Return to the Computer Help Forum | Post a Follow-Up

 o
Malicious Software Not Removed (Zbot.gen)

Posted by not2bright (My Page) on
Wed, Jun 12, 13 at 7:26

Hi,

Today's Windows Updates included the June Malicious Software Removal Tool from MS. After its scan it said there was one item it detected but could not remove. The entry read thus:

PWS:Win32/Zbot.gen!AL

The only advice it gave was to run scans with my own software and have that remove it. But I just ran my Avira AV yesterday and it wasn't detected. And I just now finished MBAM which detected nothing either.

Should I just find my way to the file location in question (assuming I can find it) and remove the item manually ? Or is there another software which is sure to detect this and remove it automatically ?

(Oddly, the last two days my Avira has successfully blocked two other items trying to gain access to something in the AppData folder. I don't know if these things could be related.)

Any suggestions welcome !

Thanks !

Here is a link that might be useful: MS on Zbot.gen!AL


Follow-Up Postings:

 o
RE: Malicious Software Not Removed (Zbot.gen)

Update: I did the ESET online scan and it found 4 infections. Two infections were variants of "Win32/Medfos.QK trojan" and two were variants of "Win32/Kryptik.BDII trojan." Three were removed immediately and one of them (I forget which) on restart. But at boot-up I got a message that Windows (7 Pro) could not find: "C\User\[My Name]\AppData\Roaming\uinco.dll" I clicked "OK" and Windows resumed normally.

So, I guess I still have no idea if the intial malware (Zbot.gen!AL), which was NOT detected by Avira or MBAM, in fact WAS removed by ESET, since I don't know if it was a variant of the ones mentioned above.

???


 o
RE: Malicious Software Not Removed (Zbot.gen)

  • Posted by owbist 6A-Niagara, Ont (My Page) on
    Wed, Jun 12, 13 at 9:09

"uinco.dll" seems to be linked with genealogy so if you have any ancestry type program installed you may want to check it will work now. If not simply re-install the program I would suggest.

Edit. Sorry paid more attention to the second post but on reading again I see the issue with the trojan not removed. Try another scan with Kaspersky or any other online free scan to see if they qwill find it for you.

This post was edited by owbist on Wed, Jun 12, 13 at 9:17


 o
RE: Malicious Software Not Removed (Zbot.gen)

Thanks, owbist.

I was much too busy today to get to the Kaspersky scan, but I may get to it tomorrow (when I have time for the 165mb download !). Thanks for that suggestion, btw.

However, I did do the following: I manually downloaded the MSRT and ran the quick scan, since it was that scan that apparently detected the trojan intially. It came up with no results. I'm just finishing the FULL scan of it as well (just to be sure) and so far it has found nothing.

Would I be safe in assuming that one of the trojans that were removed by the ESET scan was the one detected by the MSRT, even though their names were not identical (perhaps the 'variant of..." mentioned by the ESET scan explains this) ?

Btw, I would have run SAS, but when I opened it, it said that the definitions (of 4/11/12) were up to date !!! :-O I would rather say out of date.


 o
RE: Malicious Software Not Removed (Zbot.gen)

Update: at start-up I'm still getting the error pop-up regarding the missing .dll file. I don't have any ancestry downloads that I know of (as mentioned by owbist), and I haven't found anything out in any searches. I did go to several 'find .dll files' sites (like http://www.dll-files.com/) to see what they say, but they don't even recognize the file name !

What to do ?? :-)


 o
RE: Malicious Software Not Removed (Zbot.gen)

After reading the attached link from Microsoft Security Centre, this sounds like a particularly nasty one that is difficult to remove, and can cause a mess of your computer...

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS:Win32/Zbot.gen!AL

Have you ever visited the LandzDown forum?

I think you should go there and get their free, expert help.

Here is a link that might be useful: LandzDown Forum

This post was edited by shaxhome on Thu, Jun 13, 13 at 8:12


 o
RE: Malicious Software Not Removed (Zbot.gen)

I assume with the large download you are in fact getting the Kaspersky Rescue Disk 10. If so burn it to a CD, set your computer BIOS to look for the CD/DVD drive first. Insert CD and reboot. As you follow along it seems a little confusing in 2 spots. It will ask permission to go online to get the latest definitions before doing the scan.


 o
RE: Malicious Software Not Removed (Zbot.gen)

shaxhome: Thanks for the input. I just may do that after trying Kaspersky.

owbist: I don't believe it's the Rescue Disk. It's the link on the left of their free virus scan page: Kaspersky Virus Removal Tool. If the latter finds nothing I may try the former (even though I don't have any boot problems at the moment).

Update: Wow ! After such a large download I thought the scan would take longer. It only took 5 minutes or so. No threats detected.

This post was edited by not2bright on Thu, Jun 13, 13 at 10:57


 o
RE: Malicious Software Not Removed (Zbot.gen)

Wow ! After such a large download I thought the scan would take longer. It only took 5 minutes or so. No threats detected.

