Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Think my computer is attacked by spy.Zbot.ZR trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Think my computer is attacked by spy.Zbot.ZR trojan

Unread postby rickronn » November 3rd, 2011, 10:12 am

Hello, my computer is running very slow and scanned by NOD32 reviewed that it is attacked by spy.Zbot.ZR trojan. I have attached DDR scan log as below.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by KYTANG at 13:19:56 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.255.46 [GMT 8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Green Software\工作列管理大師-Visual Tooltip v2.2 繁體綠化版\VisualToolTip.exe
C:\Program Files\Green Software\讓XP擁有比Vista更炫的3D視窗特效-WinFlip v0.50 繁體綠色版\WinFlip.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Green Software\記憶體優化軟體-FreeRAM XP Pro v1.40 中文免安裝版\FreeRAM XP Pro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hk.yahoo.com/
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\green software\讓檔案總管變的更漂剋-styler v1.401 繁體綠色版\tb\StylerTB.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\green software\邕憶體優化軟體-freeram xp pro v1.40 中文吻安裝版\FreeRAM XP Pro.exe" -win
uRun: [{DFEFB883-ED91-7502-F445-755269A46367}] "c:\documents and settings\kytang\application data\idomfi\evnaabi.exe"
mRun: [Visual Tooltip] c:\program files\green software\工作圭管理大師-visual tooltip v2.2 繁體綠化版\VisualToolTip.exe
mRun: [WinFlip] c:\program files\green software\讓xp擁有比vista更炫的3d視窗盎效-winflip v0.50 繁體綠色版\WinFlip.exe
mRun: [DriveSpace] c:\program files\drive space indicator\DrvSpace.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msdrm] msdrm.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\netlimiter\nl_lsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0120334984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D3B04869-4614-4514-963B-B82D4FF63BC1} : NameServer = 203.198.23.208,218.102.32.208
Notify: WBSrv - c:\program files\green software\windowblinds\WBSrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
============= SERVICES / DRIVERS ===============
.
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2008-8-31 27648]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2008-8-31 7680]
R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [2008-8-31 27648]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [2008-8-31 33408]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-8-31 45056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-31 17920]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-1 22216]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [2008-8-31 9809]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-1-21 166720]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-8-6 63536]
.
=============== Created Last 30 ================
.
2011-11-01 09:44:12 -------- d-----w- c:\documents and settings\kytang\application data\Malwarebytes
2011-11-01 09:43:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-01 09:43:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 09:43:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Omig
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Muuto
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Naly
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Enz
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Mure
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Dageku
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Okabomp
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Bie
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Idomfi
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Cie
.
==================== Find3M ====================
.
.
============= FINISH: 13:21:22.81 ===============

Thanks for your help.
rickronn
Regular Member
 
Posts: 18
Joined: November 2nd, 2011, 1:15 am
Advertisement
Register to Remove

Re: Think my computer is attacked by spy.Zbot.ZR trojan

Unread postby NonSuch » November 4th, 2011, 3:10 am

Closed. Duplicate topic.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware