Solved Zbot is giving me pain

[tcmasterx]

Thanks

The Error Check didn't take very long and came up with a clean bill of health. The system is doing OK. Avast isn't throwing up any alerts (like AVG did in recent weeks). The only symptom is that I have lost access to a couple of programs. (OpenOffice, Adobe Acrobat and Quicktime).
Ideally I would like to back to the system I had before. i.e. AVG protection and access to these programs. Is that going to be possible?

Thanks

 

[Bobbye]

If you do a restore, it will undo everything we've done here between the date of the restore point and now.

Did we go through this? Open Windows Explorer> My Computer> double click on Local Drive> Programs> double click on the program on the left> find the .exe file for it on the right> do a right click> Send To> Desktop to create a shortcut.

 

[tcmasterx]

Sorry. I didn't mean to go back to a previous point. I meant uninstall and then re-install those programs from scratch. Or is your way of creating a shortcut on the desktop going to do the same thing?

Incidentally, I don't have any restore points from before the problem.

 

[Bobbye]

I meant uninstall and then re-install those programs from scratch

If you have the program on the system still, but it's the .exe file that won't run it, then it most likely damaged by the malware. If you can find the .exe file using the path I gave you, try creating the shortcut first. If that will launch the program when you double click on it, then it was the initial shortcut that was corrupt, not the program itself.

For instance, sometimes shortcuts in the QuickLaunch Toolbar don't work after malware. It's that shortcut that was corrupt, not the actual program. By creating a new shortcut in it's place, you restore the use of the program.

 

[tcmasterx]

Cool!


Got the use of Open Office and Quicktime back.
Adobe isn't happening.

Am I clear to download it and install?

Everything else is looking good.

 

[Bobbye]

Yes, go ahead with Adobe.

Do you have any of the glitches and gremlins left that you've experienced throughout the thread?

 

[tcmasterx]

It looks like all the major gremlins are history.
The only thing left is a weird one on my USB stick. Avast (and AVG at home) are saying that there is an Autorun infection on it.
It means I have to open it a different way, but all the info is there and it behaves as normal.
If there's a fix for that, I'd appreciate it.

In the meantime Bobbye I must give you ultimate praise for taking the time to get me back up and running. I will try to become a useful contributor to Techspot.
I am not a dunce but I am not PC savvy enough to fogure stuff out for myself. I would have been a wreck if you'd not given up your valuable time.
Again.....thanks.

 

[Bobbye]

Thank you for the acknowledgement- it is most appreciated.

No problem- you can disinfect the flash drive:

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Let me know that goes. If all is resolved, I'll have you remove the cleaning tools.

 

[tcmasterx]

All seems to be good now.

A while ago, I was getting messages mentioning RECYCLER when I put my USB stick in.
Not any more. Though, it doesn't fire up by itself (Autorun, I guess) I can still see it and use it as normal.

Is that me now 'in the clear'?

 

[Bobbye]

The Recycler is where the Recycle Bin send the files and folders that are deleted. It is a hidden file, but can be found and removed. There are 2 conditions that must be met in order to do this:

1. The Recycle Bin must be empty.
2. Show Hidden Folders/Files
This is best done in Windows explorer (Right click on Start> Explore:

• Open My Computer.
  [*] Go to Tools > Folder Options.
  [*] Select the View tab.
  [*] Scroll down to Hidden files and folders.
  [*] Select Show hidden files and folders.
  [*] Uncheck Hide extensions of known file types.
  [*] Uncheck Hide protected operating system files (Recommended).
  [*] Click Yes when prompted.
  [*] Click OK.
  [*] Double click on the Recycler to open
  [*] Each account has a specific #> it begins with S I and ends at the slash. Find that account and do a right click> Delete.

Reset Hidden/System Files & Folders

Since I don't know what the specific Recycler message was, if the above doesn't resolve this, let me know.
=======================================
Have all the malware related problems been resolved?

 

[tcmasterx]

I did that and found the Recycler folder. It wouldn't delete. It said that another program was using it and to close it before deleting. I closed all programs....and it still didn't delete, it just gave me the same message.
All the malware problems seem to now be resolved.

 

[Bobbye]

Not to worry! I've gotten the same message occasionally. The system will eventually overwrite the contents. Just be sure you re-hide the files and folders.

Since you have a nice, clean system, let's remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
=============================
And here are some tips to help you stay clean:
Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] Temporary File Cleaner
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

 

[tcmasterx]

All done!

Thanks VERY much for all your help.
I'll keep on top of things with your list of Added Security and Safer Browsing.

Best discovery of last year - The Black Grouse whisky

Best discovery of this year - TECHSPOT

Fabulous!!

 

[Bobbye]

You're very welcome! I'm going to forward your reply on to Julio, the owner of TechSpot!

No that you know where we are, stop by again sometime. There are so many other forums to enjoy on TechSpot!