Solved Problems with Win32/Z bot G in the system Volume Information Directory please help

Status
Not open for further replies.
jusched.exe is the auto-updater for Java. I have no use for auto-updates so I prevent mine as follows:
Open the Control Panel> Java> Advanced tab> click on + sign to left of 'JRE Auto-update'> Check 'Never auto-download'> Click on Apply> OK
Have a look at the Startup menu and make sure jusched.exe isn't checked.
Almost everyone has the auto-updater checked. Problem is, they get the new update, but Java doesn't overwrite and users forget to uninstall old version. This way, user can keep in mind to uninstall old version when getting new version.
============================================
About the flash drive: Just know that the more I know, the more I can help you. For instance, if I had known about the flash drive sharing, I would have had you disinfect it earlier and cautioned you about not using it until it was clean.
=============================================
About the Recycler: you can try doing a double click on the SID to see if it will 'open'. If it does, go to Edit> Select All> Delete. This has to be your account to remove those files. If they won't go, they aren't active in the system and eventually they will be overwritten.
=============================================
About MsiExec.exe: MsiExec.exe is the executable for the windows installer. This should only be running while you are running an installer. If this is still running after the installer has completed it should be safe to end this process. Did you abort any setups you had downloaded after the double click to install but before the install was complete?
=============================================
If you still have Combofix, I can try to remove the old Java from Firefox:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
Extra::
File::
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-:- Profile- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qjolvo62.default\
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . You do not need to leave the log.
====================
The system is clean. Let me know if there are any more problems.
 
Thanks very much for all your help it is much appreciated I would like to buy you a beer to thank you for everything you have done for me recently do you have a paypal account I can make a small donation into ? One last thing though do you have any idea why i have folders on my external drive with names like amd64 and i3a6 and another folder called 0751e7ac9f02a515303c7882f62fca1f which contains many folders in it with different numbers inside each is HotFixInstallerUI.dll and eula which is a rich txt word document these folders have appeared recently from nowhere
 
Thank you for the offer, but it was my pleasure to help you. I don't accept donations and neither does TechSpot. Go learn a lot and come back and help out!!

You can do a right click Properties on any of these folders to try and get more info. AMD will be for the processor. i386 is for Intel. We would have picked it up if it had been malware. My rule is that if you don't know, don't delete it. Be sure the hidden files and folders are just that:
Control Panel> Folder Options> View tab> be sure to check 'don't show hidden files and folders' and check 'hide System files for OS (Recommended)> Apply OK.

It's possible that the hidden files and folders have been set to show and you just haven't seen them previously. They aren't 'hidden' because they're bad- it's to keep you from removing them and trashing the system! Leave EULA.rtf' and 'HotFixInstallerUI.dll' Files
========================================
Tips for added security and safer browsing:
  1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
  2. Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast Free Version

      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
    IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
    Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
    [o]Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  3. Stay current on updates:
    [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
    [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
  4. Reset Cookies to prevent Tracking Cookies:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
  5. Do regular Maintenance
    Remove Temporary Internet Files regularly:
    [o]ATF Cleaner by Atribune
    OR
    [o]TFC
    Disable and Enable System Restore:
    [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
  6. Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
 
Status
Not open for further replies.
Back