Author Topic: WIN 32 KADRBOT (Read 5069 times)

kelltic · « **on:** November 13, 2011, 06:53:04 PM »

On November 8th my system was infected with the WIN 32 KADRBOT (so-called by AVAST!). Besides AVAST, I've run several of Kaspersky's fixes and Malwarebytes - which I think is the app that finally got it - in safe mode. Finally, it seems I have my computer back.

However, this morning I ran DeBank, an application that checks for banking trojans. This is the report I got:

W32/Zeus variant detectd in the process C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

Pieces of potentially malicious code were found in the memory. It is strongly advised that you run a proper AntiVirus scan on the machine. Below you can find some free online scanners.

I am wondering if this could be correct.

I'm using WindowsXP.

Thanks.

DavidR · « **Reply #1 on:** November 13, 2011, 06:56:12 PM »

Argh memory scans, this is no different to avast making detections on other security software that has virus signatures loaded into memory.

Memory scans cause more confusion than comfort, nit to mention, detecting it in memory would be somewhat late as it is loaded.

iyogisolutions1 · « **Reply #2 on:** November 14, 2011, 09:02:13 AM »

Quote from: kelltic on November 13, 2011, 06:53:04 PM

W32/Zeus variant detectd in the process C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

Thanks for the information

As you know, the infection detected was a W32/Zeus variant.

So for this type of malicious Microsoft has Malicious Software Removal Tool updates

So please get this tool by doing windows update and be safe

I would suggest you please don't use any other security softwares, because it would conflict with Avast.

DavidR · « **Reply #3 on:** November 14, 2011, 12:42:41 PM »

Did you even read my post, obviously not, this is detecting virus signatures in memory (not real viruses) loaded into memory by avastSvc.exe and why memory scans return weird results.

Why else wouldn't it find any associated files registry entries.

Asyn · « **Reply #4 on:** November 14, 2011, 12:53:14 PM »

Quote from: DavidR on November 14, 2011, 12:42:41 PM

Did you even read my post...

Guess he didn't.

kelltic · « **Reply #5 on:** November 14, 2011, 03:01:05 PM »

The virus was detected by AVAST. It is now gone - 90% sure. No more problems online, no more Firewall going crazy, no more AVAST jumping up with warnings about programs I've had on my system for years, and no more thousands of cookies.

I posted because I wanted to know if the DeBank report could have an validity.

Thanks to all who answered me. I appreciate it.

DavidR · « **Reply #6 on:** November 14, 2011, 03:14:06 PM »

You're welcome.

Author Topic: WIN 32 KADRBOT (Read 5069 times)

kelltic

WIN 32 KADRBOT

DavidR

Re: WIN 32 KADRBOT

iyogisolutions1

Re: WIN 32 KADRBOT

DavidR

Re: WIN 32 KADRBOT

Asyn

Re: WIN 32 KADRBOT

kelltic

Re: WIN 32 KADRBOT

DavidR

Re: WIN 32 KADRBOT