Good news then ;~)


 o
RE: Malicious Software Not Removed (Zbot.gen)

Yes. :-)

And I did open a thread at Landzdown as you suggested, just to see what guidance I get.


 o
RE: Malicious Software Not Removed (Zbot.gen)

I would download hitman pro and combofix, and scan your PC one more time. These two scanners pick up bugs other scanners can't detect. Both are free.


 o
RE: Malicious Software Not Removed (Zbot.gen)

I don't know anything about this site, but you might want to read it. You may have already tried it.

Here is a link that might be useful: info


 o
RE: Malicious Software Not Removed (Zbot.gen)

Blazito: Well, Corrine did have me use Combofix (though not Hitman Pro) as part of the clean-up. And no subsequent scan that I did registered any more trojans, so I'm hoping that the infection is truly gone. As I noted above, the program (MSRT) that initially found the trojan didn't find it after the ESET scan removed found trojans. (fingers crossed) :-)

Emma: thanks for the link. Just to be safe, I asked in my thread at Landzdown what others (esp. Corrine) think of the removal tool you found. It would be nice if it did, in fact, do what it claims !


 o
RE: Malicious Software Not Removed (Zbot.gen)

EmmaR, I realize you said you don't know anything about the site, but please don't ever use the tools at a site like the one you linked to above. There is no way of knowing what that tool is or does and is most likely a scam site. Download this magic tool which finds all kinds of (fake) errors and then it will cost an arm and a leg to remove what wasn't a problem in the first place. It is like the TV advertisements that make me cringe every time I see them.


 o
RE: Malicious Software Not Removed (Zbot.gen)

not2bright -

I know that product ratings/rankings/testing have been discussed ad nauseum, so that's not the point of this comment. Also previously discussed ad nauseum is why some people have continuing problems and others have none.

Two step program:

1) Use a highly regarded (I didn't say rated) antivirus/intrusion protecting program. Consider several legit sources for your assessment. You'll find ESET isn't that well thought of.

2) Never click on unknown links and stick with websites of known sponsors.

You should never have to have to have your machine reset or "cleaned" if your practices are prudent.

PS, you can trust the link below.

Here is a link that might be useful: PC Mag evals of antivirus products


 o
RE: Malicious Software Not Removed (Zbot.gen)

Corrine, I would only use it as a last resort before reformatting my PC and would never buy a fix. The last warning I had for a trojan I was using avast and it was only a false positive. Haven't had a real virus or trojan in many years.


 o
RE: Malicious Software Not Removed (Zbot.gen)

Snidely, although I would consider the reviews at PC Mag, I wouldn't take them as the highest authority since those types of reviews are most frequently sponsored and PC Mag is no exception.

ESET is also my favorite licensed A/V product.


 o
RE: Malicious Software Not Removed (Zbot.gen)

Especially with PC related topics, the internet overflows with sites run by self-appointed "experts". That can color one's reaction to an article like this, because there are 100 phony-baloney sites for every good one. Most legit sites don't allow $$ to influence editorial decisions, and the few times that has come up (thinking of the CNET debacle) it becomes public knowledge.

The article I cited was written by Neil Rubenking, who is probably without peer after >25 years of work providing technical journalism on PC topics. His methodology is well described in the article, his findings were based on his own work and an assessment of studies done by 5 independent labs.

There are no agreed standards of performance or testing for that matter. A program can do relatively better with some hurdles and then falter (compared to competitors) on others. Or can perform well on one tester's assessment and poorly on another.

That's why Rubenking bases his findings on an agglomeration of many independent tests. Trends emerge and that's what his article is about. While any "findings" are always subjective, to me he's an expert's expert.


 o
RE: Malicious Software Not Removed (Zbot.gen)

I guess this is why it's good not to put all one's eggs in one basket, but use different scans of each type when reasonable (i.e. using online AV scans in addition to using one's preferred full-time AV program).

Re: the PC Mag article(s): FWIW, Rubenking praised MBAM -- and I use it myself ! -- but it didn't find the four trojans that the ESET scan did. And my own free Avira AV scan didn't find them either. I'm not sure where trojans fall category-wise: malware or viruses. Or something else. But whatever programs should find them (av or anti-malware), mine didn't. :-(

Perhaps I should have also tried AVG just to see if its results would have been better, but I was naturally more concerned with getting rid of whatever was in my computer than with doing AV, anti-malware tests. ;-)

So my (albeit limited) experience of having ESET find and remove 4 trojans that MBAM and Avira missed, at least makes me lean in the direction of trusting ESET for future supplementary AV scan purposes.

And, of course, I'll try the Kaspersky Virus Removal Tool again if necessary. (Since I ran it after the ESET scan, I have no idea if it would have found and removed the 4 trojans as well. And I hope I never have cause to find out in the future !!)


 o
RE: Malicious Software Not Removed (Zbot.gen)

You can put all your eggs in one basket, I do. Your issue is that you've chosen the wrong basket,

You're using the wrong protection. Fix that and you'll likely have no further need for cleaning. And no need for anything more than that one product.


 o
RE: Malicious Software Not Removed (Zbot.gen)

You should get Bitdefender. We use that at my work and I've never had problems. It's rated number one by top ten reviews also

Here is a link that might be useful: TopTenReviews


 o
RE: Malicious Software Not Removed (Zbot.gen)

According to WOT, our new friend Roscoe's linked site above is dangerous...


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here