Malicious Software Not Removed (Zbot.gen)

not2brightJune 12, 2013

Hi,

Today's Windows Updates included the June Malicious Software Removal Tool from MS. After its scan it said there was one item it detected but could not remove. The entry read thus:

PWS:Win32/Zbot.gen!AL

The only advice it gave was to run scans with my own software and have that remove it. But I just ran my Avira AV yesterday and it wasn't detected. And I just now finished MBAM which detected nothing either.

Should I just find my way to the file location in question (assuming I can find it) and remove the item manually ? Or is there another software which is sure to detect this and remove it automatically ?

(Oddly, the last two days my Avira has successfully blocked two other items trying to gain access to something in the AppData folder. I don't know if these things could be related.)

Any suggestions welcome !

Thanks !

Here is a link that might be useful: MS on Zbot.gen!AL

Thank you for reporting this comment. Undo
not2bright

Update: I did the ESET online scan and it found 4 infections. Two infections were variants of "Win32/Medfos.QK trojan" and two were variants of "Win32/Kryptik.BDII trojan." Three were removed immediately and one of them (I forget which) on restart. But at boot-up I got a message that Windows (7 Pro) could not find: "C\User\[My Name]\AppData\Roaming\uinco.dll" I clicked "OK" and Windows resumed normally.

So, I guess I still have no idea if the intial malware (Zbot.gen!AL), which was NOT detected by Avira or MBAM, in fact WAS removed by ESET, since I don't know if it was a variant of the ones mentioned above.

???

    Bookmark   June 12, 2013 at 8:55AM
Thank you for reporting this comment. Undo
owbist

"uinco.dll" seems to be linked with genealogy so if you have any ancestry type program installed you may want to check it will work now. If not simply re-install the program I would suggest.

Edit. Sorry paid more attention to the second post but on reading again I see the issue with the trojan not removed. Try another scan with Kaspersky or any other online free scan to see if they qwill find it for you.

This post was edited by owbist on Wed, Jun 12, 13 at 9:17

    Bookmark   June 12, 2013 at 9:09AM
Thank you for reporting this comment. Undo
not2bright

Thanks, owbist.

I was much too busy today to get to the Kaspersky scan, but I may get to it tomorrow (when I have time for the 165mb download !). Thanks for that suggestion, btw.

However, I did do the following: I manually downloaded the MSRT and ran the quick scan, since it was that scan that apparently detected the trojan intially. It came up with no results. I'm just finishing the FULL scan of it as well (just to be sure) and so far it has found nothing.

Would I be safe in assuming that one of the trojans that were removed by the ESET scan was the one detected by the MSRT, even though their names were not identical (perhaps the 'variant of..." mentioned by the ESET scan explains this) ?

Btw, I would have run SAS, but when I opened it, it said that the definitions (of 4/11/12) were up to date !!! :-O I would rather say out of date.

    Bookmark   June 12, 2013 at 8:28PM
Thank you for reporting this comment. Undo
not2bright

Update: at start-up I'm still getting the error pop-up regarding the missing .dll file. I don't have any ancestry downloads that I know of (as mentioned by owbist), and I haven't found anything out in any searches. I did go to several 'find .dll files' sites (like http://www.dll-files.com/) to see what they say, but they don't even recognize the file name !

What to do ?? :-)

    Bookmark   June 13, 2013 at 7:03AM
Thank you for reporting this comment. Undo
shaxhome

After reading the attached link from Microsoft Security Centre, this sounds like a particularly nasty one that is difficult to remove, and can cause a mess of your computer...

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS:Win32/Zbot.gen!AL

Have you ever visited the LandzDown forum?

I think you should go there and get their free, expert help.

