Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32 ZBOT.E

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Win32 ZBOT.E

Unread postby askey127 » December 29th, 2010, 8:34 am

Basacag,
Good work.
------------------------------------------------
Reset System Restore Points
  • Click Start, All Programs, Accessories, System Tools, System Restore
  • Click Create A Restore Point then click Next. Give it a name and then click Create, then Close.
  • Click Start, Run and type Cleanmgr
  • Select the Windows drive (usually C:), then click OK.
  • After it scans, Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more. Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Win32 ZBOT.E

Unread postby Basacag » December 29th, 2010, 6:57 pm

Hi askey127

That took a while...

Avira AntiVir Personal
Report file date: Wednesday, December 29, 2010 16:28

Scanning for 2308318 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : UPSTAIRS

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 08:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 08:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 16:24:25
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 16:24:26
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 16:24:26
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 16:24:26
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 16:24:26
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 16:24:26
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 16:24:27
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 16:24:27
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 16:24:29
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 16:24:29
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 16:24:29
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 16:24:29
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 16:24:30
VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 16:24:31
VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 16:24:33
VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 16:24:34
VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 16:24:36
VBASE018.VDF : 7.11.0.186 2048 Bytes 27/12/2010 16:24:36
VBASE019.VDF : 7.11.0.187 2048 Bytes 27/12/2010 16:24:36
VBASE020.VDF : 7.11.0.188 2048 Bytes 27/12/2010 16:24:37
VBASE021.VDF : 7.11.0.189 2048 Bytes 27/12/2010 16:24:37
VBASE022.VDF : 7.11.0.190 2048 Bytes 27/12/2010 16:24:37
VBASE023.VDF : 7.11.0.191 2048 Bytes 27/12/2010 16:24:37
VBASE024.VDF : 7.11.0.192 2048 Bytes 27/12/2010 16:24:37
VBASE025.VDF : 7.11.0.193 2048 Bytes 27/12/2010 16:24:38
VBASE026.VDF : 7.11.0.194 2048 Bytes 27/12/2010 16:24:38
VBASE027.VDF : 7.11.0.195 2048 Bytes 27/12/2010 16:24:38
VBASE028.VDF : 7.11.0.196 2048 Bytes 27/12/2010 16:24:38
VBASE029.VDF : 7.11.0.197 2048 Bytes 27/12/2010 16:24:38
VBASE030.VDF : 7.11.0.198 2048 Bytes 27/12/2010 16:24:38
VBASE031.VDF : 7.11.0.216 82432 Bytes 29/12/2010 16:24:39
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 13/12/2010 08:39:51
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 13/12/2010 08:39:51
AESCN.DLL : 8.1.7.2 127349 Bytes 13/12/2010 08:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 13/12/2010 08:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 13/12/2010 08:39:50
AEPACK.DLL : 8.2.4.5 512375 Bytes 29/12/2010 16:24:54
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 13/12/2010 08:39:49
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 29/12/2010 16:24:53
AEHELP.DLL : 8.1.16.0 246136 Bytes 13/12/2010 08:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 13/12/2010 08:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 13/12/2010 08:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 13/12/2010 08:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 13/12/2010 08:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 08:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 08:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 08:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 08:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 08:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 08:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 08:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, December 29, 2010 16:28

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-839522115-413027322-682003330-1004\Software\Microsoft\Protected Storage System Provider\S-1-5-21-839522115-413027322-682003330-1004\Data\14d96c20-255b-11d1-898f-00c04fb6bfc4
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-839522115-413027322-682003330-1004\Software\Microsoft\Protected Storage System Provider\S-1-5-21-839522115-413027322-682003330-1004\Data\220d5cc1-853a-11d0-84bc-00c04fd43f8f
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-839522115-413027322-682003330-1004\Software\Microsoft\Protected Storage System Provider\S-1-5-21-839522115-413027322-682003330-1004\Data\220d5cd0-853a-11d0-84bc-00c04fd43f8f
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-839522115-413027322-682003330-1004\Software\Microsoft\Protected Storage System Provider\S-1-5-21-839522115-413027322-682003330-1004\Data\5e7e8100-9138-11d1-945a-00c04fc308ff
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'vssvc.exe' - '38' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'iexplore.exe' - '138' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'LVComSer.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '100' Module(s) have been scanned
Scan process 'ctfmon.exe' - '30' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'QTTask.exe' - '18' Module(s) have been scanned
Scan process 'realsched.exe' - '29' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '32' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '26' Module(s) have been scanned
Scan process 'E_FATI9HE.EXE' - '18' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '107' Module(s) have been scanned
Scan process 'UAService7.exe' - '6' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'SeaPort.exe' - '45' Module(s) have been scanned
Scan process 'NMSAccess.exe' - '14' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '24' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '17' Module(s) have been scanned
Scan process 'LVComSer.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'SDMCP.exe' - '17' Module(s) have been scanned
Scan process 'schedul2.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '143' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '40' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1481' files ).


