfo.com/~merijn/cwschronicles.html#smartsearch
--
<quote>
One of the newer tricks Coolwebsearch uses is to block the
infected user
from accessing most major anti-spyware programs and sites.
They are also
suspected of the recent DDos attacks. Download:
CWS.SmartKiller from SpyBot
S&D.
http://www.safer-networking.org/minifiles.html
</quote>
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
Click to expand...
Click to expand...
____________________________________________________________
Mike Burgess [MVP Windows Shell\User]
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans,
with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-02-04]
Please post replies to this Newsgroup, email address is
invalid
--

Hello Mike:
I ran CwShredder and it says that cws.smartsearch.2 trojan
prevents it from working.
Here is my hijackthis log. here is the link:
Click to expand...
http://www.spywareinfo.com/forums/index.php?act=ST&f=2&t=33792
thank you,
Francisco


.



.
Click to expand...
Click to expand...


.
[/QUOTE]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Missing Toolbars 4
How to lock history from user 2
conveying my browser version to the McAfee site 1
Deleting shortcuts 1
Internet Explorer Problem 1
IE6 still works, but iexplore.exe is gone from Program Files folde 3
IE6 Locks up when playing games on Yahoo 2
Please Help!!! 4

Top