Here is a link that might be useful: LandzDown Forum

This post was edited by shaxhome on Thu, Jun 13, 13 at 8:12

    Bookmark   June 13, 2013 at 8:07AM
Thank you for reporting this comment. Undo
owbist

I assume with the large download you are in fact getting the Kaspersky Rescue Disk 10. If so burn it to a CD, set your computer BIOS to look for the CD/DVD drive first. Insert CD and reboot. As you follow along it seems a little confusing in 2 spots. It will ask permission to go online to get the latest definitions before doing the scan.

    Bookmark   June 13, 2013 at 10:03AM
Thank you for reporting this comment. Undo
not2bright

shaxhome: Thanks for the input. I just may do that after trying Kaspersky.

owbist: I don't believe it's the Rescue Disk. It's the link on the left of their free virus scan page: Kaspersky Virus Removal Tool. If the latter finds nothing I may try the former (even though I don't have any boot problems at the moment).

Update: Wow ! After such a large download I thought the scan would take longer. It only took 5 minutes or so. No threats detected.

This post was edited by not2bright on Thu, Jun 13, 13 at 10:57

    Bookmark   June 13, 2013 at 10:46AM
Thank you for reporting this comment. Undo
owbist

Wow ! After such a large download I thought the scan would take longer. It only took 5 minutes or so. No threats detected.

Good news then ;~)

    Bookmark   June 13, 2013 at 12:32PM
Thank you for reporting this comment. Undo
not2bright

Yes. :-)

And I did open a thread at Landzdown as you suggested, just to see what guidance I get.

    Bookmark   June 13, 2013 at 1:32PM
Thank you for reporting this comment. Undo
Blazito

I would download hitman pro and combofix, and scan your PC one more time. These two scanners pick up bugs other scanners can't detect. Both are free.

    Bookmark   June 16, 2013 at 1:43PM
Thank you for reporting this comment. Undo
emma

I don't know anything about this site, but you might want to read it. You may have already tried it.

Here is a link that might be useful: info

    Bookmark   June 16, 2013 at 3:07PM
Thank you for reporting this comment. Undo
not2bright

Blazito: Well, Corrine did have me use Combofix (though not Hitman Pro) as part of the clean-up. And no subsequent scan that I did registered any more trojans, so I'm hoping that the infection is truly gone. As I noted above, the program (MSRT) that initially found the trojan didn't find it after the ESET scan removed found trojans. (fingers crossed) :-)

Emma: thanks for the link. Just to be safe, I asked in my thread at Landzdown what others (esp. Corrine) think of the removal tool you found. It would be nice if it did, in fact, do what it claims !

    Bookmark   June 16, 2013 at 5:11PM
Thank you for reporting this comment. Undo
corrine_mvp

EmmaR, I realize you said you don't know anything about the site, but please don't ever use the tools at a site like the one you linked to above. There is no way of knowing what that tool is or does and is most likely a scam site. Download this magic tool which finds all kinds of (fake) errors and then it will cost an arm and a leg to remove what wasn't a problem in the first place. It is like the TV advertisements that make me cringe every time I see them.

    Bookmark   June 16, 2013 at 9:19PM
Thank you for reporting this comment. Undo
SnidelyWhiplash

not2bright -

I know that product ratings/rankings/testing have been discussed ad nauseum, so that's not the point of this comment. Also previously discussed ad nauseum is why some people have continuing problems and others have none.

Two step program:

1) Use a highly regarded (I didn't say rated) antivirus/intrusion protecting program. Consider several legit sources for your assessment. You'll find ESET isn't that well thought of.

2) Never click on unknown links and stick with websites of known sponsors.

You should never have to have to have your machine reset or "cleaned" if your practices are prudent.

PS, you can trust the link below.

Here is a link that might be useful: PC Mag evals of antivirus products

    Bookmark   June 17, 2013 at 12:59AM
Thank you for reporting this comment. Undo
emma

Corrine, I would only use it as a last resort before reformatting my PC and would never buy a fix. The last warning I had for a trojan I was using avast and it was only a false positive. Haven't had a real virus or trojan in many years.

