Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible attack by spy.Zbot.ZR trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby rickronn » November 18th, 2011, 12:43 am

Hello, Gary R,
After I have followed your advice to increase RAM and the steps to speed up my computer, it seems that the system is working much better than before.

Below is the scan log after running Avenger.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Nov 18 12:36:32 2011

12:36:09: Error: Could not expand environmental variables in line:
"C:\Program Files\Green Software\超級工作管理員,再也沒有關不掉的程式-DTaskManager v2.0 繁體綠色版\DTaskManager.exe"
Skipping line. (File deletion mode) (error 234: 有更多資料可供使用。)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\Green Software\WindowBlinds\patch.exe" deleted successfully.
File "C:\Program Files\Unlocker\eBay_shortcuts_1016.exe" deleted successfully.
File "C:\WINDOWS\VIPv3\Process.exe" deleted successfully.
File "C:\WINDOWS\VIPv3\resources\process.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Best regards.
rickronn
Regular Member
 
Posts: 18
Joined: November 2nd, 2011, 1:15 am
Advertisement
Register to Remove

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby Gary R » November 18th, 2011, 2:31 am

Seems we're having a little problem deleting the following file .....

C:\Program Files\Green Software\超級工作管理員,再也沒有關不掉的程式-DTaskManager v2.0 繁體綠色版\DTaskManager.exe

I think that's probably due to the fact that Avenger can't parse the file path (which includes chinese characters) rather than for any other reason.

See if you can delete the file manually please and let me know how you get on.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby rickronn » November 21st, 2011, 1:45 am

Hello, Gary R,

I have tried to use "delete program" function in Control Panel of Windows, but the mentioned program did not show up as one of the installed program.
I tried to see if I could delete within its directory, but there was no Uninstall option inside the directory.
Please advise how to proceed.

Thanks for your help again.

Best regards.
rickronn
Regular Member
 
Posts: 18
Joined: November 2nd, 2011, 1:15 am

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby Gary R » November 21st, 2011, 5:15 am

If you're not worried about its removal we can probably remove the entire Green Software folder.

To do that ....

  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Program Files\Green Software

  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby rickronn » November 22nd, 2011, 1:34 am

Hi, Gary R,

I have managed to remove the folder and the results are as follow.

========== FILES ==========
C:\Program Files\Green Software\輕便小巧的反安裝精靈-Uninstall Tool v1.5.1 繁體綠色版\lang folder moved successfully.
C:\Program Files\Green Software\輕便小巧的反安裝精靈-Uninstall Tool v1.5.1 繁體綠色版 folder moved successfully.
C:\Program Files\Green Software\超級工作管理員,再也沒有關不掉的程式-DTaskManager v2.0 繁體綠色版 folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\wallpaper folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\UNRAR folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\XPLIVE folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\XP-VistaGreenFr(stylerTB) folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\XP-VistaGreenEng(StylerTB) folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Windows Vista_DongJun folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\VistaLive folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Uhi'Vista STB JP folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Uhi'Vista STB INT folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Toran folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Tango folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\simpleVISTA Blue folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Royal Inspirat SE White Longhornish folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Poly folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Media White folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\MDC 2008 folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\MacOSX Leopard (by Nick) folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\longhorn reloaded folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Leopard no tabs folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Leopard folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Jadaero folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\inspirat folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\HilledPurple folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\HilledBlue folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Flora folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Elegance TB folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\default folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Complete Blue Lucid ITA folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\AquaAero folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Alluvium Magnite folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's\Aero Starry-eyed folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins\Styler's folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB\skins folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\TB folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\shadow\simple folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\shadow\medium folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\shadow\large folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\shadow\default folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\shadow folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\msstyles folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版\image folder moved successfully.
C:\Program Files\Green Software\讓檔案總管變的更漂亮-Styler v1.401 繁體綠色版 folder moved successfully.
C:\Program Files\Green Software\讓XP擁有比Vista更炫的3D視窗特效-WinFlip v0.50 繁體綠色版\please_update_these_readmes folder moved successfully.
C:\Program Files\Green Software\讓XP擁有比Vista更炫的3D視窗特效-WinFlip v0.50 繁體綠色版 folder moved successfully.
C:\Program Files\Green Software\記憶體優化軟體-FreeRAM XP Pro v1.40 中文免安裝版 folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\史上最快檔案複製工具-FastCopy folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\加速檔案在硬碟間的傳輸-TeraCopy folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\SuperXP folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Standart folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Mac OS X folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Lite folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Default folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Cristall Neon folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Chegevarra folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Butovo.Com folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\Aqua folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins\AMPCopy folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Skins folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy\Favorites folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3\一款俄羅斯增強型檔案移動、複製工具-KillCopy folder moved successfully.
C:\Program Files\Green Software\檔案加速複製工具 *3 folder moved successfully.
C:\Program Files\Green Software\工作列管理大師-Visual Tooltip v2.2 繁體綠化版 folder moved successfully.
C:\Program Files\Green Software\可以穿透防火牆的遠端搖控-TeamViewer v3.5.4385 繁體綠色版 folder moved successfully.
C:\Program Files\Green Software\Windows 系統醫生 v3.4.5.913 免安裝版 folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\WBThumb folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\Wallpapers folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\UI folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\Uhi'Vista folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\System folder moved successfully.
C:\Program Files\Green Software\WindowBlinds\Lang folder moved successfully.
C:\Program Files\Green Software\WindowBlinds folder moved successfully.
C:\Program Files\Green Software folder moved successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 11222011_133155

Best regards.
rickronn
Regular Member
 
Posts: 18
Joined: November 2nd, 2011, 1:15 am

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby Gary R » November 22nd, 2011, 2:45 am

That seems to have done the trick, how's your computer running now ?

If it is running as you'd expect it to, then we're finished, and it's time to remove the programs we've been using to clean your computer.

Any problems then do NOT follow the instructions below, otherwise ......

Let's clear out Combofix and the files/folders it created
  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.
    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Next

Let's clear out OTM and the files and folders it created.

This will also remove SystemLook, Avenger, and TDSSKiller.

  • Double click OTM.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTM will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTM
  • Now delete OTM.exe (if still present).

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby rickronn » November 23rd, 2011, 1:19 am

Hello, Gary R,

I think my system is running okay now. Really appreciated for your help and advices. Will follow your suggestions to keep my computer safe & running smoothly.

Best regards.
rickronn
Regular Member
 
Posts: 18
Joined: November 2nd, 2011, 1:15 am

Re: Possible attack by spy.Zbot.ZR trojan

Unread postby Gary R » November 23rd, 2011, 3:07 am

You're welcome, glad we could help. :)

Keep safe,

Gary

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware