Author Topic: Adware.Zugo  (Read 8288 times)

0 Members and 1 Guest are viewing this topic.

VerySplendid

  • Guest
Adware.Zugo
« on: December 26, 2010, 09:21:35 AM »
Hello greatly admired boffins,

I noticed that Windows Security Update KB981852 has apparently updated successfully 10 times but won't go away. I ran Malwarebytes today, this is the result:

Adware.Zugo ..... Registry Key ..... HKEY_CURRENT_USER\Software\Zugo

I haven't yet tried to remove it because I don't know how serious it is & intend to nuke the f*cker properly first go - hopefully with your sage words : )

Unsure if this is also relevant, but Spyware Terminator Tracking Flash Shared Objects (Tracking Cookie).

Why can't everyone be nice & kind & good..?

I have Windows Vista SP2 32 bit Dell. Avast AV (version 5.0.677) & Comodo firewall, Spyware Terminator runs a daily scan, plus I have Malwarebytes which I utilise for a full scan every couple of months.

Many thanks in advance for any advice given : )

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Adware.Zugo
« Reply #1 on: December 26, 2010, 11:18:19 AM »
Remeber to always update Malwarbytes before you run it, Latest program version is 1.50.1 and database 5396
Let it remove/quarantine what it find (click the remove selected button)

you don`t ned Spywareterminator when you have Malwarebytes, the only thing it will find and remove that MBAM does not, is tracking cookies

Post the MBAM scan log here

VerySplendid

  • Guest
Re: Adware.Zugo
« Reply #2 on: December 26, 2010, 11:48:44 AM »
Hi Pondus,

Thank you kindly for your prompt response : ) Here is the scan log:

* * * * * * * * * *

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

26/12/2010 7:47:28 PM
mbam-log-2010-12-26 (19-47-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 317401
Time elapsed: 5 hour(s), 30 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

* * * * * * * * * *

I am updating my Malwarebytes version now + also running a full system scan with avast! I'm afraid this horrid Zugo thing is a backdoor Trojan, as has been suggested when I've searched for infomation to solve this. So far, the avast! scan has detected 1 infected file so perhaps the old version of Malwarebytes didn't remove it after all?

Thanks again : )

SafeSurf

  • Guest
Re: Adware.Zugo
« Reply #3 on: December 26, 2010, 11:57:23 AM »
Yes, I see you were using the older version of MBAM.  Please do update it to the newer version and then update the definitions again, then re-scan.

With Avast scan, is anything in your Virus Chest?  If so, can you give a screen shot?  Thank you.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Adware.Zugo
« Reply #4 on: December 26, 2010, 12:16:47 PM »
and you only have to do a quick scan, this will take care of 99% of what mbam detect

VerySplendid

  • Guest
Re: Adware.Zugo
« Reply #5 on: December 26, 2010, 02:23:21 PM »
Greetings!

I couldn't figure out how to attach a screen shot of my avast! virus chest but the infected file picked up by today's scan is located in C:\Users\VerySplendid\Downloads\flash_player.45199.exe which avast! - bless its cotton cyber socks - first detected back in September. Do I need to reformat my precious again? How can I tell where I knowingly downloaded this bad boy from? Have all my passwords/online banking details been compromised..?

Thank you for your patience & consideration : )

PS - I forgot to mention it also stated Threat: Win32:MalOb.BX[Cryp]

« Last Edit: December 26, 2010, 02:25:41 PM by VerySplendid »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Adware.Zugo
« Reply #6 on: December 26, 2010, 02:39:31 PM »
Ther are lots of these fake flash players files out there

Quote
Have all my passwords/online banking details been compromised..?
do not know but it wont hurt to change them, something that should be don on a regular basis anyway

Did you do a new Malwarebytes scan ? post the log

VerySplendid

  • Guest
Re: Adware.Zugo
« Reply #7 on: December 26, 2010, 02:45:29 PM »
Hello again,

I performed a Malwarebytes quick scan (database version: 5363) & no malicious items were found. Hurrah! : )

Oops forgot to post the log, here t'is:

* * * * * * * * * *

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

27/12/2010 12:12:48 AM
mbam-log-2010-12-27 (00-12-48).txt

Scan type: Quick scan
Objects scanned: 129917
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

* * * * * * * * * *

Many thanks : )
« Last Edit: December 26, 2010, 02:47:32 PM by VerySplendid »

VerySplendid

  • Guest
Re: Adware.Zugo
« Reply #8 on: December 26, 2010, 02:50:53 PM »
Sorry, I forgot to ask... should I leave flash_player.45199.exe in the virus chest or delete it? And should I leave Zugo in quarantine?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Adware.Zugo
« Reply #9 on: December 26, 2010, 02:53:45 PM »
If you are still not sure you are clean you can let Essexboy have a look inside!.....
if so follow this guide and post the log`s here, then Essexboy will the check the log`s when he enters the forum

http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Adware.Zugo
« Reply #10 on: December 26, 2010, 02:55:31 PM »
Quote
Sorry, I forgot to ask... should I leave flash_player.45199.exe in the virus chest or delete it? And should I leave Zugo in quarantine?
I always let things stay in quarantine for 30 days before i delete it, just in case

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

VerySplendid

  • Guest
Re: Adware.Zugo
« Reply #11 on: December 26, 2010, 11:06:11 PM »
Thank you so much for everything! I'm going to follow the instructions for Essexboy to cast his expert eye over.

Many thanks & big smiles all round :D