Starting the file scan:

Begin scan in 'C:\' <New HD>
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar\en-us\newext.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\All Users\Documents\Server\hlp.dat
[DETECTION] Is the TR/Bamital.dam Trojan
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\0\6fb283c0-7c13a04e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.CVE-2009-3867.8861 exploit
--> dev/s/AdgredY.class
[DETECTION] Contains recognition pattern of the EXP/Java.CVE-2009-3867.8861 exploit
--> dev/s/DyesyasZ.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.BA Java virus
--> dev/s/LoaderX.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AB Java virus
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6ae71b07
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.KM exploit
--> ________vload.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.KM exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.ND exploit
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\25\3ad8b099-4a094cb0
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-2a3c94c8
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.GC exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.GC exploit
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\53\42441975-5851ee63
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
C:\Documents and Settings\Ian Hayward\Desktop\msnVirusRemoval.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the BAT/Robobot.AE batch virus
--> msnVirusRemoval/Run.bat
[DETECTION] Contains recognition pattern of the BAT/Robobot.AE batch virus
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\setupdavid2291.exe
[DETECTION] Contains recognition pattern of the DR/180Solutions.A.21 dropper
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\WinFixer\WinFixer2006Setup.exe
[0] Archive type: RSRC
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
--> Object
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
C:\Documents and Settings\Ian Hayward\My Documents\My Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\Ian Hayward\My Documents\My Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\tmp\x64.exe
[DETECTION] Is the TR/Obfuscated.60928KH Trojan
C:\Program Files\win\x32.exe
[DETECTION] Is the TR/PSW.Zbot.1271 Trojan
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\weather_error.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Adla\tyyr.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ahovax\duhua.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Bozau\huhu.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Dyoh\cuyqe.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ipysg\azbeg.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ofuq\givua.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Okug\wemuk.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Uxyko\erxe.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Start Menu\Programs\Startup\logtec32.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Owatup\olviu.exe.vir
[DETECTION] Is the TR/PSW.Zbot.1271 Trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft\watermark.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft\_WaterMark_.exe.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Ramnit.A.23 Trojan
--> watermark.exe
[DETECTION] Is the TR/Ramnit.A.23 Trojan
--> watermark.exe.1
[DETECTION] Is the TR/Ramnit.A.23 Trojan
--> watermark.exe.2
[DETECTION] Is the TR/Ramnit.A.23 Trojan
--> WaterMark.exe.3
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
[DETECTION] Is the TR/Spy.1033728.15 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\ExplorerSrv.exe.vir
[DETECTION] Is the TR/Ramnit.A.23 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir
[DETECTION] Is the TR/Spy.507904.67 Trojan
Begin scan in 'D:\' <Seagate>
D:\Program Files\eBay\Turbo Lister2\Update\temp.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Program Files\LimeWire\Saved\you are ythe music in me .wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.Z Trojan

