win32:Zbot-mou

[essexboy]

That file was legitimate - I just had no MD5 on the last run

Could you run this programme (no need to download it to your desktop) - This programme when it runs will get some data from sysinternals but it is quite safe
On completion it will either say nothing found or will produce a log - could you let me know which
http://noahdfear.net/downloads/maxhandle.exe

[diviesh]

Hi Mate,

I have run and it "says nothing" found.

I am still getting redirected initially first 5-6 clicks and then it seems ok.

Haven't had a warning yet so it seems to be improving

[essexboy]

OK that was to check for a new variant malware that has just appeared

I will have a review and a thunk - back soon

[diviesh]

Hi Essexboy, any progress with this - still no warnings but the the link redirects seem to be getting worse and now i seem to get the odd pop up aswell :'(

[essexboy]

Apologies for the delay I was sidetracked looking at a new infection

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[diviesh]

Hi Everyone on this forum who has suffered painfully with this problem.

I finally found that the rootkit trojen had embedded itself in c:\windows\system32\drivers\atapi.sys

it was finally discovered using Hitman Pro, you can download it from the link below

http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

I hope this helps all of you who are suffereing.

I would also like offer my sincere thanks to essexboy, your help has been greatly appreciated.