Resolved: Troj/Zbot-LA >I think I'm still infected
- Thread starter Nostrada
- Start date
- Status
Bobbye
Posts: 16,313 +36
Outstanding! Whew! That was a job! I do note the following is still present. Did you include it in the move I set up?
C:\Program Files\PestPatrol\Quarantine\20070407233801.zip
It's been quarantined so is no threat to you. You might want to look into deleting the PP quarantined items.
To finish the cleanup of the cleaning tools, add this:
Remove all of the tools we used and the files and folders they created
If you are prompted to Reboot during the cleanup, select Yes.
You've will have already uninstalled Combofix and dropped the old restore points. You should be in pretty good shape now.
A reminder: be careful opening email from someone you don't know. Be very careful if opening attachments and forwards. Friends don't count here- most don't realize they're sending an infected file. IF you do get an attachment that you want to open, do a right click> Save to desktop first. Once there, do a right click> scan with AV before opening. That's not a guarantee but it's better than just opening from within the email!
You worked hard an did a good job! Let me know if you need more help in the future.
C:\Program Files\PestPatrol\Quarantine\20070407233801.zip
It's been quarantined so is no threat to you. You might want to look into deleting the PP quarantined items.
To finish the cleanup of the cleaning tools, add this:
Remove all of the tools we used and the files and folders they created
- DownloadOTCleanIt by OldTimer
- Save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
If you are prompted to Reboot during the cleanup, select Yes.
You've will have already uninstalled Combofix and dropped the old restore points. You should be in pretty good shape now.
A reminder: be careful opening email from someone you don't know. Be very careful if opening attachments and forwards. Friends don't count here- most don't realize they're sending an infected file. IF you do get an attachment that you want to open, do a right click> Save to desktop first. Once there, do a right click> scan with AV before opening. That's not a guarantee but it's better than just opening from within the email!
You worked hard an did a good job! Let me know if you need more help in the future.
Wot's next?
Thanks!
Should I follow the instructions in message 24 before #27?
https://www.techspot.com/vb/post846672-24.html
Thanks!
Should I follow the instructions in message 24 before #27?
https://www.techspot.com/vb/post846672-24.html
Maybe the end?
I did the first three steps of message #24.
> S-1-5-21-2246190073-3047704572-2931419171-1006
was an 85 byte file that appeared to be empty. I couldn't remove it.
>I didn't do the Outlook Express step since I had already cleaned out OE.
> I didn't do OTMoveIt.
I did OTCleanIt (message #27)
I think I'm all done. A new ESET log is attached.
I could send a donation to the ComboFix guy if you think I should.
Many thanks, you've been great!
Nostrada
I did the first three steps of message #24.
> S-1-5-21-2246190073-3047704572-2931419171-1006
was an 85 byte file that appeared to be empty. I couldn't remove it.
>I didn't do the Outlook Express step since I had already cleaned out OE.
> I didn't do OTMoveIt.
I did OTCleanIt (message #27)
I think I'm all done. A new ESET log is attached.
I could send a donation to the ComboFix guy if you think I should.
Many thanks, you've been great!
Nostrada
Bobbye
Posts: 16,313 +36
Got to love those clean logs!
I left one thing out of the Recycler delete> the Recycle Bin has to be empty or the Recycler Folder cannot be deleted. Try doing that, then double click on the number string in the Recycler. You can do a right click> delete on each of the files.
Are you asking if you should send a donation to Combofix? I don't know what you mean by 'the guy'. But no donations are needed.
I left one thing out of the Recycler delete> the Recycle Bin has to be empty or the Recycler Folder cannot be deleted. Try doing that, then double click on the number string in the Recycler. You can do a right click> delete on each of the files.
Are you asking if you should send a donation to Combofix? I don't know what you mean by 'the guy'. But no donations are needed.
- Status