Beginning disinfection:
D:\Program Files\LimeWire\Saved\you are ythe music in me .wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.Z Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e98188b.qua'.
D:\Program Files\eBay\Turbo Lister2\Update\temp.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '56173722.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir
[DETECTION] Is the TR/Spy.507904.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '04496dcf.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\ExplorerSrv.exe.vir
[DETECTION] Is the TR/Ramnit.A.23 Trojan
[NOTE] The file was moved to the quarantine directory under the name '627c223c.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
[DETECTION] Is the TR/Spy.1033728.15 Trojan
[NOTE] The file was moved to the quarantine directory under the name '27f80f02.qua'.
C:\Qoobox\Quarantine\C\Program Files\Microsoft\_WaterMark_.exe.zip
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '58143d40.qua'.
C:\Qoobox\Quarantine\C\Program Files\Microsoft\watermark.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '145f1100.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Owatup\olviu.exe.vir
[DETECTION] Is the TR/PSW.Zbot.1271 Trojan
[NOTE] The file was moved to the quarantine directory under the name '68595145.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Start Menu\Programs\Startup\logtec32.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '45107e0f.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Uxyko\erxe.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c6945a8.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Okug\wemuk.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '302e69ab.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ofuq\givua.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '418e503a.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ipysg\azbeg.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f7860c2.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Dyoh\cuyqe.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ab8198b.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Bozau\huhu.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '03a41d20.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ahovax\duhua.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5be50449.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Adla\tyyr.exe.vir
[DETECTION] Is the TR/PSW.Zbot.153600.Y.22 Trojan
[NOTE] The file was moved to the quarantine directory under the name '77067d81.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\weather_error.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '49101d6f.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '2a1f361f.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '0cd77630.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '3e430d94.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '340626ed.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '0b5542a8.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '75794e8f.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '20014a44.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '2d643b6c.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '31c92f53.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '001a629d.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '6c4c76ab.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '25d55398.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '7e475c84.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '18f5506c.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '4f7b22cc.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '6d0b75b1.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '051b0f24.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '256d0bae.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '70494d19.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '11696ca1.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '74c52e22.qua'.
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '11125a80.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '02f061df.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '10bd1d52.qua'.
C:\Program Files\win\x32.exe
[DETECTION] Is the TR/PSW.Zbot.1271 Trojan
[NOTE] The file was moved to the quarantine directory under the name '07287912.qua'.
C:\Program Files\tmp\x64.exe
[DETECTION] Is the TR/Obfuscated.60928KH Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d084b8d.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '78363655.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '0c992e16.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\WinFixer\WinFixer2006Setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
[NOTE] The file was moved to the quarantine directory under the name '2e9a7c91.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\setupdavid2291.exe
[DETECTION] Contains recognition pattern of the DR/180Solutions.A.21 dropper
[NOTE] The file was moved to the quarantine directory under the name '5b0f048c.qua'.
C:\Documents and Settings\Ian Hayward\Desktop\msnVirusRemoval.zip
[DETECTION] Contains recognition pattern of the BAT/Robobot.AE batch virus
[NOTE] The file was moved to the quarantine directory under the name '705e58be.qua'.
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\53\42441975-5851ee63
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
[NOTE] The file was moved to the quarantine directory under the name '17ff17ce.qua'.
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-2a3c94c8
[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.GC exploit
[NOTE] The file was moved to the quarantine directory under the name '5c412925.qua'.
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\25\3ad8b099-4a094cb0
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '5c412378.qua'.
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6ae71b07
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.ND exploit
[NOTE] The file was moved to the quarantine directory under the name '16ee7667.qua'.
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\0\6fb283c0-7c13a04e
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AB Java virus
[NOTE] The file was moved to the quarantine directory under the name '78c559ad.qua'.
C:\Documents and Settings\All Users\Documents\Server\hlp.dat
[DETECTION] Is the TR/Bamital.dam Trojan
[NOTE] The file was moved to the quarantine directory under the name '351307e7.qua'.
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar\en-us\newext.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5d2e20e7.qua'.


End of the scan: Wednesday, December 29, 2010 22:52
Used time: 3:29:49 Hour(s)

The scan has been done completely.

20439 Scanned directories
739217 Files were scanned
62 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
56 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
739155 Files not concerned
4901 Archives were scanned
0 Warnings
56 Notes
1082200 Objects were scanned with rootkit scan
4 Hidden objects were found
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Win32 ZBOT.E

Unread postby askey127 » December 29th, 2010, 8:46 pm

So much for the wonders of AVG.
How's it running?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win32 ZBOT.E

Unread postby Basacag » December 29th, 2010, 9:18 pm

It is loading and responding noticably faster now, which I guess must be a function of not having so many rogue processes running in the background.

The PC has been running 'OK' despite its issues for a few weeks, it seems AVG dealt with what it could find by trashing all the library files.

So I try to run Photoshop Elements and get iaccore.dll not found. I try to reinstall and it asks for disk 1 I only have 1 disk and its not the one it wants...(or it did, I cant find the box to try it now the PC is clean.)

I guess my task now is to reload my various apps.

Thanks very much for your help with this, I should have found this site a while ago I suppose. It would have saved me some grief.

Thanks again.

Ian
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Win32 ZBOT.E

Unread postby askey127 » December 30th, 2010, 7:07 am

Basacag,
First, I would suggest that you look at this page. It delineates the analysis for correcting that issue.
http://pcsupport.about.com/od/findbyerrormessage/a/iaccore-dll-not-found-missing-error.htm

In this case, it may well be that you need to reload the missing/defective apps, or find alternates.
iaccore.dll is a file that some applications and hardware use to interface with windows. It is not a windows "core" file. (My XP systems don't have it).
The content of the file may change depending on the app requiring it.

You can remove Rkill and Combofix (zzz.exe) from your desktop.

The main thing to remember for the future is that all of this came from the use of P2P programs.

Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win32 ZBOT.E

Unread postby Basacag » December 30th, 2010, 11:36 am

Hi askey127

Thanks for the link.

P2P i will not miss, I only used it to download an old TV series and a couple of films I could not get from Blockbuters (old again) I did not realise it was that dangerous if I was scanning the files.
Lesson learned though.

Thanks again

Ian
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Win32 ZBOT.E

Unread postby askey127 » December 30th, 2010, 2:12 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware