Author Topic: Win32:Zlob-32 [Tri] in C:\hiberfil.sys  (Read 4846 times)

0 Members and 1 Guest are viewing this topic.

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« on: February 20, 2011, 02:58:18 PM »
Hi,

A boot time scan found Win32:Zlob-32 [Tri] with a threat severity as High, in C:\hiberfil.sys. It appears in the Scan results log along with the other threat that was found and chested successfully. I tried first to repair with was unsuccessful and then to Chest which was also unsuccessful, with a message to say the disc was full.

I can't see C:\hiberfil.sys in the Windows explorer nor in a Command Prompt window.

I understand this file is something to do with the Hibernation feature, which I do use, so I don't want to lose that facility.

Oh I should add that a full system scan afterwards produced no threats.

Any advice please??
« Last Edit: February 20, 2011, 02:59:53 PM by rob24 »
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #1 on: February 20, 2011, 03:02:30 PM »
Run a boot time scan with avast.
asyn
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #2 on: February 20, 2011, 03:08:53 PM »
Did you modify any of avast! default scan Settings ???

You have to enable Windows to see hidden files and and folders:
http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #3 on: February 20, 2011, 03:29:23 PM »
Run a boot time scan with avast.
asyn

It was with a boot time scan that I found it this morning

Did you modify any of avast! default scan Settings ???

You have to enable Windows to see hidden files and and folders:
http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp
No, I didn't modify any default scan settings, well none that I've changed since installing Avast free 5.1.

I did that so I can now see the file in Windows Explorer. I scanned hiberfil.sys with the right click menu and no threats were found. Does that mean I can be sure I'm OK or should I check some other way?
« Last Edit: February 20, 2011, 04:08:42 PM by rob24 »
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #4 on: February 20, 2011, 04:16:54 PM »
You should be OK.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #5 on: February 20, 2011, 04:19:04 PM »
1. It was with a boot time scan that I found it this morning
2. Does that mean I can be sure I'm OK or should I check some other way?

1. Sorry, I missed that.
2. If you fear an infection you can run free Mbam. (http://www.malwarebytes.org/mbam.php)
- update it before scanning..!!!
asyn
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #6 on: February 20, 2011, 04:25:17 PM »
1. It was with a boot time scan that I found it this morning
2. Does that mean I can be sure I'm OK or should I check some other way?

1. Sorry, I missed that.
2. If you fear an infection you can run free Mbam. (http://www.malwarebytes.org/mbam.php)
- update it before scanning..!!!
asyn

OK thanks yes I'll do that once the very slow BitDefender online scanner starts actually scanning!
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #7 on: February 20, 2011, 04:28:17 PM »
OK thanks yes I'll do that once the very slow BitDefender online scanner starts actually scanning!

You're welcome..!
Btw, forget the BD scan. ;)
asyn
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline rob24

  • Full Member
  • ***
  • Posts: 113
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #8 on: February 20, 2011, 06:35:54 PM »
OK thanks yes I'll do that once the very slow BitDefender online scanner starts actually scanning!

You're welcome..!
Btw, forget the BD scan. ;)
asyn


Yup I cancelled the BitDefender - seemed to be doing nothing. Malwarebytes clean but then I never finds anything. Ah well.
Intel Core i5 CPU 4 x 3200 Mhz, 8Gb DDR3 RAM, Windows 10 64 bit, Malwarebytes' Anti-Malware 1.6 free, Superantispyware.
Samsung S3 mobile with Avast Mobile Pro and on Lenovo tablet.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Win32:Zlob-32 [Tri] in C:\hiberfil.sys
« Reply #9 on: February 20, 2011, 06:53:06 PM »
Malwarebytes clean but then I never finds anything. Ah well.

Clean is good..! ;)
asyn
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0