    Bookmark   June 17, 2013 at 9:24AM
Thank you for reporting this comment. Undo
corrine_mvp

Snidely, although I would consider the reviews at PC Mag, I wouldn't take them as the highest authority since those types of reviews are most frequently sponsored and PC Mag is no exception.

ESET is also my favorite licensed A/V product.

    Bookmark   June 17, 2013 at 9:34AM
Thank you for reporting this comment. Undo
SnidelyWhiplash

Especially with PC related topics, the internet overflows with sites run by self-appointed "experts". That can color one's reaction to an article like this, because there are 100 phony-baloney sites for every good one. Most legit sites don't allow $$ to influence editorial decisions, and the few times that has come up (thinking of the CNET debacle) it becomes public knowledge.

The article I cited was written by Neil Rubenking, who is probably without peer after >25 years of work providing technical journalism on PC topics. His methodology is well described in the article, his findings were based on his own work and an assessment of studies done by 5 independent labs.

There are no agreed standards of performance or testing for that matter. A program can do relatively better with some hurdles and then falter (compared to competitors) on others. Or can perform well on one tester's assessment and poorly on another.

That's why Rubenking bases his findings on an agglomeration of many independent tests. Trends emerge and that's what his article is about. While any "findings" are always subjective, to me he's an expert's expert.

    Bookmark   June 17, 2013 at 11:41AM
Thank you for reporting this comment. Undo
not2bright

I guess this is why it's good not to put all one's eggs in one basket, but use different scans of each type when reasonable (i.e. using online AV scans in addition to using one's preferred full-time AV program).

Re: the PC Mag article(s): FWIW, Rubenking praised MBAM -- and I use it myself ! -- but it didn't find the four trojans that the ESET scan did. And my own free Avira AV scan didn't find them either. I'm not sure where trojans fall category-wise: malware or viruses. Or something else. But whatever programs should find them (av or anti-malware), mine didn't. :-(

Perhaps I should have also tried AVG just to see if its results would have been better, but I was naturally more concerned with getting rid of whatever was in my computer than with doing AV, anti-malware tests. ;-)

So my (albeit limited) experience of having ESET find and remove 4 trojans that MBAM and Avira missed, at least makes me lean in the direction of trusting ESET for future supplementary AV scan purposes.

And, of course, I'll try the Kaspersky Virus Removal Tool again if necessary. (Since I ran it after the ESET scan, I have no idea if it would have found and removed the 4 trojans as well. And I hope I never have cause to find out in the future !!)

    Bookmark   June 17, 2013 at 5:52PM
Thank you for reporting this comment. Undo
SnidelyWhiplash

You can put all your eggs in one basket, I do. Your issue is that you've chosen the wrong basket,

You're using the wrong protection. Fix that and you'll likely have no further need for cleaning. And no need for anything more than that one product.

    Bookmark   June 18, 2013 at 1:33AM
Thank you for reporting this comment. Undo
Roscoe21

You should get Bitdefender. We use that at my work and I've never had problems. It's rated number one by top ten reviews also

Here is a link that might be useful: TopTenReviews

    Bookmark   September 27, 2013 at 5:28PM
Thank you for reporting this comment. Undo
shaxhome

According to WOT, our new friend Roscoe's linked site above is dangerous...

    Bookmark   September 28, 2013 at 12:57AM
Sign Up to comment
More Discussions
Chrome browser crashes
Every time I click a link to open with Chrome browser,...
grandms
Safe email emoticon download for FF or Chrome?
I don't find a "search" option in the new...
Evenshade 8a
I-Pad Backup Help or Need?
I need advise on or need for backing up my wife's I-pad. Wife...
chas045
How do I choose a power supply
I have a 300 watt power supply. I want to upgrade...
Pooh Bear
A free pdf to jpg program that works well?
I want to tear some pdf's apart, and wondering if someone...
shaddy101
© 2015 Houzz Inc. Houzz® The new way to design your home™