Author Topic: Help cleaning up remnants of the Zbot virus  (Read 11749 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help cleaning up remnants of the Zbot virus
« Reply #30 on: August 22, 2014, 10:16:32 PM »
Hmm weird as the MD5's are all legitimate which does not indicate a tampered file   

If you wish to continue I would like to get an analysis log after a virus scan

This will produce a zipped analysis file which I would need you to upload to a file sharing site for me to collect i.e. Mediafire

Download AVPTool from Here to your desktop
 
Run the programme you have just downloaded to your desktop ( it will be randomly named )
 
First we will run a virus scan
Select the cog to access scan areas


On the first tab select all elements down to OS C and then select start scan 


 Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab 
Press the Gather System Information button 
 


Once it has completed then click Step 2 Report sending


Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached

REDACTED

  • Guest
Re: Help cleaning up remnants of the Zbot virus
« Reply #31 on: August 23, 2014, 06:03:59 PM »
Just a quick update, the virus removal tool is still running and is at 55% completed. This is the second time running this tool.
The first time I ran it, at around the 50% completion mark it found 2 threats and required a reboot to complete the removal process.

The threats found were both rootkit.win64.sst.d and those have been cleared now. Since they have been removed I haven't had any pop ups from malwarebytes or Avast.  Also the wininit.exe *32, dllhost.exe*32 and scvhost.exe*32 processes haven't appeared in task manager either. Hopefully that has fixed the problem.

I will still post the log reports once it is finished. Are there any other programs that I should run once this has been completed? What about deleting all the programs that I downloaded earlier frst, tssdkiller etc...?


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help cleaning up remnants of the Zbot virus
« Reply #32 on: August 23, 2014, 07:17:28 PM »
Hmm TDSSKiller was recently updated to get that one I wonder why it missed it

With regards to the programmes that you have been using we will safely remove them once you are happy

REDACTED

  • Guest
Re: Help cleaning up remnants of the Zbot virus
« Reply #33 on: August 23, 2014, 09:55:05 PM »
Here are the logs and Zip file.

http://www.mediafire.com/download/3b2n93dh2mpq150/avptool_sysinfo.zip

Everything seems to be running normally now. Still no pop up messages. Is there any other programs you recommend that I run?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help cleaning up remnants of the Zbot virus
« Reply #34 on: August 23, 2014, 10:28:05 PM »
Sysinfo looked good so I think you can call yourself done :)

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Click  Start  then Run.
On Windows7 or Vista  you may use  Start Search  field if  Run  is not available.
In the box copy/paste the following command:

ComboFix  /Uninstall

Note that there is a space between "  ComboFix  " and "  /Uninstall  " .

Then click  OK  (or press  Enter ).
Wait for the uninstall process to complete.

Download and run Delfix




: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:

REDACTED

  • Guest
Re: Help cleaning up remnants of the Zbot virus
« Reply #35 on: August 23, 2014, 11:10:08 PM »
Excellent, everything is complete and programs updated. I will be passing all the info on to my parents as well.

Essexboy thank you so much for taking the time to help me this. I really appreciate it.

Thanks again,
Steve

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help cleaning up remnants of the Zbot virus
« Reply #36 on: August 23, 2014, 11:30:37 PM »
My pleasure :)